Added a Serial Console Port to the Netgear DG834GTIn the lower left corner of the router with it facing you is the pads for the serial port, named J503 next to it are also the JTAG header named J201 (I have not tested if it actually works.)The serial port is a RS422 port so it requires a Maxim MAX232 to get the 3,3v levels of the RS422 port to the 12v levels a PC's RS232 port uses. I wont bother you with the details on this since this is the same type of IC you need for interfacing with for example a Linksys WRT54G(S) and ZyXEL Prestige 645 so enough info about this is already posted on the web;-)Here is the Netgear booting, with 115200, No Parity, 1 Stopbit 8 Paritybits and Software flow control. Just FYI I tried the thing on a friends Win2K machine and it also showed garbaged output.Finally compiled udhcp v0.9.8, unfortuantley it did not fix the problem. I should have understood that since the DG834G also uses udhcp v0.9.7 but that one does work with ericsson dslam's.But I did get some interesting output from the console, I did a search on google for 'info, unrelated/bogus packet' and found this:I tried that patch but it did not help either.Lastly I tried to compile tcpdump for the big-endian mips CPU in the DG834GT but this far I have been unable to get it working. It would be interesting to run tcpdump on both the DG834G and GT models on the same DSL line and see what the differences are (if any) in the first few packets relating to the DHCP request packets.
![]()
There are two easily accessible spare gpios. Gpio13 is the RX pin on the serial header (so you can't use it at the same time as the serial port obviously), and gpio0 is at the bottom left of the board, where there are pads for a fourth LED which has not been soldered in.
The TP-Link TL-WR841N isn’t a particularly impressive piece of hardware, but since it works decently well and sells for under $20 USD, it’s one of the most popular consumer routers on Amazon. Now, thanks to TrendyTofu of the Zero Day Initiative, we now have and take full control over this bargain WiFi device.
![]()
This work was initially done to help test out reported vulnerabilities in the router’s firmware, but we’re sure the readers of Hackaday can come up with all sorts of potential uses for this information. TP-Link helpfully labeled the UART pinsThe story starts, as so many before it have, with a serial port. Finding the UART pads on the PCB and wiring up a level shifter was no problem, but TrendyTofu found it was only working one-way. Some troubleshooting and an oscilloscope later, the culprit was found to be a 1kΩ pull down resistor connected to the RX line that was keeping the voltage from peaking high enough to be recognized.Once two-way communication was established, proper poking around inside the router’s Linux operating system could begin. It wasn’t a huge surprise to find the kernel was ancient (version 2.6.36, from 2010) and that the system utilities had been stripped to the absolute bare minimum to save space.
Replacing the firmware entirely would of course be ideal, but unfortunately OpenWRT has dropped support for the newer hardware revisions of the TL-WR841N.To teach this barebones build of Linux some new tricks, TrendyTofu used the mount command to find a partition on the system that actually had write-access, and used that to stash a pre-compiled build of BusyBox for MIPS. With a more complete set of tools, the real fun could begin: using GDB to debug TP-Link’s binaries and look for chinks in the armor. But feel free to insert your own brand of mayhem here.You might think that in the era of the Raspberry Pi, abusing cheap routers to turn them into general purpose Linux boxes would be somewhat out of style. Frankly, you’d be right. But while might be long be gone, there are still some routers out there interesting enough to. Posted in, Tagged,. In an era where everything seems to be getting “smarter” every year, it will probably come as no surprise to find that even relatively middling networking hardware is now packing advanced features and considerable computational power.
A case in point is the Dell N1108T-ON Ethernet switch. Despite only costing around $100 USD on the second hand market, by poking around its onboard operating system.It all started by plugging into the serial port on the front of the switch, which Ben happily notes is an integrated FTDI USB serial adapter to make life easy. Booting into recovery mode gave him local shell access, and some poking around determines it’s the sort of BusyBox-powered Linux system that you’d expect on an embedded device. The biggest discoveries were that it was running a relatively recent kernel (3.8.1), and that it apparently had Python installed.
The reverse shell Python scriptFrom there, Ben found out that these switches have a feature where the administrator can install and run Python “applications” by packaging them up as tarballs and copying them from a USB flash drive. So he wrote up a simple Python program that used the socket library to open up a reverse shell to his desktop computer, and to his surprise, it worked perfectly on the first try. Now with root access, the fun really started.The next step was getting an SSH installed and running on the switch, so that he didn’t have to do the reverse shell trick every time.
He then started installing the packages necessary to turn the switch into a secure VPN tunnel with Wireguard. This took a little fiddling as Ben didn’t have the option of installing the normal Wireguard kernel module, but he eventually got the necessary tools modified and cross-compiled to ARM. He believes this is just the start of what’s capable on devices like this, and we’re interested in seeing where the community goes from here.We’ve seen hackers in the past, but software modifications like this promise to make the creation of custom, secure, networks far easier even on a hacker’s budget.
A lot has certainly changed since the last time we saw somebody. Posted in, Tagged,. The serial port remains a hacker staple, being one of the easiest ways to move a little bit of data from one machine to another. All manner of projects use the interface, and often, sensors are connected and their data read over such connections. In these cases, it can be useful to plot said data,SerialPlot is capable of reading data over several serial ports at once, and plotting it for your viewing pleasure.
It’s capable of interpreting data in a variety of integer and float formats, and plotting multiple channels in a synchronised manner. It’s also capable of sending basic commands out over the serial port, which can be used to trigger or control attached equipment.Overall, it’s a useful utility for anyone with an array of sensor’s connected over the most classic of interfaces. Of course, if you’re having trouble keeping track of all your serial ports,. Posted in, Tagged.
The humble serial interface has been around for a very long time, and will stay with us in one form or other for the foreseeable future. It was easy enough to keep track of back in the days when a computer only had one, or perhaps two COM ports. However, in this day and age of USB-programmable microcontrollers, it’s likely you’ve got COMs coming out the wazoo. Thankfully,Amr’s utility is called Serial Port Monitor, and it does what it says on the tin.
When new serial ports are enumerated in Device Manager, a system tray notification pops up noting the number of the newly attached COM port. Additionally, it maintains a list of ports sorted in order of the newest first, and also features a right-click menu that allows the launching of various terminal programs.It’s a useful tool to keep in your back pocket that can prove particularly so when programming many devboards at once, or any other time when you find yourself dealing with a mess of serial devices.Incidentally, if you find yourself having continual headaches with USB-to-Serial adapters on Windows,. Happy hacking.Footnote: In light of this article, the author would like to formally apologise to Cosmos2000 for permanently disabling COM1 on his main programming rig. Sorry, friend. Posted in Tagged,.
Modern operating systems insulate us — as programmers, especially — from so much work. Depending on how far back you go, programmers had to manage their own fonts, their own allocation space on mass storage, or even their own memory allotments. Every year, though, it seems like things get easier and easier. So why is it so annoying to open a simple serial port?
It isn’t hard, of course, but on every operating system it seems to be painful — probably in an attempt to be flexible. And it is even worse if you want portability.
I needed to write some C code that read data from an FPGA’s embedded logic analyzer, and I was annoyed at having to write yet more serial port code. I have my own shim library, but it isn’t well tested and isn’t all that flexible — it does what I need, but I wanted something better. What I wound up with the. The logic analyzer software.You might counter that the serial port is old hat, so no one wants to support it with modern systems.
While the physical serial port might be on life support, there’s no shortage of equipment that connects via USB that appears to be a serial port. So while I was talking to an FTDI chip on an FPGA board, you could just as well be talking to an Arduino or a USB voltmeter or anything.I guess the Sigrok developers had the same problem I did and they took the time to write a nice API and port it to major platforms. Although Sigrok uses it, they maintain it as a separate project and it was just what I needed. I say sort of because the version installed with Ubuntu was old and I needed some features on the newest release, but — as usual — the Internet came to the rescue.
A quick Git command, and four lines of build instructions and we were ready to go.Posted in, Tagged,. If you use the Arduino IDE to program the ESP32, you might be interested in Andreas Spiess’ (see below). In it, he shows an example of using all three ESP32 UARTs from an Arduino program.
He calls the third port “secret” although that’s really a misnomer. However, it does require a quick patch to the Arduino library to make it work.Just gaining access to the additional UARTs isn’t hard. You simply use one of the additional serial port objects available. However, enabling UART 1 causes the ESP32 to crash!
The reason is that by default, UART 1 uses the same pins as the ESP32 flash memory.Luckily, the chip has a matrix switch that can put nearly any logical I/O pin on any physical I/O pin. Andreas shows how to modify the code, so that UART 1 maps to unused pins, which makes everything work. It is a simple change, replacing two parameters to a call that — among other things — maps the I/O pins. You could use the technique to relocate the UARTs to other places if you choose.If you want to learn more about the ESP32, we covered for you to check out. Or if you just want a quick overview, you can.Posted in, Tagged.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |