HFU HF Underground
Technical Topics => SDR - Software Defined Radio => Topic started by: ChrisSmolinski on May 31, 2018, 1955 UTC
-
FWIW, I picked up a pair of these at my local WalMart this morning...
The history of consumer electronics is littered with devices that are relatively uninteresting at first, but become spectacular platforms for hardware exploitation once a few select people figure out how everything ticks. The Linksys WRT54G was just a router until someone figured out how to put a complete Linux system on them. Those RTL-SDR dongles were just for capturing over the air TV until someone realized they were actually a software-defined radio. The CueCat was just dot-com boom marketing garbage until… well, we picked up a lot of CueCats regardless.
Now there’s a new device sitting on the shelves at Walmart just waiting for some Linux hackers to have a go. It’s the Tzumi MagicTV, a device that allows you to watch over-the-air television on your phone. What’s inside? It’s a WiFi router, an RTL-SDR, and a battery pack in one tiny package. The best part? It costs $13, and apparently Walmart is just blowing them out.
Right now, there aren’t too many details on what’s going on inside the Tzumi MagicTV box, however, the discussion over on the RTLSDR subreddit has revealed enough to give us a good idea of what’s going on. The router inside the MagicTV is a TP-Link TL-WR703N, the exact same WiFi router that took the WRT54G’s place as the king of hackable routers a few years ago. The SDR chip is the same as the Astrometa DVB-T2, one of the common TV tuners on-a-stick. Other than that, there are TX and RX pins on the board, SSH is open, no one knows the password, but as of this writing, a few people are putting John the Ripper to work trying to break into this box.
What is the end goal of cracking this Linux box wide open? Well, it’s a WiFi router and an SDR, so if you want to make your own Flightaware ADS-B logger, that could be on the table. Of course, you could actually use it for its intended purpose and pull down over-the-air TV to your local network, but that seems so pedestrian after getting root on a $13 box from Walmart.
https://hackaday.com/2018/05/30/cheap-stuff-to-hack-a-router-with-an-sdr-for-13/
-
it should be easy to get and change the SSH/root password with a serial console connected to the device (J-TAG)
i do this often to many "locked" devices to gain root access and modify user privileges.
-
I've seen those for sale. There is even room for knob if you know anyone who is so inclined, as I might.
-
Surely someone will offer these prehacked with an apropriate distro. Then just ssh into it from afar to do your scanning. I have a loverly 12v gel cel and solar panel just waiting for a load such as this to power.
-
I ordered some PL2303 USB to TTL adapters thinking something like this would be coming along. So where do you solder the pin header?
-
So where do you solder the pin header?
that depends on what you see on the PCB.
sometimes they are not identified and you'll have to use a scope to figure out what is what, usually its 4 points on the PCB that may or may not have a header, not all PCB's will have a J-TAG though it is possible to connect one if you have a PCB wiring diagram layout.
-
I don't have one of the Tzumi units yet. I'm just getting started on Orange Pi Zero. I see they both use the U-Boot boot loader. What I'm learning about that should help. I love this cheap Chinese stuff!