Jump to content

Hackaday: Guy puts a tp-link router into outlet charging station


RebelCork
 Share

Recommended Posts

Thought I'd share this with the rest of you guys. Its from hackaday.com, and the guy builds a pretty respectable pwnie-plug device and puts it into the guts of a wall mounted gadget charger. The article mentions the price of the official pwnie plug hardware and also mentions that the builder doesnt use his device for nefarious means. Yeah right ;) ;) ;) . he even managed to solder a 3.5mm jack for a serial connection so it doesnt stand out - kind of makes it look like a knock off apple airport express..

What I like about this, is that internet sharing can be done from the mobile that is 'charging' on the device.

Then I was thinking, what if this was set up in a cafe to allow users to charge their mobile phones, and when connected, access is given to phone's memory card, etc.

Makes me wonder, as being a bartender in a previous life, people were always asking me to charge their phones behind the counter for them.

The link is here:

http://hackaday.com/2012/11/20/outlet-charging-station-retrofitted-with-the-guts-of-a-wifi-router/

Original:

http://www.jedge.com/wordpress/2012/11/tp-link-wr703n-custom-pwn-plug/

Appreciate any comments on my musing...

plug-charger-retrofitted-with-wireless-router-e1353424674249.jpg?w=535&h=450

Link to comment
Share on other sites

Interesting article - the TP-Link routers coupled with OpenWRT can be pretty powerful :-)

I'm currently working on a product, due to be released (hopefully) January next year. It basically offers 3 main services;

1) Its an automated 'quick and dirty' pentester (email/SMS results).

2) Remote control/penetration testing (think VPN and/or reverse SSH)

3) Physical surveillance

This is NOT competition to the WiFi pineapple. I only plan on making/selling 10 of these products, at $100 a piece.

Very cool article.

Razzlerock

Link to comment
Share on other sites

RebelCork. Thanks for linking to that article. I do plan on using the device for "non-nefarious" purposes as I'm a penetration tester. The one item I'm trying to get working is USB tethering between the cell phone and the tp-link so it is a back door to the device. If I can't get it to work bluetooth and regular wifi tethering would work but then I can't use those wireless technologies for testing. I think the custom power pwn is an even better item then that custom pwn plug because it is x86 so everything installs with no issues on the Debian image.

http://www.jedge.com/wordpress/2012/08/my-custom-power-pwn/

Link to comment
Share on other sites

RebelCork. Thanks for linking to that article. I do plan on using the device for "non-nefarious" purposes as I'm a penetration tester. The one item I'm trying to get working is USB tethering between the cell phone and the tp-link so it is a back door to the device. If I can't get it to work bluetooth and regular wifi tethering would work but then I can't use those wireless technologies for testing. I think the custom power pwn is an even better item then that custom pwn plug because it is x86 so everything installs with no issues on the Debian image.

http://www.jedge.com...stom-power-pwn/

Thanks for the quick response, I know you are not going to use it for nefarious purposes, I didn't mean to imply otherwise :-)

It was late when I was writing my post, and my brain wasn't working correctly!!

Anyway, my point was more of the likes of if you can hide a custom pwn device in something so simple, and there are multiple threads in these very forums talking about hiding, disguising the pineapple. (I myself have it 'velcroed' into a binder with batter pack and wifi card)

There are massive security holes in mobile devices that allows us to pwn people so easily doesnt look like its going to be fixed anytime soon. It will only be a matter of time before someone puts a pwn plug/mini pc together to scrape mobile data directly from the phone itself.

How sure are we, when we use a charger in a public place (communal office/cafe/restaurant/bar etc) that it is what is implies it is. We do let our guard down in these areas .

I know this forum is in relation to jasager and wifi, but a device like this could bring the mountain to mohammed so to speak. Emails, SMS, contact books, you name it, it is the holy grail of the pentester for testing.

Link to comment
Share on other sites

Things get interesting when the electronics get small. The TP-Link WR703N is a good example of that.

Razzlerock, just a word of caution. The 703N isn't certified outside of China (FCC, CE, ROHS, UL), and housing inside an electrical enclosure like this breaks all sorts of codes, opening one up to a ton of liability. I've considered it as a platform in the past but it's just too risky to base a product off of.

That said this looks like a really cool hack and I encourage anyone adventurous enough to go out and make one. If you've been by our tables at Defcon, Derbycon, or Shmoocon you'll see some similar implementation examples some clients of ours have put together. It's truly amazing the amount of hidden in plain sight enclosures one can find walking the isles of your local home improvement store.

Link to comment
Share on other sites

Hi Darren, I tried to private messge you but got an error saying you are not receiving any news messages - you must be in high demand. :)

Actually, the 703N (which is the 702N with more memory*) is certified - CE, FCC, RoHS according to the TP-Link website. In fact, you can buy this on www.tp-link.com in the US. My plan is not to stick this in an electrical enclosure at all, I will leave that to the end user B)

The good part is, when I get something working on the 703N I am testing on the pineapple too and if it works post updates on the Pineapple forum - that way it is mutually beneficial and everyone wins :)

Thanks

Razzlerock

* I need to validate this as I heard this second hand.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...