#qi-hardware IRC log for Monday, 2015-08-03

eintopfthe hitchbot is dead, maybe we can start a "hitchbotv2" an open hardware projekt and collect ideas like defense system, (maybe also shared storage system, AP(samba), usb mass storage), etc.11:19
eintopfbut the hitchbotv2 needs of course a defense system11:19
eintopfor upload a picture to twitter if the hitchbot get touched at a place which hitchbot don't like it to be touched :/11:52
wpwrakshould be no problem in the US. guns and drones are well-liked there. it'll fit right in.11:53
DocScrutinizer05wtf hitchbot16:49
DocScrutinizer05hi eintopf :-D16:50
DocScrutinizer05ayayay  https://www.youtube.com/watch?v=8_nTLIuk6Hk16:54
eintopfauweia16:58
wpwraknice :) now they'll need a recovery team. i recommend these experts: http://avherald.com/h?article=489d53ad&opt=017:36
DocScrutinizer05~dauthor Almesberger20:17
infobotDebian Author Search of 'Almesberger' returned no results.20:17
DocScrutinizer05:-((20:17
DocScrutinizer05wtf?20:17
DocScrutinizer05dauthor vs pstree -V20:18
DocScrutinizer05psmisc has no authors listed in my pkg mgr tools20:23
eintopfwhy does pstree no colorful output?20:55
pcf4lSo I a serial breakout on a router, connected up an ftdi board and can receive output from the router, but can't send commands.. tried both cr and lf as eol characters but not sure what else to do. Any tips from veterans out there?20:56
eintopf:-)20:56
eintopfpcf4l: maybe you have read permissions only? ;-)20:56
pcf4lConsole doesn't prompt for authentication, and I don't get any output when I attempt to send commands, it was my assumption that the bytes weren't making it down the wire.. but I suppose it could be a read only console from the get-go20:57
eintopf"Console doesn't prompt for authentication" -> check gettu20:58
eintopfgetty20:58
pcf4lIt's an off-the-shelf router (DIR-600L) that has custom firmware on it from a security company that came in my home security package... don't even know (and can't obtain) the creds for the web ui :(20:58
eintopfor agetty or xygetty. there are alot of getty implementations outside20:58
eintopfthis will allow call login at your console20:59
eintopfbut I don't know how it's working with systemd-logind20:59
pcf4lAlso don't have shell access, no access of any kind actually.21:02
pcf4lIt's *that* locked down. I paid for the thing and the bastages won't budge.21:02
pcf4lwould love to just flash the official dlink firmware onto it and call it a day21:02
whitequarkjtag21:03
pcf4lboard also has a jtag breakout, never messed with jtag before though21:03
pcf4l^_^21:04
eintopfI assume your getty configuration simple doesn't allow to login from any console21:04
eintopfbut what you could do it21:05
eintopfis21:05
eintopfchange init=/bin/sh21:05
eintopfthen manipulate the getty conf21:05
pcf4lFor fun, here's the console output upon factory reset: http://pastebin.com/KgRyM5vP21:05
eintopf"console output" != "Console doesn't prompt for authentication"21:05
eintopfdo you have access to change the kernel parameters?21:06
pcf4lI have literally zero access. No ssh, no telnet, no web ui, nothing.21:06
pcf4lso I figured I'd crack it open and see what the serial breakout could be used for21:07
eintopfno access to kernel parameters and no getty which allows you to login21:07
eintopfcomplicated :-/21:08
pcf4lSeems that way. It's a trash router anyway, was more of a learning experience than anything.21:08
eintopfI think with jtag it should be possible to make something more with that21:08
eintopfor reflash the flash via some wires at flash ic21:09
eintopfif possible21:09
eintopf:D21:09
eintopf"Start telnetd ..."21:10
eintopfyou have telnet access21:10
eintopfdid you tried that?21:10
pcf4lI might give that a go at some point. Pin pitch on the jtag breakout is super small (I guess maybe like .5mm instead of 1mm)21:10
pcf4lTried telnet, connection refused21:10
eintopfI would call nmap $IP21:10
eintopfmaybe the port is changed21:10
eintopfnot standard port21:11
pcf4l80, 23, and 52869 are the only ports exposed on it21:11
eintopftry nmap21:11
eintopfand I think 23 is telnet21:11
eintopf:-)21:11
pcf4ltried telnetting on both 23 and 52869, no luck :(21:11
eintopf:(21:11
eintopfwhat's there?21:11
eintopfmaybe try netcat and you will get some prompt21:11
eintopfascii prompt21:12
pcf4lconnection refused on both21:12
pcf4lI'm guessing the custom firmware loaded by the security company locks it down instead of just stopping the servers or something21:13
pcf4lI'll try netcat at some point, thanks21:13
eintopfhttp://www.cvedetails.com/version/85577/BOA-BOA-0.94.14rc21.html21:13
eintopfone hole with "execution code"21:13
eintopfsounds good :-)21:13
pcf4lNice find, thanks!21:14
eintopfso then I would change something to get shell and root21:14
Action: eintopf has no experience with hacking linux21:15
pcf4lThis is my first attempt at any sort of hardware hacking at all21:18
eintopfoh really? I usually hack atm machines21:19
eintopf:-P21:19
eintopfno, they running windows xp21:20
pcf4l_Meh21:24
pcf4l_400 Bad Request  Your client has issued a malformed or illegal request.21:24
pcf4l_and serial console: " URI contains bogus characters"21:24
pcf4l_must be patched :(21:24
pcf4l_Thanks for the tips, eintopf, I'll keep tinkering. Cheers!21:26
--- Tue Aug 4 201500:00

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!