Hacking Build your own dongle (Research and development thread)

Wierd_w · Jun 23, 2018

Rainbowfied Pokemaster said:
How can I do that?

plug an ethernet cable into the ethernet port on the device, set your network card to have an IP address in the 192.168.0.X network range, with a subnet mask of 255.255.255.0 then use something like putty (or linux telnet) to establish a telnet session to 192.168.0.1

Since this is the first time connecting, it will accept telnet connections until you set a password. This will give you a root shell. at the root shell, enter the command

dmesg

just after connecting the NX, then collect the last few sets of lines.

EonFenix · Jun 23, 2018

I have my own little solution you can use an android box or an Android usb stick to boot up the payload with nxloader. I have an Android box pretty much insta boot.

A cheap 20-30 dollar Android stick can be bought on eBay load nxloader on it with the payload.
If You want portability use a portable charger to power it sure at this point SX dongle is cheaper which I preordered by the way but if you got an Android box or stick around is good for an instant boot.

If video not working check it in the link
https://streamable.com/o890h

castle-pro · Jun 24, 2018

could you use a
Minimus AVR USB Dev Development Board

sweetlilmre · Jun 24, 2018

castle-pro said:
could you use a
Minimus AVR USB Dev Development Board

No

-(e)

itsjch · Jun 24, 2018

Ninoh-FOX said:
This is the more small that I can maker.

What parts did you use and a guide would be amazing

valyndaslayer · Jun 24, 2018

anyone interested writing code for this board?

48 MHz STM32F030F4P6 Systems Development Board CORTEX-M0 Core 32bit

i think this has similar specs to adafruit m0 but with slight lower specs
and lower price tooo
(adafruit ships with 20usd dhl to my country, seriously...)

Rainbowfied Pokemaster · Jun 24, 2018

Wierd_w said:
plug an ethernet cable into the ethernet port on the device, set your network card to have an IP address in the 192.168.0.X network range, with a subnet mask of 255.255.255.0 then use something like putty (or linux telnet) to establish a telnet session to 192.168.0.1

Since this is the first time connecting, it will accept telnet connections until you set a password. This will give you a root shell. at the root shell, enter the command

dmesg

just after connecting the NX, then collect the last few sets of lines.

Unfortunately I do not have ethernet ports nor ethernet cables

Wierd_w · Jun 24, 2018

Rainbowfied Pokemaster said:
Unfortunately I do not have ethernet ports nor ethernet cables

Edit: Sorry about this duplicate, connection messed up

That's OK

Found out that openwrt (and thus likely lede) defaults to 192.168.1.X network not 0.X network. So, if you ever get an ethernet cable going, give that a shot.

capitaineflam25 · Jun 24, 2018

I've bought a M150 router from Aliexpress to inject the custom LEDE firmware on it and it's working great. I created a dedicated post since this one has multiple purposes.

hackotedelaplaqu · Jun 24, 2018

Retr0id said:
If you can get a root shell on it, in theory you can still run fusee-nano - no real need to actually replace the entire firmware. You'd have to do the EHCI patch in-memory, but that can be done. If the rootfs is not writable, that would be a bit annoying since you wouldn't be able to install permanently.

Back to my Alcatel Linkzone MW40 4G Router.
I finally managed to get script execution exploiting a vulnerability in GoAhead webapplet (Cross Site Request Forgery). Any clue how to open a root shell from there ?

STKV182 · Jun 25, 2018

Wierd_w · Jun 25, 2018

hackotedelaplaqu said:
Back to my Alcatel Linkzone MW40 4G Router.
I finally managed to get script execution exploiting a vulnerability in GoAhead webapplet (Cross Site Request Forgery). Any clue how to open a root shell from there ?

Typically, the root password is also the password used by the web admin portal. (because the web-admin portal typically just wraps console commands, and uses that user authority to do its things.

) If you can get it to execute sshd, or telnetd under root user, you can then log in and do the needful.

In fact, you might just try ssh at it regardless. The ADSL router I got from century-stink has an ssh daemon running by default, but lands you into a 'strange' half-assed router admin shell. You can get to normal linux busybox shell by running sh at the command line, and then its your oyster. (Root filesystem is reasilly remounted as RW even.)

M-O-B · Jun 25, 2018

itsjch said:
What parts did you use and a guide would be amazing

trinket m0
tp 4056 charger module
trinker M0
3.7v 240mah polymer rechargeable Lithium battery
TP4056 battery charger module.
OTG usb 3.1 type c connector with pcb.
switch.

this how I did mine, the most difficult part was actually soldering the data + & data - wires the the points on the trinket as you don't have much room and pins are small.

you don't have to solder the usb wires to the trinket for this to work you can get a micro usb male to type c female usb lead or adapter. so removing the need to solder 4 wires on the trinket.

data wires are the most difficult to do. I used kynar wire.

how mine looked before last stage of build.

my final outcome.

if you wanted to skip soldering the data wires and red usb and black GND wires, then you can do so and use a lead like in this image to connect to the switch

Exosq · Jun 25, 2018

Hi everyone, is it possible to use an Aukey USB C to ethernet adapter ?

Wierd_w · Jun 25, 2018

Exosq said:
Hi everyone, is it possible to use an Aukey USB C to ethernet adapter ?

For what purpose?

----

With all these micro-controller builds, I am tempted to order the parts so I can measure them, then design, print and make available (for a modest fee) 3D printed ABS shells.

sweetlilmre · Jun 25, 2018

valyndaslayer said:
anyone interested writing code for this board?

48 MHz STM32F030F4P6 Systems Development Board CORTEX-M0 Core 32bit

i think this has similar specs to adafruit m0 but with slight lower specs
and lower price tooo
(adafruit ships with 20usd dhl to my country, seriously...)

Doesn't look like it has USB Host capability:
https://www.st.com/en/microcontrollers/stm32f030f4.html

I think that only kicks in at the STM32F4 level.
-(e)

scorpi09on · Jun 25, 2018

Thx for share, it's great. Mybe next step is to put trinket m0 inside the console~

M-O-B said:
trinket m0
tp 4056 charger module
trinker M0
3.7v 240mah polymer rechargeable Lithium battery
TP4056 battery charger module.
OTG usb 3.1 type c connector with pcb.
switch.

this how I did mine, the most difficult part was actually soldering the data + & data - wires the the points on the trinket as you don't have much room and pins are small.

you don't have to solder the usb wires to the trinket for this to work you can get a micro usb male to type c female usb lead or adapter. so removing the need to solder 4 wires on the trinket.

View attachment 133200

data wires are the most difficult to do. I used kynar wire.
View attachment 133201 View attachment 133202
how mine looked before last stage of build.

View attachment 133203
my final outcome.

View attachment 133204

if you wanted to skip soldering the data wires and red usb and black GND wires, then you can do so and use a lead like in this image to connect to the switch

View attachment 133205

STKV182 · Jun 25, 2018

Will this one work ? I have one doing nothing and would appreciate if someone can help me flash it because i don't know how to do it my self? Thanks

http://www.zoomtel.com/products/4506_specs.html

Wireless LAN standards IEEE 802.11n, IEEE 802.11b/g
Interfaces 1 X RJ45, 10/100 Mbps selectable for either a WAN or LAN connection
1 X USB 2.0 Host
WPS button, power switch, reset button
Wireless LAN security 64/128 bit WEP (Wired Equivalent Privacy);
WPA (WiFi Protected Access) and WPA2 with Pass Phrase;
SSID stealth; WPS for easy security setup
Internet security Stateful Packet Inspection (SPI) Firewall
Network Address Translation (NAT)
Denial of Service (DoS) attack detection
Virtual Private Networking (VPN) pass through
MAC, Packet, and Domain name filtering
URL Blocking
Management Universal Plug and Play (UPnP)
Browser based management
Wizard-assisted setup
Simple Network Management Protocol (SNMP support)
Advanced router
functions Quality of Service (QoS) support
URL Blocking/Filtering (parental control)
Scheduling rules (parental control)
Virtual Server, Port triggering, and DMZ host
Dynamic DNS
Configuration Backup/Restore
Wireless Multimedia Extension (WME), WiFi Multimedia (WMM) support
VPN support IPsec, L2TP, PPTP VPN passthrough
PPTP, L2TP connect

scorpi09on · Jun 25, 2018

HEY,gentlemen. I saw a guy using a dongle. And someone said it is STM32F205. Is that possible?

M-O-B · Jun 25, 2018

here's a mini guide on using arduino software for flashing the trinket.

scorpi09on said:
Thx for share, it's great. Mybe next step is to put trinket m0 inside the console~

it's possible to fit the trinket in the switch, but how would you flash an updated payload to it as the reset button needs to be double pressed, also the power source for the trinket for rcm mode, now power from the switch once powered off.

I'm not that clued up about the switch like I am with the 360 installs.

I'll probably try pick up a second switch to have a good tinker with..

I gave testing flashing the trinket while plug into the switch and it seems to flash without a issue

possible this could be the new reset if installed actually inside the switch. but im still waiting on a few bits to turn up to give this a try.

sweetlilmre · Jun 25, 2018

scorpi09on said:
HEY,gentlemen. I saw a guy using a dongle. And someone said it is STM32F205. Is that possible?

Seems possible (STM32F205 appears to have host capabilities). The modules seem expensive though... Have you found a cost effective option?

[edit] it's hard to see from the video, but I don't see any battery / power source connected to that dongle. Which makes me doubt its legitimacy. Still the f205 seems like a possible option at any rate.

-(e)

Hacking Build your own dongle (Research and development thread)

Well-Known Member

Member

New Member

Active Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Member

Well-Known Member

Active Member

New Member

Member

New Member

Well-Known Member

Active Member

Similar threads

Popular threads in this forum