UART at TTL levels, it's dead-simple and ubiquitous. Everybody should own a USB-to-UART dongle, as it'll be useful more often than not.<p>I recommend the ones based cp2104 chip. They are cheap ($2 in ebay or aliexpress), reliable and have good support across OSs.<p>I suggest to avoid ch340. They have low clock accuracy (likely to do with using internal RC osc instead of an external XTAL), which causes corruption and/or dropped character issues both sending and receiving.
Kinda weird article, the firmware mod and serial console are essentially completely unrelated. And in this case having console access did not really gain anything, he probably could gave grabbed the passwd from the firmware image much easier.
Good 'ol UART.<p>I was thinking of maybe doing a write-up of how I reverse engineered my Fireplace controller's UART using a sniffer cable and two USB-to-UART dongles.<p>I've documented my findings here: <a href="https://bonaparte.readthedocs.io/en/latest/system_information.html" rel="nofollow">https://bonaparte.readthedocs.io/en/latest/system_informatio...</a>
But I thought maybe a write-up of how to approach a project like this would be beneficial for beginners, like I was when I started this project a few months ago.<p>I'd love to hear feedback from people more knowledgeable than me on this. I was struggling especially with finding and using the accurate terminology to describe things like packet (or is it message?) formats and such.
Haha no way I did exactly the same thing on a TP-Link router <a href="https://blog.mclemon.org/debugging-a-tp-link-wr741nd-using-serial" rel="nofollow">https://blog.mclemon.org/debugging-a-tp-link-wr741nd-using-s...</a><p>Except I didn’t know the password and got distracted by something else before I got round to fiddling with it.
Interesting. My house came with one of those awful GE fridges that uses RFID tags to make you change your filter, or it will stop making ice and dispensing water. It also makes you buy "genuine" $60 filters rather than generic $15 filters.<p>I pulled the board, hoping to be able to hack into it, and it has what looks like a USB TTL header on the left side of this image:
<a href="https://postimg.cc/Yvv5XMS9/9837bd66" rel="nofollow">https://postimg.cc/Yvv5XMS9/9837bd66</a><p>However, the pins are labeled GND, RST, TOOL, (blank) (blank) 5VDC. I haven't tried anything yet, since the prospect of my food spoiling while I fool around is not attractive to me..<p>Anybody gotten into one of these?
Wow, reading that I've checked a new IoT device I'm working on and turns out it had dropbear running as root by default. Couple this with our policy of not discouraging tinkering and hackers (it served us well with different devices) and it was passwordless account (simple rs232ttl dongle connected to exposed header gives you root, pretty useful for anyone with access to hardware) so anyone with a port scanner could go in. Dropbear also by default advertises on mDNS. One IoT device now fixed, thanks to this article.
Obligatory link to the OpenWRT Wiki about this device: <a href="https://openwrt.org/toh/tp-link/tl-wr841nd" rel="nofollow">https://openwrt.org/toh/tp-link/tl-wr841nd</a><p>Note: That there are many better devices available for hacking with more Flash and RAM f.e. something like this: <a href="https://openwrt.org/toh/gl.inet/gl-mt300n_v2" rel="nofollow">https://openwrt.org/toh/gl.inet/gl-mt300n_v2</a>