The Hardware

TP-Link NFC TerminalThe TP-Link WR703N is a quite amazing and affordable piece of hardware and has received a lot of love from the hacking community.  Once you take a look at the price tag and feature set you quickly notice why it’s so well received: it crosses the counter for just 25 EUR on Amazon or as low as 16 EUR if you look abroad!  It’s been used as a pentesting aid, made even more hacker friendly, got turned into a webradio player, and made more awesome by adding a display.

So you think all that can be done has already been done.  But no: shackspace hackers makefu and exco came up with another idea.  And that idea was followed by another, and another, and they simply kept going.  The project is called minikrebs and is part of the bigger experimental coding platform krebscode.

Here’s what they came up with so far.

NFC / RFID Login Terminal

TP-Link NFC Terminal

The NFC-Gate is part of the User Suppository (sic) infrastructure.  It polls the attached NFC-connector for new cards and uses the UID of the card for trying to either log in or log out the user at the shack-infrastructure.

The NFC-gate is a build for the MR3020, not the WR703 as it uses all the available LEDs to display the status of the login. The NFC-Reader used is the SCM SCL3711 as it is supported pretty well by libnfc and is quite small.

For more information check out the Github repository and the source code of this profile.

Instacam: Automatic Webcam Streaming

TP-Link Instacam

The aim of this little project is to reliably push a video stream directly out to the internets for everyone to see at a very low price.
It combines a webcam (could be a cheap China model or one of Logitech’s HD cams, as long as its supported by uvc or Gspca) with a TP-Link 703N.  It automatically boots up and starts streaming.  Use a battery pack and USB 3G stick for field connectivity.  Drop to deploy!

This project is already in use in two places at shackspace.  One is built into our lasercutter to allow safe monitoring and recordings of the cutting process.  The AP can manage multiple clients at the same time and even stream HD video at acceptable frame rates.

Automatic Rick-Rolling

TP-Link Automatic Rick-Roll

The purpose of the profile is to create an access point where every connection is rewritten to instead deliver a rick-roll.  If you carry it with you when riding the train (remembert to get a battery pack!) you will have great fun giggling each time the LED blinks indicating another victim was served a piece of the 80’s.

Having videos autostart on a victim’s mobile brower is quite difficult and unreliable, so instead of an actual video, a short animated GIF with Rick dancing plus the first minute of its famous song will be served by the httpd.
Laptops and other clients with phat-browsers will probably honor both autostart loop tags in the new HTML5 standard.

Forwarding USB Interfaces over WiFi using USB/IP

TP-Link usbip

In this configuration minikrebs will start up as USB-bridge with the USB/IP-stack. It will run usbipd and grab an IP-address via DHCP from the LAN interface.

Krebs Integration and Heckenkrebs


Of course minikrebs integrates seamlessly into the pile of code called krebscode/painload.

The krebs base profile for krebs nodes includes all the core feature to automatically connect to the retiolum darknet.

Adding Heckenkrebs functionality will give you an automatic internet-establish and gateway provider for the retiolum darknet (or any darknet that you want to set up).  The Heckenkrebs will use a patched aap tool to connect randomly to wireless networks which are „unprotected in some ways“, meaning that it can also do slightly more advanced stuff like calculating default keys for EasyBox home-routers which are quite common in Germany (in case you forgot your default key that is).  It also provides a blacklist feature and access-point password list for known networks.


Flattr this!

Urspünglich gepostet: Januar 14th, 2013
Tags: Allgemein

Reader's Comments

  1. Madox | Januar 18th, 2013 at 17:30

    In your usbbridge profile, does your recipe hack the version string so it connects to the Windows USBIP client?

  2. makefu | Januar 18th, 2013 at 23:31

    currently the stock package is installed on the wr703n but we are using a patched version of the windows 7 usbip installation. Exco used all it’s google-fu to find together a working windows 7 DLL and usbip tool. The description is available in the wiki at under `windows client`.

  3. Mad Trix | Januar 20th, 2013 at 00:46

    Will the instacam script’s run unmodified on the MR3020 too?

  4. makefu | Januar 20th, 2013 at 14:56

    Mad Trix: acutally it is possible to flash WR703N firmware onto the MR3020, but you will be missing the LED feature :).

    currently the script is specialized for WR703n but it is really easy to fix this.

    The the profile contains a file called custom_make which defines for what Openwrt version the firmware is built.

    Just copy the instacam profile to instacam_mr3020 and replace in custom_make WR703N with MR3020.

    In the future this might get abstracted to override the profile.

  5. Mad Trix | Januar 21st, 2013 at 08:31

    THX makefu, i will add some extra space on the MR3020 and then go for it.

    keep on that fine project!

  6. El- Dogg | Januar 22nd, 2013 at 05:46

    Hey that amazon link for 16 EUR appears to point to a TL-WR702N , which, according to the wiki isn’t supported!

  7. makefu | Januar 22nd, 2013 at 10:21

    El-Dogg: I fixed it, thanks for pointing that out!

  8. cris | August 23rd, 2013 at 20:05

    Any suggestion for a good usb powerbank to power the tplink?

  9. hadez | August 25th, 2013 at 13:26

    while bigger than the tplink the anker 10Ah pack should give you enough bang for the buck

  10. KrystofFromPrague | Februar 3rd, 2014 at 22:30

    May I ask you how did you do that rick rolling thing?
    It is some kind of captive terminal?
    Thank you for your response!

  11. makefu | Februar 4th, 2014 at 09:40

    KrystofFromPrague: yes we are using aircrack-ng to respond to ‚any‘ wifi broadcast probe and dnsmasq configured to respond to any dns request with the own local ip address.
    The httpd installed responds to any request with rick astley.


  12. KrystofFromPrague | Februar 6th, 2014 at 23:32

    Thank you! I’ll try it as soon as i get my 703N.

  13. mike | April 5th, 2014 at 22:54

    Could the TL-WR703 be used as simply a monitoring and logging device? For example, does it allow for basic scripting, have basic icmp functions?

    If so, what operating system should I be looking for? I know of the openwrt project but I do not need the router functions. I only need this device to act as a client, pick up an IP via dhcp on it’s wireless or wired connection and not much else.

    Thank you

Leave a Comment