Hacker News new | past | comments | ask | show | jobs | submit login
Hacking the Zsun WiFi SD Card Reader (wiki.hackerspace.pl)
141 points by nanis on Jan 26, 2016 | hide | past | favorite | 43 comments

There are also a lot of 'smart wifi plugs' which use the same chipset (although with less RAM), which can be bought for ~$20:


Interesting. IS it wrong that my first thought was that they look benign and unobtrusive enough that they could be easily socially engineered into somewhere to start scanning for vulnerabilities... ?

When flashed with the appropriate firmware of course.


Seemed relevant.


Not sure it's 100% applicable, but certainly my proposal would indeed by illegal black-hattery, unless done by a legit pen-tester.

I'd never do such a thing, but I might now be more aware that the little plastic block attached to the socket over there could easily be a cheap, full linux system running some sort of metasploit/neopwn variant...

We are now beyond assuming that you can "see" the tiny computer over there. You can pretty assume that for example that any electrical device could have one of these concealed in it. That includes electric cords and light bulbs.

Additionally these can be hidden in non-electrical objects with small batteries and run for weeks.

This is exactly why I dismantle and inspect all 'unimaginably cheap' pieces of tech before using them for their intended purpose. That, and curiosity. There are many clever cost-cutting hacks to be learned that way.

One of my favourite youtube channels is BigClivedotcom's, where he takes apart a bunch of cheap gadgets.



Well this is true, I guess it just struck me that this is a convenient and easily overlooked form-factor, and pretty dirt cheap.

Given that these come from China, maybe they already have that firmware ;)

People used to use Sheevaplugs for this, e.g. https://www.pwnieexpress.com/product/pwn-plug-elite/

I remember the talk about it at the time. I still have my sheevaplug at home, I pre-ordered one of the first dev kits and used to be active on one of the plug forums. I don't use it for anything much any more but I did a power-supply replacement a couple of years ago when it blew.

That pwn-plug has had some serious mods done to it, with bluetooth, 4G and 802.11 wireless built in! (--edit-- I see now that those are provided by adaptors, not built in to the box, that does reduce its stealthiness somewhat)

These new ones are much smaller than that by the looks of things though, seemingly on the scale of socket adaptors, rather than (to an up to date eye) quite a big power brick.

Thanks for the link, that was interesting.

Wow it's only a $9 device (see below)

Definitely trying this out.

I wonder what the power draw is?

Shame they didn't use microusb connector.

No idea about the trustworthiness of this seller but use the page for general info and lots of photos:


update: only $9.13 with coupon code GBJANRT and use paypal checkout for safety

There is also a source on aliexpress that is $1 cheaper if you are buying bulk.

I wonder if openWRT gives it wifi-N ability, factory firmware only does wifi-G

It's currently £5 inc. delivery on Amazon.co.uk. This puts it into Raspberry Pi Zero and NodeMCU/ESP8266 territory.

Add to the fact that internally it's not very different to the venerable TP-Link WR-703N and it's possibly a great OpenWRT device to tinker with.

I've used Gearbest in the past. They're ok to order from generally, but their unsubscribe mailing list email link doesn't work and I had trouble ordering from them initially due to delivery address issues at my end.

Except the pi zero has a 1ghz quad core processor and 512mb ram. This has 64mb and a terrible 400mhz single core processor (i think). So not really that comparable.

Also not forgetting that without modifying the chip it gives the Chinese company that makes it complete access to any files that go near it if it gets internet access.

pi zero has 700mhz single core, same as raspberry A/B/B+. Also, zsun has built in WiFi

It's the same chip, clocked at 1Ghz. https://www.raspberrypi.org/blog/raspberry-pi-zero/

Do you have a link on Amazon? I see it for £5.99 + £3.99 shipping

Same. Can't spot anything cheaper on Amazon.co.uk. Note that it is dispatched from China...

This is £4.99 for me, but I'm a Prime subscriber: http://www.amazon.co.uk/gp/product/B00Y1Z9S8A


Another similar device is the gl.inet AR-150

$24 but you get 2xEthernet, USB host, stable openwrt, a button + 2 state switch (handy for triggering scripts) and the option of an external antenna.



I'm so tempted to order this for $9 but I don't really have a use for it!

I have zero use for it also but playing with and learning this chipset for $9 is something I cannot passup.

I am sure I'll use it as a repeater or remote storage device at some point.

Now if I could justify the two dozen smartphones I have...

+1 for the gl.inet. I use a 6416 for prototyping my devices and it's a really great device to mess around with.

Both this and the still to be delivered "Black-Swift" are minimal single board computers using the AR9331. It should be similar to the Black-Swift's power specs,

"Power consumption: 120 mA typical (400 MHz CPU frequency, Wi-Fi enabled), 60 mA in energy-saving mode (200 MHz, Wi-Fi disabled), 300 mA max"

This is at 5v so ~1.5w max. If you wanted to use even moderate power USB2 peripherals instead of the SD card reader you'd have to inject external 5v power.

If you don't need sdcard reader, but want RJ45 for wired Ethernet and USB host port connectors out-of-the-box (as opposed to soldering to test-points on Zsun), ~ $7 will get you this:


Just a heads up, the device you mention uses an RT5350-based SOC. There's nothing wrong with it, but support can sometimes be a little flaky.

However, the built-in wifi chipset doesn't do channel hopping properly while the AR9331 does, meaning that for people doing 802.11 security stuff this is not the chipset for you.

If on the other hand you're not doing 802.11 or anything funky with the hardware, it's a nice little box. I have one using a CDC ether USB gadget to inject rickrolls into web pages.

> I have one using a CDC ether USB gadget to inject rickrolls into web pages.

Interesting. Did you do much hardware-wise for that - like rewire USB D+/D- signals and add/remove some obscure resistor that enables USB gadget mode?

No, I'm using a HooToo TripMate Mini (HT-TM03) which uses the same SoC and seems to work fine out of the box, but I had to build my own OpenWRT image based on a hodgepodge of current trunk and Wingspinner's HT-TM02 work.

EDIT: Actually there are quite a few boxes out there that do have CDC support built in. The ASUS WL-330NUL uses a stripped down ASUSWRT and has CDC support built-in. You can get the firmware source and build your own version if you like. It's not as friendly as OpenWRT (which is saying something) but is workable if you persevere.

But there's no wifi on that device right?

Also only 4mb for rom.

edit: okay they mention wireless range so it is wifi device

Given that it can apparently act as a USB card reader if plugged into a bog standard PC, i suspect no more than your typical USB device. So something like 0.5A at 5V.

And why would you want microUSB?

microUSB, so that he can use a standard OTG adapter for host mode... (which the SoC supports)

Ah, i was not thinking in terms of having a micro socket on the dongle. Silly me.

This is strange - original blog post is not searchable through google. All I see is pages that point to wiki.hackerspace.pl.

Yeah, a few days ago we noticed that our wiki pages fell off Google and Bing search results. No idea why, and Google Webmaster Tools aren't helpful, either. :(

You have <meta name="robots" content="noindex,nofollow"/> tag on your pages. See:


Ah, thanks. Apparently it was due to the indexdelay [1] option in dokuwiki, which I've now lowered.

[1] - https://www.dokuwiki.org/config:indexdelay

A few days ago Google changed thier ranking algorithm. My blog was wiped out from 400UU/day to 20UU/d.

can I ask you a dumb question since emeryth isn't on here (yet?)

mtd_write is that already on the device? if not where can I get the proper binary for its cpu?

ordered one for $9 shipped as a play-toy to see what it can do, will take a few weeks to get here though

It's already on there. :)

Presumably, as this is running Busybox, one ought to be able to contact the manufacturer and request the source code?

I checked out their website but it's Chinese-only, so not of great help to me.

Can you run other general Linux tasks on a DDWRT build?

This is OpenWRT, not the same thing as DD-WRT. It's basically a full embedded Linux distro with extra emphasis on networking and complete with its own package manager, so the answer is yes you can do quite a lot with it.

It's possible to do more general purpose stuff with DD-WRT as well, but it's not quite as flexible . IIRC you can install your own packages there too, but it is set up to be more streamlined as a SOHO router.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact