The TP-Link TL-WR841N isn’t a particularly impressive sầu piece of hardware, but since it works decently well và sells for under $20 USD, it’s one of the most popular consumer routers on Amazon. Now, thanks to lớn of the Zero Day Initiative sầu, we now have a concise step-by-step guide on how khổng lồ hack your way inlớn the newer versions of the hardware và take full control over this bargain WiFi device. This work was initially done lớn help test out reported vulnerabilities in the router’s firmware, but we’re sure the readers of can come up with all sorts of potential uses for this information.

Bạn đang xem: How to hack a wi

TP-Link helpfully labeled the UART pins

The story starts, as so many before it have sầu, with a serial port. Finding the UART pads on the PCB và wiring up a cấp độ shifter was no problem, but found it was only working one-way. Some troubleshooting và an oscilloscope later, the culprit was found lớn be a 1kΩ pull down resistor connected khổng lồ the RX line that was keeping the voltage from peaking high enough lớn be recognized.

Once two-way communication was established, proper poking around inside the router’s Linux operating system could begin. It wasn’t a huge surprise khổng lồ find the kernel was ancient (version 2.6.36, from 2010) và that the system utilities had been stripped lớn the absolute bare minimum to lớn save space. Replacing the firmware entirely would of course be ideal, but unfortunately OpenWRT has dropped support for the newer hardware revisions of the TL-WR841N.

To teach this barebones build of Linux some new tricks, used the mount commvà lớn find a partition on the system that actually had write-access, & used that lớn stash a pre-compiled build of BusyBox for MIPS. With a more complete mix of tools, the real fun could begin: using GDB to lớn debug TP-Link’s binaries and look for chinks in the armor. But feel không lấy phí lớn insert your own brand of mayhem here.

You might think that in the era of the Raspberry Pi, abusing cheap routers to turn them into general purpose Linux boxes would be somewhat out of style. Frankly, you’d be right. But while the days of strapping Linksys WRT54Gs lớn remote controlled cars might be long be gone, there are still some routers out there interesting enough to lớn make it worth dusting off this time-honored hardware hacker tradition.

Posted in classic hacks, Wireless HacksTagged busybox, openwrt, router, serial port, TL-WR841N, tp-liên kết, uart
At the heart of this gadget is the TP-Link TL-MR3020, a tiny OpenWRT-compatible router that’s no stranger khổng lồ the pages of Its small kích thước & low cost have sầu made it a natural choice for a wide array of projects, so it’s little surprise that gravitated towards it. But simply getting OpenWRT installed on the MR30đôi mươi & configuring OpenVPN doesn’t exactly grant you entrance into the Pantheon, so obviously there’s a bit more to lớn the story.

For one, didn’t like the idea of a USB flash drive sầu hanging out of the side of his router. Since the flash drive would essentially be a permanent part of the router, as it is being used to exp& the rather meager internal storage of the MR30trăng tròn he decided to lớn wack the USB end off the flash drive & solder it directly to the router’s PCB. This gave sầu hyên ổn a much cleaner looking package, but it still wasn’t as portable as he’d like.

He decided to lớn order a solar-charged USB power bank khổng lồ become the new home of his hacked MR3020. He kept the solar panel and charge controller from the original gadget, và after some researched settled on a pair of LG-HG2 3000 mAh batteries as the power source. went through a few charge và discharge cycles making sure everything worked as expected before buttoning up the case. In the future he says he might transplant the electronics inkhổng lồ a 3D printed case, but for now he’s pretty pleased with the results.

If you’d lượt thích to lớn try your hvà at hacking these popular micro routers, you’ll need to lớn start with an OpenWRT firmware. After you’ve got a full blown Linux distro running on this little fellow, the only limitation is your own imagination.


If the headline makes today’s haông xã sound like it was easy, rest assured that it wasn’t. But if you’re interested in embedded device hacking, read on.

wanted to install a custom OS firmware on a cheap home page router, so he bought a router known to lớn be reflashable only to find that the newer version of the firmware made that difficult. We’ve sầu all been there. But instead of throwing the device in the closet, beat it inkhổng lồ submission, discovering a bug in the firmware, exploiting it, & writing it up for the manufacturer. (And just as we’re going to lớn press: posting the code for the downgrade exploit here.)

This is not a weekkết thúc hachồng — this took a professional many hours of serious labor. But it was made a lot easier because TP-Link left a debugging protocol active sầu, listening on the LAN interface, & not requiring authentication. found most of the information he needed in patents, & soon had debugging insight into the running device.

Continue reading “TP-Link Debug Protocol Gives Up Keys To Kingdom” →

Posted in Misc Hacks, Security HacksTagged debug, firmware, hachồng, reverse engineering, router, tp-links

found himself with some không tính tiền time và decided to finish a project he started two years ago, reverse engineering cheap 433MHz home automation equipment. He hopes to control his space heaters remotely, in preparation for a cold và, now, robotic winter.

Xem thêm: Châu Tinh Trì Gọi Điện Thoại Chọc Tổng Đài Mobifone Với Những Câu Hỏi Bá Đạo

In a previous life, he had reverse engineered the protocol these cheap wireless plugs, garage doors, and electric window shutters all use. This eventually resulted in a little library called rf-ctrl that can toggle & read GPIO pins in the correct way to lớn control these objects. He has a few of the more popular protocols built into the library và even wrote a guide on how lớn vì the reverse engineering yourself if you have sầu need.

Having successfully interfaced with the plugs to use with his space heaters, went about converting a cheap TP Link router into a comm& center for them. Since TP.. Link never expected anyone to lớn hammer their square peg into a mismatched hole, it takes a careful hvà at soldering and some enamel wire lớn break out the GPIO pins, but it’s well within the average skill mix.

The kết thúc result is a nicely contained xanh box with a little antenna hanging out of it, & we hope, a warm abode for the coming winter.

Posted in home page hacks, Slider, Wireless HacksTagged 433, 433MHz, 434, trang chủ automation, TL-WR703N, tp-link, wireless

Last year, the Federal Communications Commission proposed a rule governing the certification of RF equipment, specifically wireless routers. This proposed rule required router manufacturers lớn implement security on the radio module inside these routers. Although this rule is fairly limited in scope – the regulation only covers the 5GHz U-NII bands, & only applies to the radio subsystem of a router, the law of unintended consequences reared its ugly head. The simplest way to loông xã down a radio module is to lochồng down the entire router, và this is exactly what a few large router manufacturers did. Under this rule, open source, third-các buổi party firmwares such as OpenWRT are impossible.

Now, router manufacturer TP-Link has reached an agreement with the FCC lớn allow third-buổi tiệc nhỏ firmware. Under the agreement, TP-Link will pay a $200,000 fine for shipping routers that could be configured to run above the permitted power limits.

This agreement is in stark contrast lớn TP-Link’s earlier policy of shipping routers with signed, locked firmware, in keeping with the FCC’s rule.

This is a huge success for the entire open source movement. Instead of doing the easy thing – locking down a router’s firmware and sending it out the door – TP-Link has chosen lớn take a hit to lớn their pocketbook. That’s great news for any of the dozens of projects experimenting with mesh networking, amateur radio, or any other wireless networking protocol, & imparts a massive sầu amount of goodwill onto TP-Link.

Thanks for the tip.


This “security” is so outrageous we had khổng lồ look for hidden cameras lớn make sure we’re not being pranked. We don’t want to ruin the face-palming realization for you, so before clicking past the break look closely at the image above and see if you can spot the exploit. It’s plain as day but might take a second lớn dawn on you.

The exploit was published on Twitter feed after waiting a couple of weeks khổng lồ hear baông xã from TP-LINK about the discovery. They didn’t respond so he went public with the info.

Continue reading “TP-LINK’s WiFi Defaults To Worst Unique Passwords Ever” →

Posted in Security Hacks, Slider, Wireless HacksTagged facepalm, mac address, password, tp-links, unique password, wr702n

Like it or not, Hackers gonmãng cầu haông chồng. And when your hackerspace has someone who looks like Doc Brown from Baông xã lớn the Future, the builds can get a bit weird, lượt thích this Hack42 FestivalCharger.

The Hack42 hackerspace in Arnhem, The Netherlands had collected a large number of TP-Link 5V USB chargers – but all of them had the North American NEMA plug (flat, 2 pin) which wouldn’t fit the Schuko sockets prevalent in The Netherlands. decided to whip out his giant soldering iron và use it to solder two long pieces of welding filler metal rods lớn 33 of the chargers, effectively wiring them up in parallel. He did apply his obvious skill & experience lớn good use. For one, the diameter of the filler metal rods he used were just about the right size to lớn fit in the Shucko Schuko socket. And the gap between the two turned out lớn be the right distance too, thus creating a sort of Schucko Schuko plug. All that was needed lớn power up all the chargers was lớn connect a socket extension lớn the FestivalCharger. The unit was built to lớn allow crowds of festival-goers to charge their phones và battery-powered gadgets simultaneously. To make sure the visitors didn’t get electrocuted, he used a piece of PVC pipe lớn cover up the exposed pins and keep it all safe.