Embedded Systems on System Overlord

Pi Zero as a Serial Gadget

david@systemoverlord.com (David Tomaschik) — Sun, 21 May 2017 00:00:00 +0000

I just got a new Raspberry Pi Zero W (the wireless version) and didn’t feel like hooking it up to a monitor and keyboard to get started. I really just wanted a serial console for starters. Rather than solder in a header, I wanted to be really lazy, so decided to use the USB OTG support of the Pi Zero to provide a console over USB. It’s pretty straightforward, actually.

Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption

david@systemoverlord.com (David Tomaschik) — Fri, 19 May 2017 00:00:00 +0000

Introduction

Vulnerabilities were identified in the Belden GarrettCom 6K and 10KT (Magnum) series network switches. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive; observations suggest that it is likely that further vulnerabilities exist. It is strongly recommended that GarrettCom undertake a full whitebox security assessment of these switches.

The version under test was indicated as: 4.6.0. Belden Garrettcom released an advisory on 8 May 2017, indicating that issues were fixed in 4.7.7: https://www.belden.com/hubfs/support/security/bulletins/Belden-GarrettCom-MNS-6K-10K-Security-Bulletin-BSECV-2017-8.pdf?hsLang=en

This is a local copy of an advisory posted to the Full Disclosure mailing list.

Playing with the Patriot Gauntlet Node (Part 2)

david@systemoverlord.com (David Tomaschik) — Sat, 20 Jun 2015 22:13:50 +0000

Despite the fact that it’s been over 2 years since I posted Part 1, I got bored and decided I should take another look at the Patriot Gauntlet Node. So I go and grab the latest firmware from Patriot’s website (V21_1.2.4.6) and use the same binwalk techniques described in the first post, I extracted the latest firmware.

So, the TL;DR is: It’s unexciting because Patriot makes no effort to secure the device. It seems that their security model is “if you’re on the network, you own the device”, which is pretty much the case. Not only can you enable telnet as I’ve discussed before, there’s even a convenient web-based interface to run commands: http://10.10.10.254:8088/adm/system_command.asp. Oh, and it’s not authenticated. Even if you set an admin password (which is hidden at http://10.10.10.254:8088/adm/management.asp).

Playing with the Patriot Gauntlet Node (Part 1)

david@systemoverlord.com (David Tomaschik) — Tue, 05 Feb 2013 07:54:05 +0000

I recently picked up a Patriot Gauntlet Node just to take a look at it. Playing with the device, it seemed to be a pretty straightforward wireless SoC with a hard drive interface. Many, if not most, of these embedded SoCs use Linux as their operating system, so I decided to go a bit further and see what was going on.

I headed over to the Patriot website and downloaded the firmware for the Gauntlet Node, unzipped the file, and ran binwalk against it. (Binwalk is an awesome tool that essentially runs 'file' with a special magic file against every possible byte offset to find the parts of a firmware image.)