i hacked my son's baby monitor, for science. 

Leave a comment and let me know what you think is going on inside that baby monitor! 🧐

As a embed system student this looks a pretty cool content! Nice video, can't wait for the next one

I'd be careful connecting the 5V Arduino UNO TX pin to connect to a 3.3V serial interface. Some devices can tolerate 5V on their input (at least for a short while) but others may break. Use a level shifter if in doubt.

So at work we have an intercom system we never use, one day a few months ago it starts making noises suddenly and intermittently as if like possessed. We walk around the rooms but no one is using it, then one of my coworkers points out that it’s probably picking up interference from a baby monitor. That was kind of more freaky to me, i dont think people using baby monitors would like that people at the public library can hear through the other end. Now forever freaked out by baby monitors.

First off, congrats on the baby! I'm super excited to see the rest of this series. Low level stuff like this has always been fascinating to me, but I've never made the jump to learn it.

Safe to say if you're goong to these lengths, even without a monitor i think your baby will be safe

"...but sometimes they leave it open to give the user a root shell to the device." I don't think this is intended by the manufacturer:D

I wish I had seen this before having to guess how to do it myself using an Arduino to diagnose a lab scale. I was on windows using the Arduino software to view the serial communications, so I didn't wire the reset as you did. But this is a lot more elegant for troubleshooting serial data than all of that.

Love this, I remember the first time I found out about the UART solder trick with a old WiFi router I had. When I pulled it off with Raspberry PI, some jumpers, and a half decent solder job I felt so much like a hacker. Please keep up the great content.

i wonder what he would have done if he bought a Bluetooth controlled adult pleasure toy..

Crazy that you put out such videos with such high quality. I like a lot that you show the whole process of you looking at it for the first time. Keep it up. P.S. If you would start a patreon where you put out exclusive content or videos I would definetly like to support you and the channel.

I really appreciate that you go for accessibility and approachability with these videos. I’m going into computer engineering and hoping to focus on low-level stuff like this, so the fact that this content is so readily available makes that a lot easier. Thank you man

If you can’t get it to work: In the Arduino IDE, put Serial.begin( * baud rate * ) to get communication, and press the upload button. Most importantly, if the ATMega chip is stuck in reset mode you HAVE to put tx to tx and Rx to rx, because the serial converter switches it around for unknown reasons.

Great video ...DP and DM are probably USB data pins: data plus, data minus. I wonder what your PC sees on those pins?

You got me all excited now. Can't wait for the next video!

2:53 it's not 3.3v because it's outputting stuff, but because a "logic 0" on UART is "high level". The signal gets inverted (and amplified) with a RS232 transceiver.

I was a tad worried when I saw the video length.... then "to be continued" hit. ☺

Congrats man! You are on a wonder, life long journey!

UART TX being high doesn‘t mean it’s transmitting. The high voltage is the idle state for uart on the bus. But it is an indicator that it may not be disabled.

Lucky bastard. Arduino is 5V TTL and this device is 3.3V. You need a logic level converter otherwise you can break the chip in the device. Fortunately it looks like it worked (maybe because of breadboard cables resistance and chip not being susceptible) But one day you're not gonna be happy when the magic smoke comes out.

You put in more effort than most dads, good work! Much best wishes to you and your family!

Did you try typing "sh" in that shell? My router has a similar command prompt (telnet is open for some reason) and typing sh on there just gave me a root shell

Man every time you are blowing my mind, couple years ago I've seen two guys did the same trick using uart to root to a linux shell on TP-LINK router, and I've done it my self it's super exciting, but never seen RTOS kinda shell before, thanx man for the brilliant content you are making, cant wait for the next upload; Also Are you really married?? !!

I also recently found an old babycam which can't pair anymore, because there's no app for it. Maybe with this method, I can bring it to life again!

This is awesome. I'm very excited for the next in the series.

Seriously this is the kind of content I subscribe for! More of this please!!

Hands down the one video of yours that's been hardest for me to follow, I just suck at embedded too much. With software, typically I can at least understand the purpose of a complex operation even if not entirely its workflow, here I'm just lost from the get-go. As embarrassing as it sounds, truth of the matter is, I just never learned about electricity. And without that, it's naturally hard to get anywhere beyond.

3:56 there is a program in the Arduino forum to just set the uno to serial passthrough without the need for the reset line.

Asking the ultimate question: Can it run Doom though? 😊

I think SONIX is referring to the camera DSP manufacturer. My company also uses SONIX products for our camera. All I can legally say is. I hate their firmware. You probably can find UAF or data race bugs within a few hours.

Congrats on your baby!!!

Root Amazon's new flying surveillance drone too! Congrats on the inbound fatherhood. Having kids was the best thing I ever did for my life.

This was a lot of fun to watch m8! You did a lot of "basic" stuff lately, cool to see you dive deep into a much more advanced topic and share your more advanced knowledge with us, really appreciate it!

On one hand, I'm sure you are going to find something vulnerable; on the other hand, it would be nice to see if they managed to do mitigate the risk enough for their treat model

DP/DN looks like USB. Don't know about CE, but I would guess E for enable.

the enrichment center reminds that altough fun and learning are the main purpose of this video, serious crimes may occur during the enrichment activities. please for the fun and safety of others, refrain from commiting such things made in this video. -alternate universe in some place

I was planning to learn low level stuff for a very long time! This content is epic ❤️

I’d love to see it be secured to a reasonable degree but as with most tech security it will likely have some holes. Curiously I wonder if manufacturers like this patch bugs and holes in the 3rd party software & libraries they use.

Wow, that was very informative and interesting. Cant find the second part???? Congratulations on becoming a parent 😊

The most interesting video I have seen in a long time. It reminded me of the microcomputers and embedded systems courses I took in university. Please make more.

Not going to lie, on the video intro I was looking for the "skip ad" button for a bit before I realized what was going on.

Aren't UART pins usually high in idle state? In the first step when you measured the voltage on UART TX pin you said because it's 3v3 it's outputing data. I think the fact that it wasn't a stable 3v3 means there's some data on the line and if it was just 3v3 would mean there's no data on the line.

Oh the connector... DP an DM should be the 2 USB date + and - lines. A UART will normally be high so that might be why you saw 3.3V. Just high. If data was being transmitted, I might expect a voltage between 0 and 3.3V and moving around some in voltage if the data being sent isn't too repetitive and too fast

The other 4 pins seem like USB... DP/DM lines (a.k.a D+ and D-) strongly suggests it.

I'd be curious what kind of access you could get purely over a network connection (as malicious actors would likely not have physical access to the device).

@4:00 Always connect the ground first!

Much better video title. I'm glad you changed it

it's super boring to be married with an expert, right? Look babe, I just bought this [whatever thing] Oh let me break down it so I can see what's inside 🤣

Always good to check tbh

more of this please, this is so interesting

DUDE THAT SHIRT LOOKS SICK!!!!!

2:55, UART is active low, so 3.3V means it's not transmitting. *IrDA is active high

6:14 "pls check uasge!" hahaha

Part 2 pleaseeee

I learned more about UART in the last 7 minutes than I ever thought I'd know.

Wait, isn't the Arduino Tx/Rx on 5V? Wouldn't that be a risk to the device? Also, is it possible that tying RST to GND damage the arduino by constantly resetting it?

Good ol' baby stuff. I still have a Leapad from my childhood... now it's a PS1 emulator... I played FFIX for the first time on that thing, yes really!

Have you ever used a UART USB cable? I had someone show me how to use that on a PS4 and used the Arduino programmer to read output

i think sonix reffers to the main processor chip (big chip) on the board often baby monitors use sonix media chips and the chip has a sonix logo on it so its not only the board. Often the serial console mentions the processor and not the board manufacturer because you comminucate with the main processor and not the board

This is exactly the kind of thing that makes me want to get out of backend engineering and into systems and platforms shit

i think you could use ESP32/STM32 for this, Arduino UNO operates *5V* logic, which might damage the boards 3.3V logic. ESP32/STM32 have 3.3V logic and are much faster than UNO.

This is so awesome, thanks for sharing!!

I'd suggest DP and DM to be an USB port

Hardware hacking is something I find really interresting, I would love to see more of this type of content. Also what would you do in case the debug/serial port has been locked/closed? Also, have you heard about power analysis sidechannel attacks? suck as what the chipwhisperer tool can do?

The Arduino trick is awesome. I'm currently in need for a USB UART and I've been delaying my project, because I own a USB UART interface, but I have it at the bottom on some box :p But now I can use an Arduino which I have ready and just use it's builtin interface. Now it sounds obvious, but this idea didn't occur to me. Thanks for the tip!

excited for the next video!

Had the "next video" come out? I see several videos after this one, but none seem related.

Okay, I think you're taking this "Full-Stack" dev thing a bit to seriously. 😜 Really tho, cool video man!

Congratulations to your wife and you!

Criminal: “I’ve hacked your baby monitor and I’m watching your baby” Parent: “Cool, in that case imma get some sleep then. Lmk if the little shit wakes up.”

New video idea: I played doom on a baby monitor

Awesome video! One of my favourite RU-vidrs.

Bro can you still remember the analogue camera baby monitors, they where totally unsecured, everybody could watch it.

Bravo!!! Behind the iron sights doing the lords work you are inspirational Thanks to you I'm able to educate myself on things I desire to invent Your simple accessible approaches and absolutely crystal clear and eloquent communication skills Lastly the confidence to go on camera I applaud you keep up the good work if I can ever make you art or do anything for you let me know with peace and love God bless

There are loads of 920mhz ISM analogue FM baby monitors where I live and it's possible to listen to with a $40 SDR. it's pretty impressive that people don't know they are bugging their own homes.

I love this chanel and wish he could post more content. I dont know much about electronics but I still see this as interesting ❤ 👍😄

Congrats for the baby ✨

Those Infant Optics ones pretty simple. Point to point with manually paired cameras (which is a bit wazoo, but we get to that later) and no connectivity. The open UART (or JTAG, SWD less so) is super common in those devices because they either dont care to close em, want it for debug, or they use it for some EOL manufacturing process. There is only one risk from having a reversible monitor for the user that I can think of off the cuff, it's gotta pair. Depending on where you live that may be a concern and it may not -- apartments/condos, maybe yeah, single family home - range isnt that great. That said, there's some hoops they'd need to jump through and that's where you should be looking. Is the pairing seed material when you push the button from the camera fairly unique? Does it broadcast its ID in some way that you could identify a camera you want to link a monitor to after the fact? If it's only during the initial handshake, cool, but how does it reconnect when it starts up? If the RF is in the clear (e.g. not just encoded or plain) you can patch in whatever auth material you want. What does that get you though? Cred online for showing it, but in reality, meh. People research baby monitors and safes and stuff for the emotional factor attached to it. Any malicious behavior where you have to be that close to the target is a really personal thing. I know it's a non-cool kid opinion, but patching a piece of firmware on a baby monitor to see inside a single room in your house would do...what exactly? Yeah, can see inside your house and that's a bit creepy, but if you live in an apartment, that person is your neighbor. Good bit of OSINT, RF analysis, and then firmware patching for your neighbor or someone that lives nearby to see in your kid's room? They know if you're home already. Live in a single family home? Not so much range wise. At that point any RF system unless you want to spend a bunch more for a legit security system (and even then they will have similar problems) isn't in the cards for you if you're concerned. BTW, the h264 is video encoding. Have fun!

- "I'm gonna try to hack into the US Government's database" ° "Hey, that's illegal!" - "...for science" ° "Oh, then it's okay"

Please part two!

Dude! I’ve been futzing around with arduinos for over a decade and had no idea that you could boot loop loop it to use it as a ttl to usb. I’ve been using FT232RLs like a sucker

Cant wait until the next video!!!!

Congrats!

A rule is, EVERYTHING what has a processor (or a brain) in it can be hacked. This includes all computers and most humans.

You’d think designing one as a security auditor would be more effective

Is all the libraries the files on the chip? like the 6:14 libraries.

You left us on a cliffhanger as the video was getting really interesting... 😞

More!!!

with a flipper you can utalize uart :)

I mean the hardware layer is always assumed to be secure compared to the OS and application layer.. not a practical attack

Now, only one thing is missing, run doom on it

Reading camera data and transmit it over similar to gow we setup epa01 or rsp32 with cli or flash formware to it using uart but witg embedded system awosm work i am fi.ilar with

Instead of an arduino, couldnt we use a usb to ttl devicd

Hey, I have to take a X 86 assembly language class for my cs degree. Are there any courses you can recommend to help me learn better?

Awesome, want to see more about hardware hacking

Interesting to know that an uno with a wire is an alternative to the FTDI jimmy I have

What does your child think about living inside big brother? Anyway, great video. I look forward to the sequel.

wait so its a closed system, yet is also required to be completely torn down and photographed

Loving it but... An exposed serial console is NOT a security flaw. It is FREEDOM for the owner do do what he wants with the device. Supply chain attack is s thing, but that should be fixed im the supply chain, not by removing owner freedoms. That would make you sound like Apple...

Best youtube channel ever