Just proves everything runs linux pretty much. Such a cool thing. I love it when i get to see the boot process of a device for myself instead of waiting silently for the device to come online. Also uboot has some great tools and you can even set env variables so it will boot into the shell by setting init=/bin/sh or init=/bin/bash
I would try all the common passwords and even no password at all. If that doesn't work then you can try extracting the shadow file from the firmware and brute-forcing it with hashcat or using an online password cracker like crackstation.net. You might be able to grab a copy of the firmware from the device's support page. Then try extracting with binwalk. I hope that helps and best of luck!
Love the reference! LOL. Here's a clip of what I consider to be Arnie's best work. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-MpQN3HLHrJA.html Enjoy and thanks for commenting 😁
@@PhilieBlunt666 thanks, and I'm glad to hear it. There is something very satisfying about hardware and firmware hacking to me, so I for one really enjoyed the rabiit hole 😁👍
I do have a tendency to be loquacious, for sure! But hey, that's who God made me and I totally understand if my content isn't your "cup of tea". If you're looking for cyber security channels that focus on hardware, might I suggest... Joe Grand - www.youtube.com/@JoeGrand Make Me Hack - www.youtube.com/@MakeMeHack Flashback Team - www.youtube.com/@FlashbackTeam They all have great content and you won't have to listen to me drone on and on. 😅 Cheers!
Oh man, I can be a bit verbose for sure 😅 I'm sorry to hear that it bothered you so much. I totally get that my content isn't for everyone, but maybe you'd enjoy Matt Brown or Joe Grand. They are both very skilled at hardware and great presenters too. Cheers 😀👍
Great question! If you don't get a root shell, then I would suggest dumping the firmware and then looking for useful secrets, or you could modify the firmware in a way that would allow remote access and then upload that modified firmware to the device. Just a few suggestions off the top of my head and I hope they help 👍 Cheers!
Great video. You need an oscilloscope so you can have a visual representation of the voltage variations. They will be highs and lows; 1’s and 0’s. Have fun
Funny you say that! I was just looking at oscilloscopes the other day because I want to do more with hardware and it seemed like a good tool to have in the kit. Thanks for the suggestion!
10:47 I've done this. Connected VCC to 5V on my adapter and heard a literally frying sound. Fortunately my brand new Waveshare USB to TTL had some kind of protection and both my board and adapter still works lol.
Hey Mauricio, Great question! 🤔 I don't know that "copy" would best describe the situation as it may lead someone to think that something negative or nefarious is happening. I think "similar" would be a better descriptor. We are exploring the same topic, so you've got to expect that we're going to cover some, if not all of the same materials (concepts, tools, techniques, procedures). I would say that this video is only a "copy" of Matt's video insofar as Matt's video is a "copy" of... Tony Gambacorta's video ( ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ZmZuKA-Rst0.htmlsi=JBBk2jAO9b78CnFW ) Valerio Di Giampietro's video ( ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-6_Q663YkyXE.htmlsi=CxMHJV1OnCWmpXdu ) The Flashback Team's video ( ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-01mw0oTHwxg.htmlsi=fL0fHQqyKQPu4qJ8 ) ...all of which helped me greatly when learning about this topic. So, like I said, not a copy but definitely similar. That said, I'd not seen Matt's channel before, so a big thanks to you for bringing his content to my attention as it's a really great channel with content! Everyone that watches this video should absolutely jump over to Matt's channel ( www.youtube.com/@mattbrwn ) and subscribe. 👍 I would also recommend Joe Grand's channel ( www.youtube.com/@JoeGrand ) if you're looking for some amazing hardware hacking content. 😃
Hallo, can you pleas make video about how to scan another network that security cameras connected to and how to break them or hack them for learning purpose 🙏thank you
Good news. It is possible. You should check out Joe Grand's RU-vid channel and watch him crack into smartphones and other hardware. He has excellent content! ru-vid.com
Hey KingErasmos, I'm so sorry to hear that you didn't enjoy my content. The intended audience I was aiming for was for those new to concepts and practices such as connecting to UARTs on devices that, as you say, "stupidly drops to the root shell without any authentication", looking for sensitive information, and possibly discovering weaknesses that could allow for exploitation. I was under the impression that this was something that falls under the rubric of "hardware hacking" as I learned how to do it from books and sites that described this process as an essential "hardware hacking" skill to master. If I'm mistaken in that understanding, then many thanks for the correction. When I made this video, I was new to this type of cybersecurity and was just excited to share what I'd learned with others new to it as well. I'm sure you're already aware of great hardware hacking channels like Joe Grand, The Flashback Team, and Matt Brown, but just in case you haven't here are the links to their channels. I hope they are more aligned with the type of content you're looking for. - Joe Grand ru-vid.com - The Flashback Team www.youtube.com/@FlashbackTeam - Matt Brown www.youtube.com/@mattbrwn All the best, Daniel
I assume you're using Windows as your OS, but if you're not getting assigned a COM port then there might be a driver issue. Verify that your device is being recognized by your system by checking under "Universal Serial Bus controllers" > "USB Serial Converter". You may just need to reinstall the driver for it. You might even try plugging into a different USB port. If none of that works then it may just be a bad device that you're plugging in and you'll need to exchange it for another. I hope that helps 👍
I have iot hacking in my course curriculum and I'm really - really excited to deep dive into some hardware hacking and do something different from traditional web/api hacking 🎉❤
You made this look so d@mn easy. This was some information I have been looking for. I'm glad I stumbled across this video and look forward to learning more.
Thanks for this video, helped a lot. I have to stay at home for some time, so I grabed an old modem from the early 2010 and found out, that there is a password for UART. Is there a good forum you can recommend for questions about this topic?
Glad to hear you enjoyed the video, Karl! I don't know of any forums off the top of my head, but you may be able to grab the password hash from the firmware using binwalk or firmware modkit and see if you can crack it with something like hashcat.
Sorry about that, Jim. I've been working on getting the sound to sync up better, but it's been an odd issue. I'll keep at it though and thanks for watc...listening 😁👍
Hey friend great videos. I'm trying something similar at home. I've identified the Ground port, and Im pretty sure VCC (it's steady 3.30, 3.29) but the other two ports are both reading 0 volts throughout the whole boot process. Any idea what is happening? I know you mentioned one could possibly read 0.00V being the Rx port, but im confused why both :(
This is such a great question, and honestly I'm surprised at myself for not addressing it in the video! My guess would be that the UART RX and/or TX ports are not connected. I've seen manufacturers do that before and when that happens you have to expose the lead wire and jump the pin to the wire. I hope that helps. Cheers!
@Daniel Lowrie Heya thanks for the reply yep that's exactly right. I put it under a scope and I can see the traces have been disconnected. I'm trying to bridge them (theres two pins that can reconnect the traces) with solder but boy is it ever small.. the thinnest solder I have is still too big for it! It's like doing a surgery.
@@lukeschmidt7872 Oh yeah, those traces are soooo stinkin' small! At least you know what the issue is and can attempt to work around it. Even if you're unsuccessful, at least you've gained so much useful experience.
I'm not sure, but my guess would be "Yes" especially since they used to make this docs.arduino.cc/retired/boards/arduino-usb-2-serial-micro/. Edit: I just read through the info for the retired arduino usb-2-serial micro and it says that it has the same chip as the Arduino Uno. "It features an Atmega16U2 programmed as a USB-to-serial converter, the same chip found on the Arduino Uno." This makes me more confident that you could use an Arduino Uno as a usb to serial converter.
@@daniellowriebe warned, some arduinos use 5volt and can absolutely break your target if its 3.3volt. some serial ports cant tolerate 5volt for long. I learned it the hard way and lost my test router
Thank you for this.,, I'm super new to the whole electronics thing. In fact the Flipper Zero GPIO pins got me interested & then I came upon Arduino & GPIO & now I'm seeing hacking on this level. I'll bet you could sell this type of thing to people. Like ship them that hardware & have different things to try to accomplish. Things like: - don't tell them what to try to find & see what all they can find on their own. -then after they've tried to totally crack this thing, list the things & see if they've found everything & if not, go do those things -then whatever they couldn't do have a walkthrough video & explanation of the why & how to handle these things I think people would pay for this type of thing & as long as it's legit it'll be such a powerful tool.
@@daniellowrie Yes. That's it. I've seen some RU-vid crime channels have started selling these "See if you can solve the crime" kits. I could see this being a thing like that. I don't know a lot about this (yet) but it seems like finding hardware is cheap & the kits could be either left as is or tinkered with to add to the lesson.
