hey i need help i have a pastebin on my account but i fregot the pin to it is their a way i can brute force my way into a pin the code i have to brute force my way is is broken so can you help me it has some passwords and usernames of mine but i want to brute force my way is so i can download then and delete the pastebin
So at work we have an intercom system we never use, one day a few months ago it starts making noises suddenly and intermittently as if like possessed. We walk around the rooms but no one is using it, then one of my coworkers points out that it’s probably picking up interference from a baby monitor. That was kind of more freaky to me, i dont think people using baby monitors would like that people at the public library can hear through the other end. Now forever freaked out by baby monitors.
Back in the day you used to be able to get interference when using a home land line. You could hear other conversations faintly in the background, creepy af
I'd be careful connecting the 5V Arduino UNO TX pin to connect to a 3.3V serial interface. Some devices can tolerate 5V on their input (at least for a short while) but others may break. Use a level shifter if in doubt.
@@NoorquackerInd Yeah, completely absurd suggestions which may lead to a dead RPI/Arduino ... including the "test candidate". Like there are no such things like the generic Ali-Express 1$ USB to USART bridge (Or $3 ... on Amazon) with actually matching logic levels, which do NOT introduce additional 10 points of uncertainties, a rabbit-hole of other complexity and pre-programmed frustration. Yeah, why not use a 10 or 50 times more expensive device for the problem. Even the hobbyist needs such an USB to Serial adapter. Sooner or later. Very smart!:)
First off, congrats on the baby! I'm super excited to see the rest of this series. Low level stuff like this has always been fascinating to me, but I've never made the jump to learn it.
What's the point of locking that down tho? You need to spend engineering time to make the device exactly the same for most of your customers and annoying for a tiny fraction. The only "real" reasons I've seen is some false sense of security, desperate attempts at protecting Imaginary Property or misguided regulations. Full verified boot would be way too complex for any such use case. (and if it's really needed, please let the actual owner control it!)
I wish I had seen this before having to guess how to do it myself using an Arduino to diagnose a lab scale. I was on windows using the Arduino software to view the serial communications, so I didn't wire the reset as you did. But this is a lot more elegant for troubleshooting serial data than all of that.
Love this, I remember the first time I found out about the UART solder trick with a old WiFi router I had. When I pulled it off with Raspberry PI, some jumpers, and a half decent solder job I felt so much like a hacker. Please keep up the great content.
If you can’t get it to work: In the Arduino IDE, put Serial.begin( * baud rate * ) to get communication, and press the upload button. Most importantly, if the ATMega chip is stuck in reset mode you HAVE to put tx to tx and Rx to rx, because the serial converter switches it around for unknown reasons.
I really appreciate that you go for accessibility and approachability with these videos. I’m going into computer engineering and hoping to focus on low-level stuff like this, so the fact that this content is so readily available makes that a lot easier. Thank you man
2:53 it's not 3.3v because it's outputting stuff, but because a "logic 0" on UART is "high level". The signal gets inverted (and amplified) with a RS232 transceiver.
Crazy that you put out such videos with such high quality. I like a lot that you show the whole process of you looking at it for the first time. Keep it up. P.S. If you would start a patreon where you put out exclusive content or videos I would definetly like to support you and the channel.
Did you try typing "sh" in that shell? My router has a similar command prompt (telnet is open for some reason) and typing sh on there just gave me a root shell
There are loads of 920mhz ISM analogue FM baby monitors where I live and it's possible to listen to with a $40 SDR. it's pretty impressive that people don't know they are bugging their own homes.
Not just in Xorg - Wayland has it too, and Shift+Insert will often do the same thing. Linux has 2 clipboards (technically 3 but the third is basically never used. (technically technically IIRC it's possible to define arbitrary additional clipboards but these are the standardized ones). The one you're talking about is called 'PRIMARY'. It holds whatever ASCII text is currently selected, which then be pasted using the middle mouse button as you said (and as I said, some programs additionally support pressing Shift+Insert to do the same). It's rather finicky though and can only hold text. What you think of as the normal clipboard is just called 'CLIPBOARD'. It can hold various mime types, and is only interacted with via explicit commands (e.g. C-c and C-v. Also can obviously be interacted with via the command line and whatnot).
@@MH_VOID super handy but confusing when coming from Windows. Middle click activates the scroll thingey I use a lot and whenever I try to scroll in Linux it just pastes stuff and I get confused for a sec.
@@crashniels I actually start scrolling every time I have to use windows and want to paste something lol Still, Linux ~drivers for ThinkPad red dot | track point have figured out the best way: when you click the middle button and move the cursor, it scrolls and if you don't move it, it will issue the MMB event (i.e. paste). Regular mouse could act similarly
@@MH_VOID Yeah, I know that's not Xorg-exclusive I try to keep top posts simple so they are straightforward and not overwhelming. Unless absolutely necessary to tell from the get go, details work better in the replies. Especially when someone gets curious or asks for clarification. Afaik, major compositors implement it since it is a highly demanded feature, even though it kinda goes against core Wayland principles (security|isolation - programs cannot spy on each other by default). I guess sooner or later we will get something like a 'selection portal' to control clipboard access permissions and that will be the new standard /s Oh, and I love Shift+Ins! Together with Ctrl+Ins (~ C-c) and Shift+Del (~ C-x) they are an amazing alternative that works almost everywhere - even on Windows! In my experience though, basically all programs paste from CLIPBOARD when you hit Shift+Ins. I'd actually love to have one more key combo for pasting from PRIMARY, but to where the cursor is and not where the mouse points. (Maybe Alt+Ins would be good?) Btw, never put a dot in Xorg on YT - YT will eat your comment. (Good thing I now always copy what I post. Bad that YT does it silently and often for even sillier reasons)
@@mskiptr > I try to keep top posts simple so they are straightforward and not overwhelming. Unless absolutely necessary to tell from the get go, details work better in the replies. Especially when someone gets curious or asks for clarification. I personally disagree with this (I think a longer top-level comment draws more (engagement-prone) eyes), but have no research backing this up. > Yeah, I know that's not Xorg-exclusive Why not 's/in Xorg/in Linux/' then, though? > even though it kinda goes against core Wayland principles (security|isolation - programs cannot spy on each other by default) I'd say it's less against those core Wayland principles because the application is responsible for sending the content when requested (which is really annoying when that app is closed (or crashes - unstable patched master-branch-tracking binaries FTW) when I still want to yank the text later. Yeah, I really need to find and setup a decent Wayland clipboard manager already), and so can just... choose not to? > Oh, and I love Shift+Ins! Together with Ctrl+Ins (~ C-c) and Shift+Del (~ C-x) they are an amazing alternative that works almost everywhere - even on Windows! Oh I'm not familiar with those. I'm one of today's lucky 10000 I guess. > I guess sooner or later we will get something like a 'selection portal' to control clipboard access permissions and that will be the new standard /s That'd be something > In my experience though, basically all programs paste from CLIPBOARD when you hit Shift+Ins Perhaps. I don't really use many programs myself. My terminal (WezTerm) seems to do whatever was the most recently changed, now that I test it. > I'd actually love to have one more key combo for pasting from PRIMARY, but to where the cursor is and not where the mouse points. (Maybe Alt+Ins would be good?) Huh what do you mean by this exactly? Perhaps I'm too tired right now but I don't see the difference > Btw, never put a dot in Xorg on YT - YT will eat your comment. Gotta love YT - eat high quality comments, but leave up all those sex bots > (Good thing I now always copy what I post. Bad that YT does it silently and often for even sillier reasons) I've been burned by that too much. Now I just compose any longer comment I care about in my terminal and copy it over. Has the benefit of not having to deal with the horrible text editing capabilities of YT's comment writer, too.
UART TX being high doesn‘t mean it’s transmitting. The high voltage is the idle state for uart on the bus. But it is an indicator that it may not be disabled.
Man every time you are blowing my mind, couple years ago I've seen two guys did the same trick using uart to root to a linux shell on TP-LINK router, and I've done it my self it's super exciting, but never seen RTOS kinda shell before, thanx man for the brilliant content you are making, cant wait for the next upload; Also Are you really married?? !!
Late to the party but there's a few notes that are worthwhile: - The microcontroller on this device is more likely 3.3V I/O, the USB TTL converter chip on the Arduino will be speaking 5V. This makes hooking the Arduino serial lines up directly rather risky as you could actively damage the micro's I/O drivers. A USB-Serial adapter with configurable 5V/3.3V is cheaper and easier to use than an Arduino and should be in pretty much everyone's debugging kit. - DP/DM is extremely likely to be USB D+/D-, I would bet on this chip having DFU capabilities over USB, so this should be a route into the chip's bootloader. Connecting these lines to a PC will tell you a lot about the device. - The reason these pins are exposed on pretty much any consumer device is that it's how the device is programmed in factory, so SWD/JTAG/USB will pretty much always be left available (even if you have to rummage around a bit to find them). Even devices supporting DFU over wireless will usually have SWD/JTAG left for initial firmware flashing.
On one hand, I'm sure you are going to find something vulnerable; on the other hand, it would be nice to see if they managed to do mitigate the risk enough for their treat model
Hands down the one video of yours that's been hardest for me to follow, I just suck at embedded too much. With software, typically I can at least understand the purpose of a complex operation even if not entirely its workflow, here I'm just lost from the get-go. As embarrassing as it sounds, truth of the matter is, I just never learned about electricity. And without that, it's naturally hard to get anywhere beyond.
Lucky bastard. Arduino is 5V TTL and this device is 3.3V. You need a logic level converter otherwise you can break the chip in the device. Fortunately it looks like it worked (maybe because of breadboard cables resistance and chip not being susceptible) But one day you're not gonna be happy when the magic smoke comes out.
You are absolutely right with your concerns, but: RTFM! Resistor RN4a and RN4b (both 1k in serial to the ATMEGA8U2-MU USB to Serial Bridge, see Arduino Uno Reference Design) have saved Low Level Learnings precious cheeks:) LLL: ... just use the right tool for the job ... next time, or?:)
This was a lot of fun to watch m8! You did a lot of "basic" stuff lately, cool to see you dive deep into a much more advanced topic and share your more advanced knowledge with us, really appreciate it!
That uses SoftSerial, which is usually 'good enough' for simple communication but doesn't work for higher speeds as the Arduino can't keep up. You use SoftSerial when you've chosen to use the wrong type of Arduino (one with only 1 UART) while for a project you need 2 UARTs, it's always a compromise. Here it would be much easier (and better) to just use a CP1202/CH340 USB UART with 3.3V logic levels. He's now using a 5V Arduino on a 3.3V device. This can damage both the Arduino and the baby monitor, only reason it didn't happen here is because there's a 2K resistor in series on the UART on the Arduino. Some cheaper Arduino clones might not have that. Basically this video shows how to use a much more expensive and not too suitable tool to do something that a $1 USB UART can do better...
@@someguy4915 Yes thats also an option but i mean just to disable the Pullup/Pulldown resistors on D0, D1 so the microcontroller just ignores all serial sent to it.
@@kabelloseskabel7029 I guess you could upload a program that sets D1 as an input, effectively disabling the TX from the Arduino and like you said putting it out of the way.
Wait, isn't the Arduino Tx/Rx on 5V? Wouldn't that be a risk to the device? Also, is it possible that tying RST to GND damage the arduino by constantly resetting it?
constantly tying rst to gnd is no problem if it would be people could kill their arduino by holding the reset button ofcourse its made idiot proof so noproblem
@@ΝίκοςΙστοσελίδα Good point, hadn't thought about that so I just tested it and surprisingly, the Arduino does keep pulling TX to 5VDC even whilst the Arduino is held in RESET. This can both damage the 3.3VDC device but also can corrupt messages over the UART so in both cases terrible advice to use an Arduino like this as a USB-UART.
it's super boring to be married with an expert, right? Look babe, I just bought this [whatever thing] Oh let me break down it so I can see what's inside 🤣
I think SONIX is referring to the camera DSP manufacturer. My company also uses SONIX products for our camera. All I can legally say is. I hate their firmware. You probably can find UAF or data race bugs within a few hours.
Hey great video - I actually have this same monitor, I was actually curious about what could be done with it - it has a limitation of only being able to have a single monitor connected to it, I’d wondered if there was a way to hack it to have two monitors connected to a single camera. Congrats on the baby, rip your free time.
The most interesting video I have seen in a long time. It reminded me of the microcomputers and embedded systems courses I took in university. Please make more.
I’d love to see it be secured to a reasonable degree but as with most tech security it will likely have some holes. Curiously I wonder if manufacturers like this patch bugs and holes in the 3rd party software & libraries they use.
I'd be curious what kind of access you could get purely over a network connection (as malicious actors would likely not have physical access to the device).
the enrichment center reminds that altough fun and learning are the main purpose of this video, serious crimes may occur during the enrichment activities. please for the fun and safety of others, refrain from commiting such things made in this video. -alternate universe in some place
Aren't UART pins usually high in idle state? In the first step when you measured the voltage on UART TX pin you said because it's 3v3 it's outputing data. I think the fact that it wasn't a stable 3v3 means there's some data on the line and if it was just 3v3 would mean there's no data on the line.
Took me some time to decide on getting the same baby monitor after an initial failed purchase. The other one we got had an app that wanted to see data across other apps for me to monitor my baby…no thanks! Hope this purchase stays a good solution!
Oh the connector... DP an DM should be the 2 USB date + and - lines. A UART will normally be high so that might be why you saw 3.3V. Just high. If data was being transmitted, I might expect a voltage between 0 and 3.3V and moving around some in voltage if the data being sent isn't too repetitive and too fast
Criminal: “I’ve hacked your baby monitor and I’m watching your baby” Parent: “Cool, in that case imma get some sleep then. Lmk if the little shit wakes up.”
The Arduino trick is awesome. I'm currently in need for a USB UART and I've been delaying my project, because I own a USB UART interface, but I have it at the bottom on some box :p But now I can use an Arduino which I have ready and just use it's builtin interface. Now it sounds obvious, but this idea didn't occur to me. Thanks for the tip!
yes for years i had Arduino and doing hardware stuff, even though i am just a soft. engg, I completely unaware about this.... really thanks for this... can use tx rx pin of raspberrypi to arudino to do the same 😅
@@vaisakh_km Never connect an Arduino Uno and Raspberry Pi's UARTs like shown in this video though, you risk destroying your Raspberry Pi and Arduino... Use a newer 3.3V Arduino ('Arduino DUE' for example) or use a logic level shifter in between to prevent damage...
Those Infant Optics ones pretty simple. Point to point with manually paired cameras (which is a bit wazoo, but we get to that later) and no connectivity. The open UART (or JTAG, SWD less so) is super common in those devices because they either dont care to close em, want it for debug, or they use it for some EOL manufacturing process. There is only one risk from having a reversible monitor for the user that I can think of off the cuff, it's gotta pair. Depending on where you live that may be a concern and it may not -- apartments/condos, maybe yeah, single family home - range isnt that great. That said, there's some hoops they'd need to jump through and that's where you should be looking. Is the pairing seed material when you push the button from the camera fairly unique? Does it broadcast its ID in some way that you could identify a camera you want to link a monitor to after the fact? If it's only during the initial handshake, cool, but how does it reconnect when it starts up? If the RF is in the clear (e.g. not just encoded or plain) you can patch in whatever auth material you want. What does that get you though? Cred online for showing it, but in reality, meh. People research baby monitors and safes and stuff for the emotional factor attached to it. Any malicious behavior where you have to be that close to the target is a really personal thing. I know it's a non-cool kid opinion, but patching a piece of firmware on a baby monitor to see inside a single room in your house would do...what exactly? Yeah, can see inside your house and that's a bit creepy, but if you live in an apartment, that person is your neighbor. Good bit of OSINT, RF analysis, and then firmware patching for your neighbor or someone that lives nearby to see in your kid's room? They know if you're home already. Live in a single family home? Not so much range wise. At that point any RF system unless you want to spend a bunch more for a legit security system (and even then they will have similar problems) isn't in the cards for you if you're concerned. BTW, the h264 is video encoding. Have fun!
i think sonix reffers to the main processor chip (big chip) on the board often baby monitors use sonix media chips and the chip has a sonix logo on it so its not only the board. Often the serial console mentions the processor and not the board manufacturer because you comminucate with the main processor and not the board
Hardware hacking is something I find really interresting, I would love to see more of this type of content. Also what would you do in case the debug/serial port has been locked/closed? Also, have you heard about power analysis sidechannel attacks? suck as what the chipwhisperer tool can do?
i think you could use ESP32/STM32 for this, Arduino UNO operates *5V* logic, which might damage the boards 3.3V logic. ESP32/STM32 have 3.3V logic and are much faster than UNO.
Dude! I’ve been futzing around with arduinos for over a decade and had no idea that you could boot loop loop it to use it as a ttl to usb. I’ve been using FT232RLs like a sucker
@@LowLevelTV totally. I think the algorithm started serving me your content when I was trying to recover the firmware on a ASPEED2500 BMC that decided to corrupt itself. Once I managed to reflash it with an absurd DOS-over-serial setup, I got curious about what was in the firmware and needed to TH-cam learn some binwalk to see what was going on. Totally was able to get a root shell and turn on a bunch of other fun things because the shadow file revealed they used a woefully insecure password. Fun stuff.
Bravo!!! Behind the iron sights doing the lords work you are inspirational Thanks to you I'm able to educate myself on things I desire to invent Your simple accessible approaches and absolutely crystal clear and eloquent communication skills Lastly the confidence to go on camera I applaud you keep up the good work if I can ever make you art or do anything for you let me know with peace and love God bless
Leave a comment and let me know what you think is going on inside that baby monitor! 🧐
Really awesome, what other devices would you think this method would work on?
Congratulation for your baby. Great video ... can t wait for next video 👏💪
hey i need help i have a pastebin on my account but i fregot the pin to it is their a way i can brute force my way into a pin the code i have to brute force my way is is broken so can you help me it has some passwords and usernames of mine but i want to brute force my way is so i can download then and delete the pastebin
As a catholic pope who studied electronics before I'm grateful for this kind of stuff, looking forward to see the second part
Fun fact: you don’t have a son (jk)
As a embed system student this looks a pretty cool content! Nice video, can't wait for the next one
More to come!
What is that?
@@1ksubswithonevideochallenge745 a comment 🤓🤓🤓🤓🤓🤓🤓
So at work we have an intercom system we never use, one day a few months ago it starts making noises suddenly and intermittently as if like possessed. We walk around the rooms but no one is using it, then one of my coworkers points out that it’s probably picking up interference from a baby monitor. That was kind of more freaky to me, i dont think people using baby monitors would like that people at the public library can hear through the other end. Now forever freaked out by baby monitors.
Back in the day you used to be able to get interference when using a home land line. You could hear other conversations faintly in the background, creepy af
I'd be careful connecting the 5V Arduino UNO TX pin to connect to a 3.3V serial interface. Some devices can tolerate 5V on their input (at least for a short while) but others may break. Use a level shifter if in doubt.
Just a simple resistor can do it too.
All raspberry pi models have 3.3V UARTS. Use that as it is also more likely what the viewers have at home.
most of the time it doesn't do anything, but as a cautionary a resistor of 2k ohm can be used
@@leakimiW In this economy????
@@NoorquackerInd Yeah, completely absurd suggestions which may lead to a dead RPI/Arduino ... including the "test candidate".
Like there are no such things like the generic Ali-Express 1$ USB to USART bridge (Or $3 ... on Amazon) with actually matching logic levels, which do NOT introduce additional 10 points of uncertainties, a rabbit-hole of other complexity and pre-programmed frustration.
Yeah, why not use a 10 or 50 times more expensive device for the problem. Even the hobbyist needs such an USB to Serial adapter. Sooner or later. Very smart!:)
Safe to say if you're goong to these lengths, even without a monitor i think your baby will be safe
First off, congrats on the baby!
I'm super excited to see the rest of this series. Low level stuff like this has always been fascinating to me, but I've never made the jump to learn it.
"...but sometimes they leave it open to give the user a root shell to the device."
I don't think this is intended by the manufacturer:D
Then ground your pins wtf
What's the point of locking that down tho?
You need to spend engineering time to make the device exactly the same for most of your customers and annoying for a tiny fraction.
The only "real" reasons I've seen is some false sense of security, desperate attempts at protecting Imaginary Property or misguided regulations.
Full verified boot would be way too complex for any such use case.
(and if it's really needed, please let the actual owner control it!)
I wish I had seen this before having to guess how to do it myself using an Arduino to diagnose a lab scale. I was on windows using the Arduino software to view the serial communications, so I didn't wire the reset as you did. But this is a lot more elegant for troubleshooting serial data than all of that.
Arduinos make a solid little USB-TTL
@@LowLevelTV Right! Awkward as my approach was, it worked for automating a material feed into a mixer using the scale output. Not bad for a few bucks.
i use a esp wich has a cp2102 3 dollar on aliexpress
Love this, I remember the first time I found out about the UART solder trick with a old WiFi router I had. When I pulled it off with Raspberry PI, some jumpers, and a half decent solder job I felt so much like a hacker. Please keep up the great content.
You got me all excited now. Can't wait for the next video!
Glad to hear it!
If you can’t get it to work: In the Arduino IDE, put Serial.begin( * baud rate * ) to get communication, and press the upload button. Most importantly, if the ATMega chip is stuck in reset mode you HAVE to put tx to tx and Rx to rx, because the serial converter switches it around for unknown reasons.
I really appreciate that you go for accessibility and approachability with these videos. I’m going into computer engineering and hoping to focus on low-level stuff like this, so the fact that this content is so readily available makes that a lot easier. Thank you man
2:53 it's not 3.3v because it's outputting stuff, but because a "logic 0" on UART is "high level". The signal gets inverted (and amplified) with a RS232 transceiver.
Crazy that you put out such videos with such high quality. I like a lot that you show the whole process of you looking at it for the first time. Keep it up. P.S. If you would start a patreon where you put out exclusive content or videos I would definetly like to support you and the channel.
i wonder what he would have done if he bought a Bluetooth controlled adult pleasure toy..
😏
And ddos someone ;)
Straight to the chess competition
Good project for a future video!
@@aeghohloechu5022 I get this reference
Did you try typing "sh" in that shell? My router has a similar command prompt (telnet is open for some reason) and typing sh on there just gave me a root shell
Great video ...DP and DM are probably USB data pins: data plus, data minus. I wonder what your PC sees on those pins?
There are loads of 920mhz ISM analogue FM baby monitors where I live and it's possible to listen to with a $40 SDR. it's pretty impressive that people don't know they are bugging their own homes.
Btw, did you know in Xorg you can paste any selected text by clicking the mouse wheel?
Not having to copy it first is awesome!
Not just in Xorg - Wayland has it too, and Shift+Insert will often do the same thing. Linux has 2 clipboards (technically 3 but the third is basically never used. (technically technically IIRC it's possible to define arbitrary additional clipboards but these are the standardized ones). The one you're talking about is called 'PRIMARY'. It holds whatever ASCII text is currently selected, which then be pasted using the middle mouse button as you said (and as I said, some programs additionally support pressing Shift+Insert to do the same). It's rather finicky though and can only hold text. What you think of as the normal clipboard is just called 'CLIPBOARD'. It can hold various mime types, and is only interacted with via explicit commands (e.g. C-c and C-v. Also can obviously be interacted with via the command line and whatnot).
@@MH_VOID super handy but confusing when coming from Windows. Middle click activates the scroll thingey I use a lot and whenever I try to scroll in Linux it just pastes stuff and I get confused for a sec.
@@crashniels I actually start scrolling every time I have to use windows and want to paste something lol
Still, Linux ~drivers for ThinkPad red dot | track point have figured out the best way: when you click the middle button and move the cursor, it scrolls and if you don't move it, it will issue the MMB event (i.e. paste).
Regular mouse could act similarly
@@MH_VOID Yeah, I know that's not Xorg-exclusive
I try to keep top posts simple so they are straightforward and not overwhelming. Unless absolutely necessary to tell from the get go, details work better in the replies. Especially when someone gets curious or asks for clarification.
Afaik, major compositors implement it since it is a highly demanded feature, even though it kinda goes against core Wayland principles (security|isolation - programs cannot spy on each other by default).
I guess sooner or later we will get something like a 'selection portal' to control clipboard access permissions and that will be the new standard /s
Oh, and I love Shift+Ins! Together with Ctrl+Ins (~ C-c) and Shift+Del (~ C-x) they are an amazing alternative that works almost everywhere - even on Windows!
In my experience though, basically all programs paste from CLIPBOARD when you hit Shift+Ins. I'd actually love to have one more key combo for pasting from PRIMARY, but to where the cursor is and not where the mouse points. (Maybe Alt+Ins would be good?)
Btw, never put a dot in Xorg on YT - YT will eat your comment.
(Good thing I now always copy what I post. Bad that YT does it silently and often for even sillier reasons)
@@mskiptr > I try to keep top posts simple so they are straightforward and not overwhelming. Unless absolutely necessary to tell from the get go, details work better in the replies. Especially when someone gets curious or asks for clarification.
I personally disagree with this (I think a longer top-level comment draws more (engagement-prone) eyes), but have no research backing this up.
> Yeah, I know that's not Xorg-exclusive
Why not 's/in Xorg/in Linux/' then, though?
> even though it kinda goes against core Wayland principles (security|isolation - programs cannot spy on each other by default)
I'd say it's less against those core Wayland principles because the application is responsible for sending the content when requested (which is really annoying when that app is closed (or crashes - unstable patched master-branch-tracking binaries FTW) when I still want to yank the text later. Yeah, I really need to find and setup a decent Wayland clipboard manager already), and so can just... choose not to?
> Oh, and I love Shift+Ins! Together with Ctrl+Ins (~ C-c) and Shift+Del (~ C-x) they are an amazing alternative that works almost everywhere - even on Windows!
Oh I'm not familiar with those. I'm one of today's lucky 10000 I guess.
> I guess sooner or later we will get something like a 'selection portal' to control clipboard access permissions and that will be the new standard /s
That'd be something
> In my experience though, basically all programs paste from CLIPBOARD when you hit Shift+Ins
Perhaps. I don't really use many programs myself. My terminal (WezTerm) seems to do whatever was the most recently changed, now that I test it.
> I'd actually love to have one more key combo for pasting from PRIMARY, but to where the cursor is and not where the mouse points. (Maybe Alt+Ins would be good?)
Huh what do you mean by this exactly? Perhaps I'm too tired right now but I don't see the difference
> Btw, never put a dot in Xorg on YT - YT will eat your comment.
Gotta love YT - eat high quality comments, but leave up all those sex bots
> (Good thing I now always copy what I post. Bad that YT does it silently and often for even sillier reasons)
I've been burned by that too much. Now I just compose any longer comment I care about in my terminal and copy it over. Has the benefit of not having to deal with the horrible text editing capabilities of YT's comment writer, too.
Congrats man! You are on a wonder, life long journey!
I was a tad worried when I saw the video length.... then "to be continued" hit. ☺
UART TX being high doesn‘t mean it’s transmitting.
The high voltage is the idle state for uart on the bus.
But it is an indicator that it may not be disabled.
You put in more effort than most dads, good work! Much best wishes to you and your family!
Seriously this is the kind of content I subscribe for! More of this please!!
Wow, this was informational af. I wanna see the rest of it.
I also recently found an old babycam which can't pair anymore, because there's no app for it. Maybe with this method, I can bring it to life again!
Asking the ultimate question: Can it run Doom though? 😊
Congrats on your baby!!!
Root Amazon's new flying surveillance drone too! Congrats on the inbound fatherhood. Having kids was the best thing I ever did for my life.
This is awesome. I'm very excited for the next in the series.
Man every time you are blowing my mind, couple years ago I've seen two guys did the same trick using uart to root to a linux shell on TP-LINK router, and I've done it my self it's super exciting, but never seen RTOS kinda shell before, thanx man for the brilliant content you are making, cant wait for the next upload; Also Are you really married?? !!
Late to the party but there's a few notes that are worthwhile:
- The microcontroller on this device is more likely 3.3V I/O, the USB TTL converter chip on the Arduino will be speaking 5V. This makes hooking the Arduino serial lines up directly rather risky as you could actively damage the micro's I/O drivers. A USB-Serial adapter with configurable 5V/3.3V is cheaper and easier to use than an Arduino and should be in pretty much everyone's debugging kit.
- DP/DM is extremely likely to be USB D+/D-, I would bet on this chip having DFU capabilities over USB, so this should be a route into the chip's bootloader. Connecting these lines to a PC will tell you a lot about the device.
- The reason these pins are exposed on pretty much any consumer device is that it's how the device is programmed in factory, so SWD/JTAG/USB will pretty much always be left available (even if you have to rummage around a bit to find them). Even devices supporting DFU over wireless will usually have SWD/JTAG left for initial firmware flashing.
I was planning to learn low level stuff for a very long time! This content is epic ❤️
On one hand, I'm sure you are going to find something vulnerable; on the other hand, it would be nice to see if they managed to do mitigate the risk enough for their treat model
Not going to lie, on the video intro I was looking for the "skip ad" button for a bit before I realized what was going on.
Hands down the one video of yours that's been hardest for me to follow, I just suck at embedded too much. With software, typically I can at least understand the purpose of a complex operation even if not entirely its workflow, here I'm just lost from the get-go. As embarrassing as it sounds, truth of the matter is, I just never learned about electricity. And without that, it's naturally hard to get anywhere beyond.
Much better video title. I'm glad you changed it
Lucky bastard. Arduino is 5V TTL and this device is 3.3V. You need a logic level converter otherwise you can break the chip in the device. Fortunately it looks like it worked (maybe because of breadboard cables resistance and chip not being susceptible) But one day you're not gonna be happy when the magic smoke comes out.
You are absolutely right with your concerns, but: RTFM!
Resistor RN4a and RN4b (both 1k in serial to the ATMEGA8U2-MU USB to Serial Bridge, see Arduino Uno Reference Design) have saved Low Level Learnings precious cheeks:)
LLL: ... just use the right tool for the job ... next time, or?:)
This was a lot of fun to watch m8! You did a lot of "basic" stuff lately, cool to see you dive deep into a much more advanced topic and share your more advanced knowledge with us, really appreciate it!
3:56 there is a program in the Arduino forum to just set the uno to serial passthrough without the need for the reset line.
That uses SoftSerial, which is usually 'good enough' for simple communication but doesn't work for higher speeds as the Arduino can't keep up.
You use SoftSerial when you've chosen to use the wrong type of Arduino (one with only 1 UART) while for a project you need 2 UARTs, it's always a compromise.
Here it would be much easier (and better) to just use a CP1202/CH340 USB UART with 3.3V logic levels. He's now using a 5V Arduino on a 3.3V device. This can damage both the Arduino and the baby monitor, only reason it didn't happen here is because there's a 2K resistor in series on the UART on the Arduino. Some cheaper Arduino clones might not have that.
Basically this video shows how to use a much more expensive and not too suitable tool to do something that a $1 USB UART can do better...
@@someguy4915 Yes thats also an option but i mean just to disable the Pullup/Pulldown resistors on D0, D1 so the microcontroller just ignores all serial sent to it.
@@kabelloseskabel7029 I guess you could upload a program that sets D1 as an input, effectively disabling the TX from the Arduino and like you said putting it out of the way.
Wait, isn't the Arduino Tx/Rx on 5V? Wouldn't that be a risk to the device? Also, is it possible that tying RST to GND damage the arduino by constantly resetting it?
constantly tying rst to gnd is no problem if it would be people could kill their arduino by holding the reset button ofcourse its made idiot proof so noproblem
@@rikxianvanhoutenvanhouten1384 OK, that makes sense. Any idea about the other question?
@@ΝίκοςΙστοσελίδα Tying RESET LOW won't damage the Arduino, though 5V UART on a 3.3V UART is never a good idea...
@@someguy4915 i find plausible that while the Arduino is resetting it keeps the UART at 3.3V. Though not likely, it isn't impossible
@@ΝίκοςΙστοσελίδα Good point, hadn't thought about that so I just tested it and surprisingly, the Arduino does keep pulling TX to 5VDC even whilst the Arduino is held in RESET.
This can both damage the 3.3VDC device but also can corrupt messages over the UART so in both cases terrible advice to use an Arduino like this as a USB-UART.
it's super boring to be married with an expert, right?
Look babe, I just bought this [whatever thing]
Oh let me break down it so I can see what's inside 🤣
Wow, that was very informative and interesting. Cant find the second part????
Congratulations on becoming a parent 😊
I think SONIX is referring to the camera DSP manufacturer. My company also uses SONIX products for our camera.
All I can legally say is. I hate their firmware. You probably can find UAF or data race bugs within a few hours.
New video idea: I played doom on a baby monitor
Hey great video - I actually have this same monitor, I was actually curious about what could be done with it - it has a limitation of only being able to have a single monitor connected to it, I’d wondered if there was a way to hack it to have two monitors connected to a single camera.
Congrats on the baby, rip your free time.
The most interesting video I have seen in a long time. It reminded me of the microcomputers and embedded systems courses I took in university. Please make more.
I’d love to see it be secured to a reasonable degree but as with most tech security it will likely have some holes. Curiously I wonder if manufacturers like this patch bugs and holes in the 3rd party software & libraries they use.
Awesome video! One of my favourite TH-camrs.
I'd be curious what kind of access you could get purely over a network connection (as malicious actors would likely not have physical access to the device).
I learned more about UART in the last 7 minutes than I ever thought I'd know.
Congrats for the baby ✨
the enrichment center reminds that altough fun and learning are the main purpose of this video, serious crimes may occur during the enrichment activities. please for the fun and safety of others, refrain from commiting such things made in this video. -alternate universe in some place
DUDE THAT SHIRT LOOKS SICK!!!!!
Aren't UART pins usually high in idle state? In the first step when you measured the voltage on UART TX pin you said because it's 3v3 it's outputing data. I think the fact that it wasn't a stable 3v3 means there's some data on the line and if it was just 3v3 would mean there's no data on the line.
DP/DN looks like USB. Don't know about CE, but I would guess E for enable.
I was thinking something SPI related for "chip enable"
Took me some time to decide on getting the same baby monitor after an initial failed purchase. The other one we got had an app that wanted to see data across other apps for me to monitor my baby…no thanks!
Hope this purchase stays a good solution!
Congratulations to your wife and you!
This is so awesome, thanks for sharing!!
This is exactly the kind of thing that makes me want to get out of backend engineering and into systems and platforms shit
Okay, I think you're taking this "Full-Stack" dev thing a bit to seriously. 😜 Really tho, cool video man!
- "I'm gonna try to hack into the US Government's database"
° "Hey, that's illegal!"
- "...for science"
° "Oh, then it's okay"
I am surprised that you bought one instead of hacking your own together with a Raspberry Pi.
more of this please, this is so interesting
Oh the connector... DP an DM should be the 2 USB date + and - lines. A UART will normally be high so that might be why you saw 3.3V. Just high. If data was being transmitted, I might expect a voltage between 0 and 3.3V and moving around some in voltage if the data being sent isn't too repetitive and too fast
Had the "next video" come out? I see several videos after this one, but none seem related.
Criminal: “I’ve hacked your baby monitor and I’m watching your baby”
Parent: “Cool, in that case imma get some sleep then. Lmk if the little shit wakes up.”
Bro can you still remember the analogue camera baby monitors, they where totally unsecured, everybody could watch it.
I love this chanel and wish he could post more content. I dont know much about electronics but I still see this as interesting ❤ 👍😄
I'd suggest DP and DM to be an USB port
How to learn what you did in that video? Do you have a zero to hero course for such knowledge?
Always good to check tbh
Exactly.
Have you ever used a UART USB cable? I had someone show me how to use that on a PS4 and used the Arduino programmer to read output
@4:00 Always connect the ground first!
You’d think designing one as a security auditor would be more effective
The Arduino trick is awesome. I'm currently in need for a USB UART and I've been delaying my project, because I own a USB UART interface, but I have it at the bottom on some box :p But now I can use an Arduino which I have ready and just use it's builtin interface. Now it sounds obvious, but this idea didn't occur to me. Thanks for the tip!
Glad I could help!
yes for years i had Arduino and doing hardware stuff, even though i am just a soft. engg, I completely unaware about this.... really thanks for this...
can use tx rx pin of raspberrypi to arudino to do the same 😅
@@vaisakh_km Never connect an Arduino Uno and Raspberry Pi's UARTs like shown in this video though, you risk destroying your Raspberry Pi and Arduino...
Use a newer 3.3V Arduino ('Arduino DUE' for example) or use a logic level shifter in between to prevent damage...
2:55, UART is active low, so 3.3V means it's not transmitting.
*IrDA is active high
Is all the libraries the files on the chip? like the 6:14 libraries.
Those Infant Optics ones pretty simple. Point to point with manually paired cameras (which is a bit wazoo, but we get to that later) and no connectivity.
The open UART (or JTAG, SWD less so) is super common in those devices because they either dont care to close em, want it for debug, or they use it for some EOL manufacturing process. There is only one risk from having a reversible monitor for the user that I can think of off the cuff, it's gotta pair. Depending on where you live that may be a concern and it may not -- apartments/condos, maybe yeah, single family home - range isnt that great.
That said, there's some hoops they'd need to jump through and that's where you should be looking. Is the pairing seed material when you push the button from the camera fairly unique? Does it broadcast its ID in some way that you could identify a camera you want to link a monitor to after the fact? If it's only during the initial handshake, cool, but how does it reconnect when it starts up? If the RF is in the clear (e.g. not just encoded or plain) you can patch in whatever auth material you want.
What does that get you though? Cred online for showing it, but in reality, meh. People research baby monitors and safes and stuff for the emotional factor attached to it. Any malicious behavior where you have to be that close to the target is a really personal thing. I know it's a non-cool kid opinion, but patching a piece of firmware on a baby monitor to see inside a single room in your house would do...what exactly? Yeah, can see inside your house and that's a bit creepy, but if you live in an apartment, that person is your neighbor. Good bit of OSINT, RF analysis, and then firmware patching for your neighbor or someone that lives nearby to see in your kid's room? They know if you're home already. Live in a single family home? Not so much range wise. At that point any RF system unless you want to spend a bunch more for a legit security system (and even then they will have similar problems) isn't in the cards for you if you're concerned.
BTW, the h264 is video encoding. Have fun!
i think sonix reffers to the main processor chip (big chip) on the board often baby monitors use sonix media chips and the chip has a sonix logo on it so its not only the board. Often the serial console mentions the processor and not the board manufacturer because you comminucate with the main processor and not the board
excited for the next video!
Good ol' baby stuff. I still have a Leapad from my childhood... now it's a PS1 emulator... I played FFIX for the first time on that thing, yes really!
Hardware hacking is something I find really interresting, I would love to see more of this type of content.
Also what would you do in case the debug/serial port has been locked/closed?
Also, have you heard about power analysis sidechannel attacks? suck as what the chipwhisperer tool can do?
The other 4 pins seem like USB... DP/DM lines (a.k.a D+ and D-) strongly suggests it.
wait so its a closed system, yet is also required to be completely torn down and photographed
This is so awesome. Nice work.
Thanks a lot!
i think you could use ESP32/STM32 for this, Arduino UNO operates *5V* logic, which might damage the boards 3.3V logic. ESP32/STM32 have 3.3V logic and are much faster than UNO.
Hey, I have to take a X 86 assembly language class for my cs degree. Are there any courses you can recommend to help me learn better?
I hope one day I'll produce awesome video content as the one of this video. Thank you so much, you are the embedded master 🙏
Dude! I’ve been futzing around with arduinos for over a decade and had no idea that you could boot loop loop it to use it as a ttl to usb. I’ve been using FT232RLs like a sucker
As the comments point out, just be careful with your TTL levels lol. Thanks for watching!
@@LowLevelTV totally. I think the algorithm started serving me your content when I was trying to recover the firmware on a ASPEED2500 BMC that decided to corrupt itself. Once I managed to reflash it with an absurd DOS-over-serial setup, I got curious about what was in the firmware and needed to TH-cam learn some binwalk to see what was going on. Totally was able to get a root shell and turn on a bunch of other fun things because the shadow file revealed they used a woefully insecure password. Fun stuff.
What does your child think about living inside big brother?
Anyway, great video. I look forward to the sequel.
Bravo!!! Behind the iron sights doing the lords work you are inspirational
Thanks to you I'm able to educate myself on things I desire to invent
Your simple accessible approaches and absolutely crystal clear and eloquent communication skills
Lastly the confidence to go on camera I applaud you keep up the good work if I can ever make you art or do anything for you let me know with peace and love God bless
You left us on a cliffhanger as the video was getting really interesting... 😞
Honestly boss,
If you open up a website for learning low level programming I'll be the first to sign!
Awesome, want to see more about hardware hacking
Cant wait until the next video!!!!
Please part two!
Best youtube channel ever
Instead of an arduino, couldnt we use a usb to ttl devicd
Can you download on it windows
nah, maybe low power arm windows