Finding UART and Getting a Root Shell on a Linux Router

preview_player
Показать описание
In this video, we will discuss how to find UART debug interfaces on an embedded linux device. We will then leverage UART to get a root shell on the device.

IoT Hackers Hangout Community Discord Invite:

🛠️ Stuff I Use 🛠️

🪛 Tools:

🫠 Soldering & Hot Air Rework Tools:

🔬 Microscope Setup:

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:
  1. Matt Brown
Рекомендации по теме
Finding UART and 0:20:11

Finding UART and Getting a Root Shell on a Linux Router

Intro to Hardware 0:12:07

Intro to Hardware Reversing: Finding a UART and getting a shell

Hacker's Guide to 0:17:40

Hacker's Guide to UART Root Shells

#02 - How 0:23:47

#02 - How To Find The UART Interface - Hardware Hacking Tutorial

Fun With HARDWARE 0:31:15

Fun With HARDWARE HACKING!!! - UART ROOT SHELLS and Finding SECRETS!

#03 - How 0:27:52

#03 - How To Find The JTAG Interface - Hardware Hacking Tutorial

Hacking the UART 0:06:06

Hacking the UART - Finding and gaining access to the console port on embedded gadgets!

Extracting Firmware from 0:12:27

Extracting Firmware from Linux Router using the U-Boot Bootloader and UART

How to get 0:11:53

How to get Uart

Breakdown 'PWN'ing a 0:04:30

Breakdown 'PWN'ing a home router over UART and finding hardcoded credentials'

PWN'ing a home 0:01:45

PWN'ing a home router over UART and finding hardcoded credentials

Getting Started in 0:11:28

Getting Started in Firmware Analysis & IoT Reverse Engineering

Mastering UART Communication: 0:38:07

Mastering UART Communication: Gaining Access & Extracting Firmware on Unknown Boards

Samsung UART - 0:14:50

Samsung UART - DEMO - Hardware Hacking Series #9

Identifying UART and 0:15:07

Identifying UART and main() in an AVR firmware (ft. Zeta Two) part 1 - rhme2

Extracting and Modifying 0:21:03

Extracting and Modifying Firmware with JTAG

Extracting Wi-Fi Password 0:13:40

Extracting Wi-Fi Password from Netgear N300 Router over UART

#01 - IOT 0:44:16

#01 - IOT security | Finding UART on routers and getting UART shells | Tamil

The computers still 0:00:17

The computers still work in the abandoned research lab

Extracting Firmware from 0:18:41

Extracting Firmware from Embedded Devices (SPI NOR Flash) ⚡

TP-Link Router UART 0:00:10

TP-Link Router UART Access via Articulated Arms - Shell popped

Hardware Hacking - 0:21:57

Hardware Hacking - UART

Mr. Robot Sucks 0:00:55

Mr. Robot Sucks

How To Connect 0:21:10

How To Connect Your PS5 To UART (For Fault Finding) - Full Tutorial

Комментарии
Автор

Flux (and even pre-cleaning) is your friend for soldering. A little isopropyl alcohol and a Q-tip is useful for cleaning up flux residue, even if you didn't use flux (because there is flux in the solder core), since it can produce unwanted resistive paths later.

A resistor (say, 1K+/-) attached across your meter probes (say, with clip leads) can help to identify the RX pin, since the current through 1K to ground won't significantly effect the power pin voltage, but will move the RX pin significantly (maybe even almost to ground).

I'm happy that I have an oscilloscope since I can look for a serial signal during boot even before I have soldered anything. But scopes aren't free (though the ones built in to some of the fancier meters are more than adequate for this purpose.

Nice exposition.

KeepEveryGuessing
Автор

Can we see a video where you don't have access to root shell directly through UART, and how you work around that to get shell access, especially in the case of U-Boot?

Beterr
Автор

..this is more advanced than a normal windows user...only had experience working with UART on arduinos.. interesting!...got to learn these Linux commands..if the geeks are united they will never be divided..!

surenbono
Автор

Use of button size neodymium magnet can hold the pin header while you solder the one end of the pins. I enjoyed watching this video and I was able to look at the WD-Streaming box that I have laying around for a while and I was unable to login to gain root access because of password, but I will do a little research to see if others have been able to guess what the password is.

abdultairu
Автор

Very nice video. I thought your process description was very good and very relatable. Keep it up, information like this is great to get out to help beginners!

RobertBranch-FL
Автор

Loved the video! I would like to see more of this style video but next time show could you show us what happens when things go wrong and what tricks you've learned to deal with it?

davidhammond
Автор

This was a lot of fun. Subscribed. There are numerous devices like multi-meters and stud finders that have coms built in that I'd like to explore. Thanks for bringing us along.

brucewilliams
Автор

Electrolytic capacitors have ground marked on them, and there are a few on this board, which connect to a large ground plane.
Something like that is a good starting point, as well as the shields on connectors like USB and ethernet..
If you know the barrel-jack is center-positive then the solder point at the rear of the barrel-jack is positive, since the center pin is crimped to it, so use the side solder joint first.

MickMcMadder
Автор

Great video, and I appreciate your explanation of the pin outs. Need to go to my local Goodwill for some learning on my own! Thanks for posting!

mathewrtaylor
Автор

I recently started with hardware hacking so this type of experience sharing helps me a lot. Explanation was very clean, analyse of the chip could have been a little zoomed in. Would love to see your setup with some explanation of what you use it for. Looking foreword for more content, keep it up mate. 💪🏻

braapit
Автор

I'd love a course on hardware hacking. I have not been able to find one on coursera or the others

shygrammer
Автор

Great video man! Would like to see more content!

MrMactoshi
Автор

I love doing this too dude. So much fun

numberiforgot
Автор

well done, thanks. I just had the same experience with a Grandstream modem. It just booted right into a shell.

mshabanian
Автор

Very interesting, thanks for your video

longtran
Автор

Nice tutorial Bro. Hope more contents are coming. 👌

ofsanjay
Автор

"Blue-tac" or whatever brand of sticky poster putty you get locally. Take a blob of it and stuff it onto the pin headers, it will stick well enough for soldering and doesn't melt (much) onto the pins! Shouldn't be an issue.

over
Автор

Bluetack to hold header and flux to clean the pads, I usually dip the header into flux liberally, push thru and be enough to do the pads that way neatly. But can never have too much flux. But the main tip in soldering would be, well-tinned iron to start with and lots of flux.

What you need is a pogo clamp, alas most you can get short and will also need vertical and horizontally lined pogo pins. But worth hacking something together as I don't know about you, soldering shows why I'm not a brain surgeon 😁

PaulGrayUK
Автор

Hello, just found your channel and find it interesting.
Do you use software to do this or are you simply using terminal in linux?

GrenPara
Автор

Thank you for your video. Any chance you make one for JTAG?

fuzzs