Gaining Shell Access via UART Interface Part 3

This is the 3rd post in IoT-Hacking-Shell-via-UART series. I hope you have gone through the first two parts. If not, please go through them.

In this part, I will explain how I was able to gain shell access on a smart camera via UART interface.

About the Device – I already had a camera with me. So, I decided to check the same for gaining shell via UART. The typical smart camera looks like the one shown below

On opening the camera, there were many components present on the board.

Some of the components found along with the pictures are shown below. These components may not be relevant to us, but it will give a small idea of various components which are present on a board.

  1. NanyaNT5TU32M16DG-AC – 512 Mb DDR2 SDRAM


  1. IR LED

  1. LS 3N SS14 – Schottky Rectifier

  1. RTL 8188ER – SINGLE-CHIP IEEE 802_11bgn 1T1R WLAN

  1. TPS65251 – 4V to 18V Input High-Current Synchronous Step_Down Three Buck Switcher with Integrated FET

Above mentioned components were identified. The best way to learn about these components is to google search the letters or numbers printed on them simply. This will describe a component and what it does.

Gaining a shell via UART – Now the task is to gain a shell via UART.

The procedure for gaining the shell is as below –

On opening the camera, I found a UART interface present on it along with the components mentioned above.

Using a multimeter, I identified all the 4 pins –Vcc, Rx, Tx, and Gnd. Once they were identified using USB-TTL and appropriate wires, I connected the camera to my laptop as shown below –

Connection Description –

  1. GND of the camera was connected to GND of USB-TTL.
  2. Rx of the camera was connected to Tx (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nitesh Malviya. Read the original post at: