Jump to content

Transcend Wi-Fi SD Hacked


Forgiven
 Share

Recommended Posts

For Fair Use: http://hackaday.com/2013/08/12/hacking-transcend-wifi-sd-cards/

"[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any WiFi-enabled device in a matter of seconds.

As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.

He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password ”admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.

From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.

As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…"

Seems like an interesting miniature AP could be made from this...thoughts?

Link to comment
Share on other sites

It seems to me that a hacked Transcend could be a very small battery-powered Karma device.

199163-transcend-16gb-wifi-sd-card-sdhc-

For instance, plug it into one of these:

SD to USB Adapter

Then the usb end goes into one of these for power: Anker external battery backup, small.

Then tape the whole thing to the water cooler and have fun picking up beacon requests or whatever floats by.

Link to comment
Share on other sites

add this to the toolset for the Rubber Ducky.. and you now have a pocket full of everything you need.

Too bad there wasnt a microsd one of these.. you could change the Rubber Ducky scripts on the fly...!!

Older article... But who knows maybe it could be a reality someday...

http://techcrunch.com/2009/07/23/only-in-japan-kddi-shows-off-wireless-microsd-card/

or

Maybe this could work..

http://eshop.sintech.cn/sd-to-micro-sd-fpc-extender-with-65mm-flex-cable-p-764.html

Edited by whizdumb
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...