Daniel's Stuff

I write code

Category: Hardware

Yealink VOIP phone back doors

vp2009

Yesterday I took delivery of a Yealink VP-2009 VIOP phone.  I was hoping it would be a nicer phone than it actually turned out to be.  I have a Yealink T38G and was really happy with it.  Unfortunately a lot of the features I like in the T38G are not present in the VP-2009. Ah well, live and learn I guess 😉

To the meat of it.  When I plugged the new VP-2009 in to my network and attempted to configure it there was a weird caching issue with my browser as it took the same IP address as the old T38G which resulted in an error page being shown.  Initially I thought the phone by broken in some strange way, so I started to investigate a firmware download for the phone.  After extracting the firmware using binwalk I found the HTML for the web interface and found that there is a back door that allows arbitrary commands to be executed on the phone.  The first thing I did was remove the password on the root user (passwd -d root) so I was able to telnet into the device.  Once on the device I was able to poke around and see all sorts of interesting stuff.

I was interested to see if there was anything like this back door in the T38G.  It turns out there is, although it isn’t as easy to use as the one in the VP-2009.  There is a hidden page that allows the telnet server to be turned on, and the same code can be exploited to remove the root user password 🙂

Some more pictures of the failed boards

I took a few more pictures of the failed boards and sent them to the fantastic people at circuits.io.  They have very generously offered to send me new ones at no charge 🙂  Hopefully these new boards will work out.

I also had a quick go at getting one of the boards working.  After soldering lots of wires on the bottom of the board I powered it up and let the magic smoke out of my voltage regulator, so it looks like I may have a crook connection somewhere.  It could also be because I didn’t have the right regulator available so tried another with a slightly different pinout.  I put some heat shrink over the input lead and bent it into the right position. Maybe I didn’t get it quite right.  The interesting thing is that the Mac I had it plugged in to didn’t complain about the device drawing too much current, so I don’t quite know what went wrong.  Time to head out to Jaycar and get the part I actually need I guess 😉

My PCBs have arrived

Unfortunately they don’t appear to have worked out as well as I was hoping.
On the top side many of the tracks are incomplete, while the bottom side has no tracks whatsoever 🙁

 

The boards look really nice though.  I’m going to have a go at making one of them work soon as I have a problem that needs to be solved using them.

IT LIVES!

After a small hint from one of the Drobo tech support staff I was able to fix my DroboPro 🙂

It turns out that there is a little CR2032 coin cell on the main board that had gone flat.  I replaced that and the machine came good 🙂

YAY!

Funky Clock 2 is up and running

Funky clock is installed and working really nicely 🙂

I had a little trouble with the digital inputs as the pull down resistors I used were 100K instead of 10K.  Also for some reason I was unable to read port E2 at all.  Once I moved that input to port C4 and replaced the resistors everything started working as expected 🙂

Temperature sensor

weekly graph
I added a LM35 temperature sensor to the unit measuring the water level in my main tanks.  After a mild calibration issue (shown above) it seems to be reading very close to the actual temperature 🙂

daily graph

I find it amazing how much I am enjoying having this data.  Very silly 🙂

Funky Clock 2.0

Here is Funky Clock 2.0, well the processor board anyway.

I have several PIC18F452 in the PLCC package, so I decided to see if I could get that working.
My forth is running on it and I am implementing a new UI for the clock allowing the time to be set using a really cool dial/switch combo.
To connect to the new board I’ve made another daughter board that has the power connector, quadrature dial button thingy and a serial connection plug.  I have made a little RS232 adapter using a MAX232 chip and a hand full of capacitors placed into a DB9 head shell with some pins sticking out of one end and a DB9 on the other.  When I plug the adapter into my Funky Clock it is powered from the Funky Clock and I am able to send code and commands to it via a terminal emulator 🙂
It all works really nicely 🙂