We seek to understand and document all radio transmissions, legal and otherwise, as part of the radio listening hobby. We do not encourage any radio operations contrary to regulations. Always consult with the appropriate authorities if you have questions concerning what is permissible in your locale.

Author Topic: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13  (Read 3315 times)

Offline ChrisSmolinski

  • Administrator
  • Marconi Class DXer
  • *****
  • Posts: 31077
  • Westminster, MD USA
    • View Profile
    • Black Cat Systems
CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« on: May 31, 2018, 1955 UTC »
FWIW, I picked up a pair of these at my local WalMart this morning...



The history of consumer electronics is littered with devices that are relatively uninteresting at first, but become spectacular platforms for hardware exploitation once a few select people figure out how everything ticks. The Linksys WRT54G was just a router until someone figured out how to put a complete Linux system on them. Those RTL-SDR dongles were just for capturing over the air TV until someone realized they were actually a software-defined radio. The CueCat was just dot-com boom marketing garbage until… well, we picked up a lot of CueCats regardless.

Now there’s a new device sitting on the shelves at Walmart just waiting for some Linux hackers to have a go. It’s the Tzumi MagicTV, a device that allows you to watch over-the-air television on your phone. What’s inside? It’s a WiFi router, an RTL-SDR, and a battery pack in one tiny package. The best part? It costs $13, and apparently Walmart is just blowing them out.

Right now, there aren’t too many details on what’s going on inside the Tzumi MagicTV box, however, the discussion over on the RTLSDR subreddit has revealed enough to give us a good idea of what’s going on. The router inside the MagicTV is a TP-Link TL-WR703N, the exact same WiFi router that took the WRT54G’s place as the king of hackable routers a few years ago. The SDR chip is the same as the Astrometa DVB-T2, one of the common TV tuners on-a-stick. Other than that, there are TX and RX pins on the board, SSH is open, no one knows the password, but as of this writing, a few people are putting John the Ripper to work trying to break into this box.

What is the end goal of cracking this Linux box wide open? Well, it’s a WiFi router and an SDR, so if you want to make your own Flightaware ADS-B logger, that could be on the table. Of course, you could actually use it for its intended purpose and pull down over-the-air TV to your local network, but that seems so pedestrian after getting root on a $13 box from Walmart.

https://hackaday.com/2018/05/30/cheap-stuff-to-hack-a-router-with-an-sdr-for-13/
« Last Edit: May 31, 2018, 2007 UTC by ChrisSmolinski »
Chris Smolinski
Westminster, MD
eQSLs appreciated! csmolinski@blackcatsystems.com
netSDR / AFE822x / AirSpy HF+ / KiwiSDR / 900 ft Horz skyloop / 500 ft NE beverage / 250 ft V Beam / 58 ft T2FD / 120 ft T2FD / 400 ft south beverage / 43m, 20m, 10m  dipoles / Crossed Parallel Loop / Discone in a tree

Offline TheRelayStation

  • Sr. Member
  • ****
  • Posts: 445
  • 5150 Khz AM 60W Hack RF
    • View Profile
    • Live Streaming
    • Email
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #1 on: May 31, 2018, 2037 UTC »
it should be easy to get and change the SSH/root password with a serial console connected to the device (J-TAG)
i do this often to many "locked" devices to gain root access and modify user privileges.
5150 Khz AM 60W Hack RF
shortwavepirate@aol.com
https://vaughn.live/cabletv

Offline Pigmeat

  • Marconi Class DXer
  • ********
  • Posts: 6684
    • View Profile
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #2 on: May 31, 2018, 2113 UTC »
I've seen those for sale. There is even room for knob if you know anyone who is so inclined, as I might.

Offline Josh

  • DXing Phenomena
  • *******
  • Posts: 4322
    • View Profile
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #3 on: June 01, 2018, 1550 UTC »
Surely someone will offer these prehacked with an apropriate distro. Then just ssh into it from afar to do your scanning. I have a loverly 12v gel cel and solar panel just waiting for a load such as this to power.
We do not encourage any radio operations contrary to regulations.

Offline JimIO

  • Sr. Member
  • ****
  • Posts: 491
  • QTH I.O. MA
    • View Profile
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #4 on: June 01, 2018, 1858 UTC »
I ordered some PL2303 USB to TTL adapters thinking something like this would be coming along. So where do you solder the pin header?

Offline TheRelayStation

  • Sr. Member
  • ****
  • Posts: 445
  • 5150 Khz AM 60W Hack RF
    • View Profile
    • Live Streaming
    • Email
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #5 on: June 02, 2018, 0028 UTC »
So where do you solder the pin header?
that depends on what you see on the PCB.
sometimes they are not identified and you'll have to use a scope to figure out what is what, usually its 4 points on the PCB that may or may not have a header, not all PCB's will have a J-TAG though it is possible to connect one if you have a PCB wiring diagram layout.
5150 Khz AM 60W Hack RF
shortwavepirate@aol.com
https://vaughn.live/cabletv

Offline JimIO

  • Sr. Member
  • ****
  • Posts: 491
  • QTH I.O. MA
    • View Profile
Re: CHEAP STUFF TO HACK: A ROUTER WITH AN SDR FOR $13
« Reply #6 on: June 02, 2018, 0342 UTC »
I don't have one of the Tzumi units yet. I'm just getting started on Orange Pi Zero. I see they both use the U-Boot boot loader. What I'm learning about that should help. I love this cheap Chinese stuff!