uart_shell_in_a_router_Debanjan_Saha.pdf
NullKolkata
91 views
12 slides
Jul 27, 2024
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
Finding UART and Getting a Root Shell on a Linux Router by Debanjan Saha
Slide Content
#Presented by Cybermax
Finding UART and GettingFinding UART and Getting
a Root Shell on aa Root Shell on a
Linux RouterLinux Router
Finding UART and GettingFinding UART and Getting
a Root Shell on aa Root Shell on a
Linux RouterLinux Router
dEBANJAN sAHA (Cybermax)
Cyber Security Enthusiast
DIY Projects Maker
Youtuber (Max Technical360)
Hardware and IoT Security Researcher
CTF Player(Cybermax560)
$ ./about-me.sh
Cyber Security Enthusiast
DIY Projects Maker
Youtuber (Max Technical360)
Hardware and IoT Security Researcher
CTF Player(Cybermax560)
$ ./about-me.sh
What is Hardware Hacking ?
Hardware hacking involves the (unauthorised) exploration and manipulation of
electronic devices, particularly embedded systems such as IoT and industrial
edge devices. These devices often run on specialised operating systems like
Linux, OpenWRT, Raspbian, FreeRTOS, and Zephyr, making them prime
targetsfor exploration and experimentation.
Hardware hacking can be done for various reasons including:
Extract information
Hack network functions
Take over control of the hardware
Cause the hardware to malfunction
Hardware hacking involves the (unauthorised) exploration and manipulation of
electronic devices, particularly embedded systems such as IoT and industrial
edge devices. These devices often run on specialised operating systems like
Linux, OpenWRT, Raspbian, FreeRTOS, and Zephyr, making them prime
targetsfor exploration and experimentation.
Hardware hacking can be done for various reasons including:
Extract information
Hack network functions
Take over control of the hardware
Cause the hardware to malfunction
Universal Asynchronous
Receiver-Transmitter
UART(Universal Asynchronous Receiver-Transmitter) is one of the most often used
communication protocols in embedded devices. It converts the parallel data it
receives into a serial bit stream of data that may possibly be interacted with more
easily. The transmitting UART translates parallel data from a controlling device, such
as a CPU, into serial data, which it then sends in serial to the receiving UART. Which
turns the serial data back into parallel for the receiving device.
serial communication with two wire protocol
no ACK protocol
easiest and simple way to transfer data directly to and from microcontrollers without the need of any
device in between
Transmitting UART converts parallel data into serial and transmits
Receiving UART converts received serial data into parallel
Possible Attacks
Getting root shell
Smiffing comm.
Receiver-Transmitter
UART(Universal Asynchronous Receiver-Transmitter) is one of the most often used
communication protocols in embedded devices. It converts the parallel data it
receives into a serial bit stream of data that may possibly be interacted with more
easily. The transmitting UART translates parallel data from a controlling device, such
as a CPU, into serial data, which it then sends in serial to the receiving UART. Which
turns the serial data back into parallel for the receiving device.
serial communication with two wire protocol
no ACK protocol
easiest and simple way to transfer data directly to and from microcontrollers without the need of any
device in between
Transmitting UART converts parallel data into serial and transmits
Receiving UART converts received serial data into parallel
Possible Attacks
Getting root shell
Smiffing comm.
Hardware Tools
3.
1.
2.
4.
Multimeter
Soldering Kit / Desoldering Pump
Screwdriver Set
Wires/Jumper Wires
5.
6.
USB to Serial Adapter
Flash USB BIOS Flash Programmer
7.
logic analyzer
3.
1.
2.
4.
Multimeter
Soldering Kit / Desoldering Pump
Screwdriver Set
Wires/Jumper Wires
5.
6.
USB to Serial Adapter
Flash USB BIOS Flash Programmer
7.
logic analyzer
Tp-link TL-WR841N Router
⬇️Target⬇️
⬇️Target⬇️
Major Components
MEDIATEK MT7628NN SoC Zentel SDRAM SPI Flash Memory
MEDIATEK MT7628NN SoC Zentel SDRAM SPI Flash Memory
What we need to know and do ?
Pin Identification (GND,VCC,TX,RX)
Baudrate (9600,115200)
Pin Identification
Manual Identification
Automated Identification
Pin Identification (GND,VCC,TX,RX)
Baudrate (9600,115200)
Pin Identification
Manual Identification
Automated Identification
power off the device , set the multimeter to conitinuity
red probe on the pins , black probe on any metallic surface
if it beeps boom , you got the gnd
Identifying GND
Identifying VCC
Add a subpower on the device , set the multimeter to voltage test
red probe on the pins , black probe on the gnd i.e. ground.
if it shows a voltage around 3.3v it’s vc
heading
red probe on the pins , black probe on any metallic surface
if it beeps boom , you got the gnd
Identifying GND
Identifying VCC
Add a subpower on the device , set the multimeter to voltage test
red probe on the pins , black probe on the gnd i.e. ground.
if it shows a voltage around 3.3v it’s vc
heading
Identifying Tx
power on the device , set the multimeter to voltage test
immediate test required
red probe on the pins , black probe on the mettalic surface
if it shows a changing voltage it’s tx
Identifying rx
i want to learn this from you guyz :)
power on the device , set the multimeter to voltage test
immediate test required
red probe on the pins , black probe on the mettalic surface
if it shows a changing voltage it’s tx
Identifying rx
i want to learn this from you guyz :)
ACCESS THE PORT VIA /DEV/TTYUSB0
POWER ON THE DEVICE AND RUN A SERIAL CONSOLE
UTILITY
SCREEN / MINICOM
SCREEN - SCREEN /DEV/TTYUSB0 115200
MINICOM - MINICOM -B 9600 -D /DEV/TTYUSB0
-B (BAUDRATE) , -D (DEVICE)
WAIT FOR A WHILE AND YOU GOT THE ACCESS , TRY
FURTHER EXPOITING IT IF YOU WANT TO IN THIS
PREMISES NOTHING IS ALLOWED
Getting Access
POWER ON THE DEVICE AND RUN A SERIAL CONSOLE
UTILITY
SCREEN / MINICOM
SCREEN - SCREEN /DEV/TTYUSB0 115200
MINICOM - MINICOM -B 9600 -D /DEV/TTYUSB0
-B (BAUDRATE) , -D (DEVICE)
WAIT FOR A WHILE AND YOU GOT THE ACCESS , TRY
FURTHER EXPOITING IT IF YOU WANT TO IN THIS
PREMISES NOTHING IS ALLOWED
Getting Access
THANK YOU
www.youtube.com/@MaxTechnical360
www.linkedin.com/in/debanjansaha360/
[email protected]
https://www.instagram.com/cybermax560/
www.youtube.com/@MaxTechnical360
www.linkedin.com/in/debanjansaha360/
[email protected]
https://www.instagram.com/cybermax560/
Categories
EducationDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 91
- Slides 12
- Age 493 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
25 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
41 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
40 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
24 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
25 views