Hacking

Handy Devices Revolution: Handy Pentesting and Hacking Part III

And now is the time for the third article of the Handy Devices Revolution series! In the second article we talked about Arduino and Power Pwn; this time we will talk about a microcontroller from Texas Instruments, minicomputers, developmental boards, and simple boards that can be converted into a penetration testing device and for practicing your hardware hacking skills. So grab a mug of coffee and enjoy this third write-up.

MSP-EXP430G2 - MSP430 LaunchPad Value Line Development Tool

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

The MSP-EXP430G2 LaunchPad is a low-cost flash programmer and debugging tool from Texas Instruments wherein you can drop any 14- or 20-pin DIP MSP430 Value Line device and start coding your applications. You can download the free compilers and debuggers for flashing this board, namely Code Composer Studio and IAR Embedded Workbench Kickstart, from their official website. Both of these tools will install the necessary drivers for LaunchPad. The board itself has a built-in flash emulation for debugging and programming, 2xUser LEDs, power LED, user button, reset button, and a 10-pin header for external circuit connection.

All in all, the package that ships with the box includes:

Launchpad Value Line development tool (MSP-EXP430G2)
MSP430G2452IN20 - 8kB Flash, 256B RAM, 16GPIO, 1x 16-bit timer, WDT, BOR, 1xUSI(12C/SPI), 8ch 10-bit ADC, 8ch Comparator, Capacitive Touch I/O Module
MSP430G2553IN20 - 16kB Flash, 512 RAM, 16 GPIO, 2x 16-bit timers, WDT, BOR, 1x USCI (12C/SPI/UART), 8ch 10-bit ADC, 8ch Comparator, Capacitive Touch I/O Module
Mini USB Cable
Quick Start Guide
10-pin PCB connectors - 2 male headers (populated) and 2 female headers
Micro Crystal 32.768 kHz Oscillator.

This microcontroller includes a pre-programmed MSP430G2553 device. That's why, when you plug this LaunchPad into your computer or laptop via the USB cable, a demo application can be activated or toggled by pressing the P1.3 button, which will start the temperature measurement mode. The varying brightness of the red and green LED lights will be your guide to the hotness and coldness of the temperature. Cool!!!

Other geeks are also addicted to building their own Launchpad-powered robot too, as explained by Texas Instruments developers, so you might want to join other LaunchPadders all over the world. How about building your very own surveillance robot? Well, the choice is yours!

This micro-controller costs $4.38 and includes free shipping if you order it online from their official e-store, which ships in about 48 to 72 hours.

Cotton Candy

An Android OS on a USB stick that plays on any HDMI or USB-equipped device? Sure, why not, because Android phones and tablet PCs are too mainstream. Meet Cotton Candy, which is a "low-power ARM architecture CPU based computer, using a dual-core 1.2 GHz Exynos 4210 (45nm ARM Cortex-A9 with 1MB L2 cache) SoC (System on a chip) by Samsung, featuring a quad-core 200 MHz ARM Mali-400 MP GPU OpenGL ES 2.0 capable 2D/3D graphics processing unit, an Audio and Video Decoder hardware engine, and TrustZone (Security Extensions) Cryptographic Engine and Security Accelerator (CESA) co-processor"
[from Wikipedia].

In other words, it is a single board minicomputer on a dongle. This product is brought to you by FXI Technologies, a Norway-based hardware and software company.

Cotton Candy is tested to run on the Android 4.0 (Ice Cream Sandwich) Operating System, the Ubuntu Desktop Linux operating systems, and the BackTrack 5 ARM Version … oooh, another handy penetration testing device waiting to be unleashed. No need to worry about wires because this device connects to the network via WiFi, interfaces with any USB or Bluetooth peripherals, and takes control of any USB or HDMI device.

Now let's get on with the device's summarized specifications:

WiFi 802.11 b/g/n
1 GB DRAM + Up to 64 GB local storage
USB 2.0 male connector
HDMI 1.3a
Bluetooth 2.1 + EDR
Quad-Core ARM ® Mali™ 400MP GPU
Dual core ARM ® Cortex ™ A9 1.2 GHz CPU

With the portability of this device, you don't need a backpack if you ever plan on conducting some penetration tests on your neighbor's house or apartment.

MK803

MK803 is a Mini PC (personal computer) that runs on Android 4.0 OS. It is powered by an ARM-based Amlogic SoC, which is a good choice for web surfing experience, gaming, programming and penetration testing by adding some arsenals and tools for analysis. It has an HDMI and USB port for you to plug into and then you can play with this minicomputer.

Specifications

OS: Android 4.04
CPU: Amlogic AML8726-M3 / Up to 1.5GHz Cortex-A9
Memory: 1GB DDR3
Storage: 4GB NAND Flash
Power supply: DC 5V/2A
Networking: Wireless 802.11b/g
External storage: MicroSD 2-32GB
USB: USB 2.0
HDMI: 576i / 720p / 1080i / 1080p
Audio: AAC, AAC+, eAAC+, AMR-NB, AMR-WB, QCP, MP3, WMA, WAV, MIDI, M4A
Video: WMV, ASF, MP4, 3GP, 3G2M4V, AVI, MJPEG, RV1O, DivX, VC-1, MPEG-2, MPEG-4, H.263, H.264, 1280 * 720p HD 30 FPS, 1080P/720 * 480 D1 30 FPS
Picture: JPG, JPEG, BMP, GIF, PNG
3D graphics: OpenGL ES 1.1/2.0, OpenVG 1.1
Language: Full language support of Android
File system: FAT32 / NTFS
Size: 12mm x 34mm x 56mm

MK802

MK802 is another mini-PC that runs on Android 4.0 OS. It is powered with an Allwinner A10 1.0GHz Cortex-A8 + 500Hz GPU and is somewhat similar to the idea of MK802. This device can just be plugged directly into a HDMI input to unleash your casual desktop experience. If you are a geek, then you can start hacking this device, too, because it has support for booting up with Linux. You can also use your smartphone to interact and control this device by using the DroidMote remote control Android app and by installing the said app on your MK802 device.

Specifications:

Model Number: AK-212MiniPC
CPU: Allwinner A10 1.0GHz Cortex-A8 + 500Hz GPU
GPU:2D / 3D / OpenGL ES2.0 (AMD Z430) / OpenVG1.1 (AMD Z160) @ 27M Tri/s
Operating System: Android 4.0
DDR RAM: 512MB / 1GB DDR3 (actual available memory is slightly less due to reserved memory)
Nand Flash: 4GB (1GB used by system)
Network: Wireless 802.11b/g, WAPI (Ralink8188)
Storage: External storage via USB and microSD
Language: Both Chinese and English packaging versions have the full Android language list when setting up, including English
USB Interface: USB 2.0 host x 2, USB storage device
Video formats and decoders: MKV, TS, TP, M2TS, RM, RMVB, BD-ISO, AVI, VOB, DAT, ASF, TRP, FLV, WMV, ASF, MP4, 3GP, MPEG 1/2/4, H.264, H.263, VC-1, DivX, Xvid, MJPEG, RV10
Audio formats: AAC, AAC+, eAAC+, AMR-NB, AMR-WB, QCP, MP3, WMA, WAV, MIDI, M4A
Interfaces: HDMI1, USB-HOST, USB OTG (plugging external devices into the MK802), microSD
Image formats: JPG, BMP, GIF, TIFF, PNG
Subtitle formats: SRT, SUB, IDX, SSA, SMI
Power adapter: External adapter 5V/2A output, 110-240V input, two-wire US plug
Dimensions: 88.5 x 35 x 13.4 mm
Weight: 300 grams with accessories
Package contents: Both the Chinese and English version packages come with a MK802 device, a charger, an HDMI cable, a USB cable and a USB adapter.

Mini XplusTV Box H24

Mini XplusTV Box H24 is a mini-PC suited to be a media player that runs on Android 4.0 OS and is powered with Allwinner A10. It has an external wireless antenna which is ideal for wireless media streaming and internet access. (Hmmm … how about for wardriving? Hehe.) This device also has support for Linux and comes with a remote control for interaction.

Specifications:

Chipset: Allwinner A10
Operating system: Android 4.0
Memory: 512MB DDR RAM / 1GB DDR RAM
Storage: 4GB Nand Flash (some used by system and Android)
Networking: Wi-Fi 802.11b/g/n with external antenna
External storage: USB host / microSD
Language: Vast range of languages supported in Android
USB interface: 2 x USB 2.0 host, USB Storage up to 8GB
Operating temperature: 5℃ to 35℃
Video playback: Decodes Mpeg1/2/4, H.264, VC-1, DivX, Xvid, RM8/9/10, VP6 Formats: MKV, TS, TP, M2TS, RM/RMVB, BD-ISO, AVI, MPG, VOB, DAT, ASF, TRP, FLV plus more
Video Output: 1080p, 720p, 576p, 480p
Image formats: JPG, BMP, GIF, TIFF, PNG and more
Subtitle formats: SRT, SUB, IDX, SSA, SMI and more
Audio formats: MP3, ACC, OGG, WMA, WAV, M4A, APE and more
Power Adapter : External adapter, 5V1A, 2 pin US or Europlug
Dimensions: 60mm x 60mm x 13mm
Accessories: HDMI cable, user manual, remote control (batteries not included)

Hackberry A10 Dev Board

(Images courtesy of geek.com)

Hackberry A10 Dev Board is an open ARM development board that has attracted a lot of geeks today because it is a hackable hardware kit, powered by the popular Allwinner A10 SOC combining an ARM Cortex A8 CPU and Mali400 GPU. This device comes with Android 4.0 Ice Cream Sandwich but can be raped with Linux too.

Specifications:

CPU: 1.2 GHz Allwinner A10 ARM Cortexes A8
GPU: Mali400 with hardware 3D acceleration and hardware video decoding
Serial port: 3.3v TTL 4-pin header
Audio input: 3.5mm microphone jack
Audio output: Audio over HDMI
USB: 2 x USB A 2.0 ports
Internal storage: 4GB NAND storage, 1.5GB available in user partition in Android
External storage: SDHC card slot supporting up to 32GB
Networking: 10/100 Ethernet, Realtek 802.11n WiFi
Memory: DDR3 512MB / 1GB, ~100MB is reserved for the GPU
Boot: Boot from SD card and internal storage via u-boot
OS: Android 4.0 ICS, Linux support
Digital video output: HDMI up to 1080p (cable not included)
Analog video output: 3.5mm composite AV, 3.5mm component Y/Pb/Pr (cables not included)
Power: NEMA 2-pin power adapter included Input AC100-240V-0.4A 50/60Hz Output DC5v

This development board can be bought for $65.00 USD.

Cubieboard

Cubieboard is a low-cost, high-performance open ARM box that is also a hackable board and can be booted with Android, Ubuntu, and other Linux distributions. With the 96-pin expansion headers on the board, you can do a lot of things as far as your hacker imagination can take you, just as you can with other hackable development boards out there.

Specifications:

1G ARM cortex-A8 processor, NEON, VFPv3, 256KB L2 cache
Mali400, OpenGL ES GPU
1GB DDR3 @480MHz
HDMI 1080p Output
10/100M Ethernet
4GB Nand Flash
2 USB Host, 1 micro SD slot, 1 SATA, 1 ir
96 extend pin including I2C, SPI, RGB/LVDS, CSI/TS, FM-IN, ADC, CVBS, VGA, SPDIF-OUT, R-TP, etc.

This board costs $49 USD.

Conclusion

For this third article, we have talked mostly of the specifications of mini-computers or PCs that run on Android 4.0 and have support for various Linux ARM distributions. Some of these boxes are open and stripped which allows geeks to hack into the board in the same way that you dig into your Arduino board. The reason why I wrote the specifications of the boards that run on Android by default is to let you guys choose what device is ideal for your handy penetration testing and casual web surfing experience.

So what are the things you can install on the boards that run on Android? A lot! You can install dSploit, which is one of the coolest free Android penetration suites, terminal emulators, vulnerability assessment tools, and compilers. I know you guys are innovative thinkers, so I leave the rest to you. There will be a fourth article that will be posted soon and will tackle other boards and boxes so be sure to keep on coming back here to Infosec Institute.

References:

http://gerthyjo.blogspot.com/2012/10/msp-exp430g2-msp430-launchpad-value.html

https://estore.ti.com/MSP-EXP430G2-MSP430-LaunchPad-Value-Line-Development-kit-P2031.aspx

http://www.fxitech.com/cotton-candy/what-is-it/

http://en.wikipedia.org/wiki/Cotton_Candy_(single-board_computer)

https://www.miniand.com/

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

http://www.indiegogo.com/cubieboard?c=home

Handy Devices Revolution: Handy Pentesting and Hacking Part III

Get certified and advance your career