Flux (and even pre-cleaning) is your friend for soldering. A little isopropyl alcohol and a Q-tip is useful for cleaning up flux residue, even if you didn't use flux (because there is flux in the solder core), since it can produce unwanted resistive paths later. A resistor (say, 1K+/-) attached across your meter probes (say, with clip leads) can help to identify the RX pin, since the current through 1K to ground won't significantly effect the power pin voltage, but will move the RX pin significantly (maybe even almost to ground). I'm happy that I have an oscilloscope since I can look for a serial signal during boot even before I have soldered anything. But scopes aren't free (though the ones built in to some of the fancier meters are more than adequate for this purpose. Nice exposition.
Use of button size neodymium magnet can hold the pin header while you solder the one end of the pins. I enjoyed watching this video and I was able to look at the WD-Streaming box that I have laying around for a while and I was unable to login to gain root access because of password, but I will do a little research to see if others have been able to guess what the password is.
..this is more advanced than a normal windows user...only had experience working with UART on arduinos.. interesting!...got to learn these Linux commands..if the geeks are united they will never be divided..!
Can we see a video where you don't have access to root shell directly through UART, and how you work around that to get shell access, especially in the case of U-Boot?
@@Beterr me too hoping he come through. I'm not doubting his technical ability but rather his values. Besides, I haven't played this game in a few years since windows11 and the prolific driver B.S. That was my FAV tty and worked everytime, 60 percent of the time. Now I have ftdi chips all over and it's simply not the same.
Electrolytic capacitors have ground marked on them, and there are a few on this board, which connect to a large ground plane. Something like that is a good starting point, as well as the shields on connectors like USB and ethernet.. If you know the barrel-jack is center-positive then the solder point at the rear of the barrel-jack is positive, since the center pin is crimped to it, so use the side solder joint first.
@@mattbrwn You can also focus your search for something connected to ground from the solder pads around a "complex" of chips, where an EMI shield would be placed (two on the bottom of this thing - at 3:21 the fingers on your left hand are covering the bottom-left corner of one) and as well, if the board has large swathes where the copper hadn't been etched away (lighter green) that is usually grounded as well. That's both convenient for manufacturing, but can help shield from EMI.
I recently started with hardware hacking so this type of experience sharing helps me a lot. Explanation was very clean, analyse of the chip could have been a little zoomed in. Would love to see your setup with some explanation of what you use it for. Looking foreword for more content, keep it up mate. 💪🏻
Very nice video. I thought your process description was very good and very relatable. Keep it up, information like this is great to get out to help beginners!
This was a lot of fun. Subscribed. There are numerous devices like multi-meters and stud finders that have coms built in that I'd like to explore. Thanks for bringing us along.
Loved the video! I would like to see more of this style video but next time show could you show us what happens when things go wrong and what tricks you've learned to deal with it?
"Blue-tac" or whatever brand of sticky poster putty you get locally. Take a blob of it and stuff it onto the pin headers, it will stick well enough for soldering and doesn't melt (much) onto the pins! Shouldn't be an issue.
goodwill and other thrift stores are the best for finding fun stuff like that to hack on :) and then if you brick it you aren't stressed since you aren't out much money.
Bluetack to hold header and flux to clean the pads, I usually dip the header into flux liberally, push thru and be enough to do the pads that way neatly. But can never have too much flux. But the main tip in soldering would be, well-tinned iron to start with and lots of flux. What you need is a pogo clamp, alas most you can get short and will also need vertical and horizontally lined pogo pins. But worth hacking something together as I don't know about you, soldering shows why I'm not a brain surgeon 😁
Hey @Matt Brown, a nice educational video as always. Just happened to ask, what's the windows manager you are using at the host machine. And also the bar at bottom? It's nice that you have a notification indicator as well. :)
Thanks! I use the i3 window manager running on Arch Linux. wiki.archlinux.org/title/I3 The bar is just the default i3status bar, but there are lot of cooler replacements for that. I just like to keep it simple. wiki.archlinux.org/title/I3#i3status
Just curious in the pin pitch you have there is 0.1" (2.54mm) or 2.00mm. I found a board in my basement and the pin pitch is 2.00mm, so i had to get that size pin headers and associated dupont wires.
I'm actually just learning JTAG myself but that's a great idea to do a basic video about what I've explored. We are all on a learning journey. it never ends!
I find a lot of "hacking" videos are a bit like: Q: "Wow, you managed to steal all their jewelery, how did you do that?" A: "Well, while I was in there living room I found their door key and cloned it. So I could let myself in later and steal." It's like.... oh.... ah..... not exactly a hack then. While is very, very interesting from the point of view of "hacking" a device that doesn't want to you to mess with it's hardware etc... but as to "hacking" a user it's irellevant. Which I'm sure it was intended to be. I mean, if you want a root shell on that rooter, just hard reset it and flash your own firmware to it. 5 minutes, done.
This is something I get asked a lot at work. You are correct that this is not a "hack" or an "exploit" of a vulnerability unless physical access is in scope. The main thing I use UART or other physical access methods for is to search for those vulnerability in a given device that can be exploited over the network. UART gives me access to the firmware which aids in my research process. UART access isn't a vulnerability in itself, its a stepping stone to further analysis.
The UART-USB adapter linked in the description is a 5V variant, in Amazon there ist also a 3.3V variante. I read UART works with 3.3V, can you explain this?
I just got the video and you are awesome. I have two quistions 1-since i got control, Can in clone the firmware ? 2- how to login in case there's a password?
man you using dwm or i3... ?? interesting.. to see people using those for development.. i tried but lot of issues.. then moved to ubuntu (i mean i got issue with gazebo and other simulations) anyway.. i am loving this.. you get new sub bro.
Not a perfect method, but a piece of tape will hold pin headers to the board long enough for you to solder. Blu tac may also work, though it'll probably flex too much before it melts. If using pliers insulate the tips (thermally) so they don't act as a giant heatsink. Vinyl tape will work.
I think I may have fried my board, I touched two pins with my multimeter while the thing was powered on and suddenly all the lights went out on the board😬
Explain what you saw in the boot log in a bit more detail so people know what sorts of things to expect and research further. Some of the stuff is unexpected and not obvious. Find a router that you can load OpenWRT into. Something that is well supported, not a nightmare low memory unit.
Thank you for a great video! Nevertheless, I will NOT patronize Goodwill in any fashion since they announced they were 'woke'...Friends don't let friends do those things...
@@mattbrwn I haven't heard anything like that from Goodwill. So, they sometimes get my business. Don't pay my previous statement any mind, I was just complaining in the middle of the night. I probably should delete it...
Its kind of disgusting, you picking things up at good will to break them apart on the cheap. Goodwill exists to serve the needy, not your hardware hobby.
Flux (and even pre-cleaning) is your friend for soldering. A little isopropyl alcohol and a Q-tip is useful for cleaning up flux residue, even if you didn't use flux (because there is flux in the solder core), since it can produce unwanted resistive paths later.
A resistor (say, 1K+/-) attached across your meter probes (say, with clip leads) can help to identify the RX pin, since the current through 1K to ground won't significantly effect the power pin voltage, but will move the RX pin significantly (maybe even almost to ground).
I'm happy that I have an oscilloscope since I can look for a serial signal during boot even before I have soldered anything. But scopes aren't free (though the ones built in to some of the fancier meters are more than adequate for this purpose.
Nice exposition.
Use of button size neodymium magnet can hold the pin header while you solder the one end of the pins. I enjoyed watching this video and I was able to look at the WD-Streaming box that I have laying around for a while and I was unable to login to gain root access because of password, but I will do a little research to see if others have been able to guess what the password is.
..this is more advanced than a normal windows user...only had experience working with UART on arduinos.. interesting!...got to learn these Linux commands..if the geeks are united they will never be divided..!
Can we see a video where you don't have access to root shell directly through UART, and how you work around that to get shell access, especially in the case of U-Boot?
awesome idea. I'll look into finding a device with a uboot bootloader so I can demo this! great feedback!
@@mattbrwn Definitely subscribed! Glad you came up on my recommended
@@Beterr me too hoping he come through. I'm not doubting his technical ability but rather his values. Besides, I haven't played this game in a few years since windows11 and the prolific driver B.S. That was my FAV tty and worked everytime, 60 percent of the time. Now I have ftdi chips all over and it's simply not the same.
Electrolytic capacitors have ground marked on them, and there are a few on this board, which connect to a large ground plane.
Something like that is a good starting point, as well as the shields on connectors like USB and ethernet..
If you know the barrel-jack is center-positive then the solder point at the rear of the barrel-jack is positive, since the center pin is crimped to it, so use the side solder joint first.
awesome! this is super helpful stuff :D
@@mattbrwn You can also focus your search for something connected to ground from the solder pads around a "complex" of chips, where an EMI shield would be placed (two on the bottom of this thing - at 3:21 the fingers on your left hand are covering the bottom-left corner of one) and as well, if the board has large swathes where the copper hadn't been etched away (lighter green) that is usually grounded as well. That's both convenient for manufacturing, but can help shield from EMI.
I recently started with hardware hacking so this type of experience sharing helps me a lot. Explanation was very clean, analyse of the chip could have been a little zoomed in. Would love to see your setup with some explanation of what you use it for. Looking foreword for more content, keep it up mate. 💪🏻
thanks for the feedback! yeah I really need to get a better overhead camera setup.
Very nice video. I thought your process description was very good and very relatable. Keep it up, information like this is great to get out to help beginners!
This was a lot of fun. Subscribed. There are numerous devices like multi-meters and stud finders that have coms built in that I'd like to explore. Thanks for bringing us along.
really appreciate it! there are so many devices out there that make good hardware hacking projects!
Loved the video! I would like to see more of this style video but next time show could you show us what happens when things go wrong and what tricks you've learned to deal with it?
"Blue-tac" or whatever brand of sticky poster putty you get locally. Take a blob of it and stuff it onto the pin headers, it will stick well enough for soldering and doesn't melt (much) onto the pins! Shouldn't be an issue.
well done, thanks. I just had the same experience with a Grandstream modem. It just booted right into a shell.
Great video, and I appreciate your explanation of the pin outs. Need to go to my local Goodwill for some learning on my own! Thanks for posting!
goodwill and other thrift stores are the best for finding fun stuff like that to hack on :) and then if you brick it you aren't stressed since you aren't out much money.
Great video man! Would like to see more content!
I love doing this too dude. So much fun
thank you straight to the point
Hello, just found your channel and find it interesting.
Do you use software to do this or are you simply using terminal in linux?
Bluetack to hold header and flux to clean the pads, I usually dip the header into flux liberally, push thru and be enough to do the pads that way neatly. But can never have too much flux. But the main tip in soldering would be, well-tinned iron to start with and lots of flux.
What you need is a pogo clamp, alas most you can get short and will also need vertical and horizontally lined pogo pins. But worth hacking something together as I don't know about you, soldering shows why I'm not a brain surgeon 😁
Electrolytic capacitors are in practice always polarized, so the pin on the side of the capacitor can with stripes are always ground.
Very interesting, thanks for your video
More videos like this please!!
Hey @Matt Brown, a nice educational video as always. Just happened to ask, what's the windows manager you are using at the host machine. And also the bar at bottom? It's nice that you have a notification indicator as well. :)
Thanks! I use the i3 window manager running on Arch Linux. wiki.archlinux.org/title/I3
The bar is just the default i3status bar, but there are lot of cooler replacements for that. I just like to keep it simple. wiki.archlinux.org/title/I3#i3status
@@mattbrwn thanks mate. Good to see a great arch setup.
I'm a polybar man and need to find a nice indicator like that.
Nice tutorial Bro. Hope more contents are coming. 👌
I'd love a course on hardware hacking. I have not been able to find one on coursera or the others
Just curious in the pin pitch you have there is 0.1" (2.54mm) or 2.00mm. I found a board in my basement and the pin pitch is 2.00mm, so i had to get that size pin headers and associated dupont wires.
Thank you for your video. Any chance you make one for JTAG?
I'm actually just learning JTAG myself but that's a great idea to do a basic video about what I've explored. We are all on a learning journey. it never ends!
Hi. Check this channel. Make me hack on TH-cam.
yes it works brother ! many thanks
I find a lot of "hacking" videos are a bit like:
Q: "Wow, you managed to steal all their jewelery, how did you do that?"
A: "Well, while I was in there living room I found their door key and cloned it. So I could let myself in later and steal."
It's like.... oh.... ah..... not exactly a hack then.
While is very, very interesting from the point of view of "hacking" a device that doesn't want to you to mess with it's hardware etc... but as to "hacking" a user it's irellevant. Which I'm sure it was intended to be.
I mean, if you want a root shell on that rooter, just hard reset it and flash your own firmware to it. 5 minutes, done.
This is something I get asked a lot at work. You are correct that this is not a "hack" or an "exploit" of a vulnerability unless physical access is in scope.
The main thing I use UART or other physical access methods for is to search for those vulnerability in a given device that can be exploited over the network. UART gives me access to the firmware which aids in my research process. UART access isn't a vulnerability in itself, its a stepping stone to further analysis.
@@mattbrwn I suppose. You can make a catalog of modules and libs and go collect a list of exploits to see if any are juicy.
The UART-USB adapter linked in the description is a 5V variant, in Amazon there ist also a 3.3V variante. I read UART works with 3.3V, can you explain this?
I just got the video and you are awesome. I have two quistions
1-since i got control, Can in clone the firmware ?
2- how to login in case there's a password?
tudo bem matt bom video jovem : como voce fez para parar o kernel qual tecla voce apertou para parar o u-boot ? para obter o sistema de arquivos ?
I just hit enter right at boot time to stop uboot. However, if uboot is locked this will not work.
What are the extra two pins on the USB to UART cable?
man you using dwm or i3... ?? interesting.. to see people using those for development.. i tried but lot of issues.. then moved to ubuntu (i mean i got issue with gazebo and other simulations)
anyway..
i am loving this.. you get new sub bro.
Loved it! Now what can we do with it?
i would love a follow up video of what we can do now that we are in
Not a perfect method, but a piece of tape will hold pin headers to the board long enough for you to solder.
Blu tac may also work, though it'll probably flex too much before it melts.
If using pliers insulate the tips (thermally) so they don't act as a giant heatsink. Vinyl tape will work.
Thank you for the video! Do you know any trick kind of this, how to find eMMC NAND Flash pinout to read a dump without BGA removal???
can I use an arduino for usb to uart, or can I make it myself?
Can we use the Shell to troubleshoot the board?
yes you can!
Pretty cool for a beginner like me
Can I solder dupont wire directly to the UART pads?
I suppose you could do that. Note the pin pitch. Most pin headers are 0.1"(2.54mm), and a board I'm looking at connecting up has 2.00mm pin pitch.
Great video thank you
I think I may have fried my board, I touched two pins with my multimeter while the thing was powered on and suddenly all the lights went out on the board😬
Liked the video but your microphone was peaking a lot, just something to keep in mind for future videos
thanks for this! I've turned my mic down in OBS for my next videos coming soon. hopefully that makes things better.
Please keep making videos
good hack, good job man
Awesome vid
Thanks it helped me install it
It’s continuity mode not connectivity mode.
liked it bro
Worked, thx
Thanks
Please make videos on smart lock firmware hacking
god bless ur heart
The metal case of SMD crystals is usually connected to ground so that's my favorite place to start checking for ground connections
Explain what you saw in the boot log in a bit more detail so people know what sorts of things to expect and research further. Some of the stuff is unexpected and not obvious.
Find a router that you can load OpenWRT into. Something that is well supported, not a nightmare low memory unit.
Mlk, se pá que o canal foi hackeado
Thank you for a great video! Nevertheless, I will NOT patronize Goodwill in any fashion since they announced they were 'woke'...Friends don't let friends do those things...
I feel you on that. Any thrift stores that haven't gone woke?
@@mattbrwn I haven't heard anything like that from Goodwill. So, they sometimes get my business. Don't pay my previous statement any mind, I was just complaining in the middle of the night. I probably should delete it...
Someone needs to learn the difference between the English words bare and bear!
Its kind of disgusting, you picking things up at good will to break them apart on the cheap.
Goodwill exists to serve the needy, not your hardware hobby.
😂😂😂