- Introduction
- Why Hack Embedded Devices at All?
- Embedded Devices with Customizable Firmware
- Firmware OptionsFirmware Options
- Summary
Embedded Devices with Customizable Firmware
Hundreds of embedded hardware choices are available, both on the consumer market and commercially. The OpenWrt project does a great job of listing some of the more popular embedded hardware, and the current supported status of "hackability" for each. In this section I’ll cover three of the most popular choices for hardware, which I’ve found work well in most scenarios.
Linksys WRT54GL
Linksys released the Linksys WRT54GL for the hacking community. It contains 4MB of flash storage and 16MB of DRAM. Many firmware images are available for this device, and it can be customized—along with all of its cousins in the WRT54G family—to perform a host of functions. These options include the kismet wireless sniffer, a VPN client or gateway, a Tor proxy, a PBX phone system using Asterisk, and a complete wireless hotspot! This device costs around $60 and can be purchased online from many different online stores, but isn’t readily found in local retail stores. One of the nice features of this model is that it has a reliable way to reset to factory defaults and start over.
Asus WL-500G Premium
If you’re looking for more features, such as USB or a mini-PCI slot, the Asus WL-500G is for you. The processor and architecture is similar to that of the Linksys models; however, the Asus has more flash and RAM than the WRT54GL, coming with 8MB of flash and 32MB of RAM. The mini-PCI slot can be used to install add-on cards that have more radio power and offer a better wireless chipset than that of the stock Broadcom chipset, such as Atheros.
FON’s La Fonera
Touted as the "global hotspot," FON is a service that allows users to purchase a router and then share their Internet access with other FON users. Fortunately for us, the router firmware is based on OpenWrt, and is hackable in the sense that it allows you to install your own firmware. This isn’t a documented feature of the device; in fact, you have to use a remote-command execution vulnerability to enable SSH and get access to the command line. (Of course, this method of access to hack embedded devices was made popular by the "ping hack," which provided the same capability for the WRT54G router.)
There are two versions of the router: the FON and the FON+. The FON router is fully hackable, and much documentation exists about the hardware and firmware installation steps. The FON+ has two Ethernet ports and doesn’t yet have any documented hacks, which means that we currently can’t install our own firmware on it.