Nayheyxus
-
Posts
18 -
Joined
-
Last visited
Posts posted by Nayheyxus
-
-
Sadly, my wifi flash drive has died. I wish I could say that the drive was lost in the line of Hacked firmware flashing, as I had intended. However the drive was killed by Dr.Pepper and a clumsy kitty Cat.
-
A02 seems to be a comman model actually in the airstash family. .
-
Damn ya beat me to posting the jtag info ya just posted hehe. But glad you did you articulated it far better than I could have. Yup airstash android wearable license inc. Ive read that at least 400 times today in my wireshark log, been reading it continuously thinking magically ill understand what's going on in the packet. There are 2 fuses that must be the for the jtag ice. Jtag enable fuse and ocd enable fuse. If the fuse is unintentionally disabled then then the user can enable the fuse by means of the other programming interfaces (eg isp)
-
Binwalk hex dumping is the closest thing to the matrix as anyone can get, am I right hehee. Anywho, I've been trying to decipher my wireshark sniff logs. The airstash protocol is pretty foreign. I captured the entire conversation the device's software exchanges with the Android app, and my plan of attack is replicate the firmware upgrade with a fake new version, undoubtedly this will brick my neat little flash drive. Well worth the sacrifice to further knowledge on it, and I can easily justify buying another
-
I've been running usb sniffing though i didnt expect to find anything. The was a sorta interesting initial handshake, but I'm fairly sure it's just standard USB mass storage jibba jabber. Running a mitm attack sniffing it's traffic while I change various settings within the apk. Some very interesting data being swapped, I wish I hadn't updated my device I would love to see how the drive reacts to an update, and how the app writes to the drive
-
Interesting, forgive my ignorance, does the firmware have any bearing to what size memory module it can utilize? Or does the difference just act as a sudo embedded security alternative?
-
The arrangement of the resistors on rt1 seems like it could be for debugging.
-
-
Dissembling 32, will post in a moment
-
Devilsclaw you are amazing, how did u pop the case off? You obtained more info and coded a button inject exploit within what like a day? I wish I had half your talent and I feel I feel like Wayne's world style "We're're not worthy" for I bow to ya sir!
-
Way cool thanks for sharing that! I'm considering opening mine up to look for any embedded vulnerabilities. I wish finding specific information online wasn't such so frustrating, I've been trying to find all the fcc test photots so I can get a look at the pcb. Has anyone disassemble theirs yet?
-
Well if anyone wants to continue modifications to this device i can send you all the info I've come up with. Shoot me a message. I'm going to work on my many other projects, so I probably won't come back to this for a while
-
Sorry for the delay on the scan, running it now. 53/udp open\filtered. Going to scan every virtual nook and cranny. Though I doubt I'll find any exploitable port for us to dock our metaphoric pirate ship in.. eh scratch that last comment sounds way to dirty.
-Cooper,
The device has a few gpl's associated with it's firmware, but sadly I don't see anything pointing to linux. Which is disappointing for my dreams of portable wifi sniffing, but based on what I've read it wouldn't make sense for SanDisk to sell 3 separate wifi comnect devices; each bearing identical designs and specifying each device's hardware for compatibility with a finte of micro SD storage sizes. 3 separate firmwares which are restricted by firmware on the device itself would be much simpler when compared to having 3 different design specs. The only difference between the SanDisk connect device's are what size microsd card it's been packaged with. Beyond that no other features are present. In addition I'm not to familiarized with fcc regulations but there is one test for the connect flash drive and the test doesn't specifically mention size difference, it simply says testing for sdws2(the product name which all 3 sizes share). Which in my experience there is typically a note on the models tested based if the hardware has different designs.
-
Most likely it's some sort of Unix. The other variants of SanDisk wifi storage run a type of unix. The media connect drive I believe, of course I can't remember how I found that out, and our dear sweet friend Google is once again failing at providing me with any useful information to corroborate this.
-
I've run Nmap scans, if memory serves port 80 is the only open port. I seem to recall an unfimilar port being open, but don't quote me on that. I'll run one in a few hours and report back(depends on when I can sneak away from my work desk).
-
Eh I haven't really worked much on RE the flash drives firmware, been distracted with building sdr crap. I doubt the actual hardware differs between the two variants. Size increase would be nice, but utilizing the device's wireless radio in some other fashion would be my main focus. Gaining a root shell, or modification of the firmware seems it would give some insight on both goals.
-
those credentials didn't work for me. Has anyone had any success with moding this device? I've port scanned the device several times, and recently I've been analyzing the firmware via ida. Which isn't my strong suit unless it's simple malware im reverse engineering.
Hack a Sandisk 32G Wifi enabled flash drive
in Hacks & Mods
Posted · Edited by Nayheyxus
One thing I found while I was researching the device was a conference held about the programming and design of this wifi flash drive. The presentation seemed to have a lot of valuable information, and could gice some insight into hacking it. The presentation was very dull, and shortly after this discovery my drive died. YouTube "racket conference" and if you can withstand a very boring presentation,