Difference between revisions of "Alarm.com ADC-v520IR"
| Line 4: | Line 4: | ||
[[Category:Cameras]] | [[Category:Cameras]] | ||
This page will be dedicated to a general overview, descriptions, and information related to the Alarm.com ADC-v520IR. | This page will be dedicated to a general overview, descriptions, and information related to the Alarm.com ADC-v520IR. | ||
== About == | |||
The Alarm.com ADC-v520IR is a network (Wifi/Ethernet) camera w/ IR LEDs provided by alarm.com | |||
== Disassembly == | == Disassembly == | ||
| Line 25: | Line 28: | ||
File:Alarm.com ADC-v520IR UART.jpg | File:Alarm.com ADC-v520IR UART.jpg | ||
</gallery> | </gallery> | ||
== Exploitation == | |||
This device ships with an open U-boot installation meaning that with a UART adapter hooked up we have access to modify the default boot parameters. This opens the device to an technique called "Kernel Init Hijacking". This technique involves modifying the "init" boot argument which when passed to the kernel specifies which script will handle the boot-up process after the kernel is loaded. By defining this variable as "/bin/sh" we tell the kernel after booting to drop to a shell over UART. This allows us temporary root access to the file system. | |||
Revision as of 14:59, 7 June 2015
"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."
This page will be dedicated to a general overview, descriptions, and information related to the Alarm.com ADC-v520IR.
About
The Alarm.com ADC-v520IR is a network (Wifi/Ethernet) camera w/ IR LEDs provided by alarm.com
Disassembly
UART
A Login Console is presented on UART (3.3v) at 38400 baud. The pinout for UART can be found below.
Exploitation
This device ships with an open U-boot installation meaning that with a UART adapter hooked up we have access to modify the default boot parameters. This opens the device to an technique called "Kernel Init Hijacking". This technique involves modifying the "init" boot argument which when passed to the kernel specifies which script will handle the boot-up process after the kernel is loaded. By defining this variable as "/bin/sh" we tell the kernel after booting to drop to a shell over UART. This allows us temporary root access to the file system.
