I closed the case of a vulnerability in the Corinex CXWC-HD200-WNeH
with a confirmation from the vendor that this is a device completely out of
support. Which confirms the public information I found
when I started looking into this device.
This was all related to the course in hardware hacking I took and applying
the new knowledge.
So now I can look back on this experience and think about my future here.
Hardware hacking has serious links to my current job as technical security
specialist. In my work I regularly have to look at vulnerabilities and assess
the chance and impact of misuse of the vulnerability. With hardware hacking
I find vulnerabilities by researching hardware. This helps me understand the
chance and impact factor of other vulnerabilities.
There is also a link to my education: part of that was MTS electronics. I
learned how to solder, before SMD components were a thing and I think I got
some explanation about switching mode power supplies at the end. As I got into
computers I didn't do much with this education but the last years in amateur
radio have made me get out the soldering iron again.
There is a clear link to my hobby of amateur radio. My interest in amateur
radio is linked to wanting to know how things actually work. Hardware hacking
is also done with RF signals so I may get into more RF related hardware
hacking.
My current thought is that I want to continue in this subject. It's given me
joy: getting into a device in new and unexpected ways gives joy! I have learned
new things. I noticed I need to feed the brain regularly with new information
and actually learning something new is much better brainfood than browsing
social media. At the same time social media is the way to learn
more about this subject and interact with other people interested in this
subject. I ended up on /r/hardwarehacking on reddit
and already learned from others and shared some of my own insights!
There is the thing about RFID/NFC security. I have looked into this in the
past, mostly by getting the tools to peek into the MiFare classic cards. I am
considering going further with this area of hardware hacking. Prices of hacking
tools for this area like the proxmark3 or the flipper zero are above the 'nice
to try a few things' level. On the other hand I think I could have loads of fun
there, and the overlap with amateur radio is very clear.
At the end of this bit of writing: thanks to people who share their hardware
hacking experiences on-line! Thanks to Jilles
Groenendijk, Router Archeology: Sitecom WL-330 - Habbie's journal,
@Flashback Team on youtube,
Make Me Hack on youtube,
and Boschko Security for sharing
their stories and knowledge.
Since last Thursday the aprs server at aprs.pa4tw.nl is down. I
used that aprs server for the weather station and for the igate.
The change for the weather station was one word in a script, for the igate I
had to remember how to change this with the Arduino development environment set
up to support the esp32 board. The easiest way seemed to be from the computer,
but every time after the igate started the running process after the setup it
crashed and rebooted itself. I spent a lot of time looking for the answers,
added debug statements all over the code and ended up in the WiFi
initialization code as the place of crashing. And that was the hint, according
to
Crash when trying to connect to wifi - Issue #3935 - espressif/arduino-esp32
this is a sign of a power shortage.
This is purely my fault: the pi4raz igate design calls for an external power
supply feeding it.
The solution was to go back to the separate USB power supply and not use a
USB hub connected to the computer. Now the igate is started again and visible
on the APRS network: track PE4KH-10 on aprs.fi.
The logic analyzer circuit I ordered
came in today with the test leads. Both the circuit and the test leads have
pins so I need something to connect those two. So the crate with PC cables was
ransacked and a floppy drive cable is now connecting the logic analyzer and the
test leads.
The logic analyzer shows up in linux as usb device:
Bus 002 Device 008: ID 1d50:608c OpenMoko, Inc. Fx2lafw
Finding software was quite easy: pulseview indeed works out of the box,
complete with support for this logic analyzer.
I had a look around for something to analyze and finally settled on the
ESP32 based NTP clock
because that's still on a breadboard and signals are available. I can see
the bits flowing between the ESP32 microcontroller and the display module.
I'm still seeing some bits come in on unconnected testleads so I'm not sure
I am doing everything right. But it's a start!
One of the subject areas I'm interested in at work is hardware security and
hardware hacking. After doing things with rfid earlier I'm now looking at
low-level electric interfaces. With the earlier hardware challenges in
CTF contests in HackTheBox Cyber Apocalypse CTF 2022 - Intergalactic Chase
and The HackTheBox & CryptoHack Cyber Apocalypse 2021
I got interested in logic analyzers. Those sounded expensive (but I never
actually checked).
And then I read this bit: I recently got this 8ch cheap USB-C logic analyzer from AliExpress
and the price shown is 5.42 US dollar. That's really cheap!
For that price I can buy one and not be too dissapointed when it blows up or
fails to give me the joy I hope. So, ordered: one 8 channel logic analyzer and
a set of test leads so I can actually clip this to a circuit. The price for
me for the logic analyzer circuit is EUR 6.78 including delivery and taxes.
For software I learned about PulseView.
This hardware has limitations, but for simple decoding of hardware protocols
this is a nice start.
De enige gateway die dapper stand houdt is
PE4KH-10: nota bene een iGate naar ontwerp van onze club: een RAZ
iGate...
or translated: the only gateway still standing strong is PE4KH-10: notably an
igate made to the design from our club: a RAZ igate.
It's nice to get this mention! The hardware is in the corner of the shack
just doing its job and nothing else.
With lots of devices running on rechargeable batteries including toys with
motors and lights we have accumulated quite a number of rechargeable batteries
in our house. Some of them have been around for ages and others are more
recent.
With the amount of batteries varying per device (we have seen 1,2,3,4 and 6
batteries per device) it's good to charge each battery individually as they may
have different residual charges and always charging them in pairs when one is
not as good will only make the difference worse.
But the charger for individual AA/AAA cells we have also wants to charge the
batteries quite fast and will abort as soon as one cell doesn't accept the
charge. More and more batteries got rejected this way, even relatively new
ones.
The solution: a smart charger that has adjustable load current, can refresh a
battery that has problems accepting charge and measures the charge in the
battery. And does this for 4 batteries at the same time. I gathered batteries
from all kinds of places (quite a collection) and started charging and
measuring all of them. A number of batteries got rejected because even a
"refresh charge" ended at less than 50% of the original capacity. Those
batteries will be handled as chemical waste. The others with enough capacity
left are now all in the big box of charged batteries. Most of them will not
keep their charge until the moment we actually need them, but it's good to know
they are usable.
I bought the https://www.conrad.nl/p/voltcraft-ipc-3-batterijlader-li-ion-nicd-nimh-10440-14500-16340-16650-17355-17500-17670-18490-18500-18650-1403321 from Conrad
which has only one downside: the fan is somewhat noisy.
Recently the parts for the NTP ham clock I saw in the Electron magazine
arrived: an ESP32 module and a TFT display. It took a bit before I had time to
actually do something with them but recently I put the modules on breadboard
and started making the needed connections. There are not a lot of those, only
8 wires need to be connected between the ESP32 microcontroller and the TFT
display.
After some fiddling it worked and I managed to program it all with the settings
I like, such as the right timezone rules for the Netherlands, 24 hour display
on both clocks and it fetches the NTP time from the
NTP server in the shed
so it doesn't rely on outside connectivity.
Now to find a case for it and wire it neatly.
Today the Electron magazine of the Veron amateur radio club came in,
the March 2021 Veron Electron (Dutch).
As I was browsing the magazine and reading articles I came across an article
about building an NTP ham clock, consisting of an ESP32 module and a TFT LCD
display, and the rest is all in software.
I directly wanted to build this, as this combines two of my interests:
amateur radio and NTP time synchronization. It displays both the local time
and the UTC time on the TFT display, just like PyHamClock does on my screen.
The article is based on the same project at W8BH projects
which gives me a good descriptive pdf.
So I ordered an ESP32 module and ILI9341 TFT LCD display from an aliexpress
seller and now I wait, because this will take about a month.
Since the igate build was finished and the first packets were received
I left it running. I did switch to a 5 volt power supply: it works fine on
a USB charger powering the whole circuit board via the USB connector for the
ESP32.
Packets are received from a large area around the city as shown. I'm glad it
is all working and I hope to improve the APRS network coverage here locally a
bit.
Recently the parts for the NTP ham clock I saw in the Electron magazine arrived: an ESP32 module and a TFT display. It took a bit before I had time to actually do something with them but recently I put the modules on breadboard and started making the needed connections. There are not a lot of those, only 8 wires need to be connected between the ESP32 microcontroller and the TFT display. After some fiddling it worked and I managed to program it all with the settings I like, such as the right timezone rules for the Netherlands, 24 hour display on both clocks and it fetches the NTP time from the NTP server in the shed so it doesn't rely on outside connectivity. Now to find a case for it and wire it neatly.
Recently the parts for the Since the igate build was finished and the first packets were received I left it running. I did switch to a 5 volt power supply: it works fine on a USB charger powering the whole circuit board via the USB connector for the ESP32. Packets are received from a large area around the city as shown. I'm glad it is all working and I hope to improve the APRS network coverage here locally a bit.
