Researcher Creates Handheld Hacking Tool

Kickball Notches writes "Immunity's Dave Aitel plans to start selling a portable hacking device equipped with hundreds of exploits. The wireless handheld, called Silica, comes equipped with more than 150 exploits from Canvas and an automated exploitation system that allows simulated hacking attacks from the palm of your hand. It supports 802.11 (Wi-Fi) and Bluetooth wireless connections and is based on Linux."

Nifty

[daveschroeder]

Something like this could be easily used in conjunction with vulnerabilities like the recent Atheros 802.11 wireless device driver exploit. Of course, many wireless attacks like this will still be targeted, and won't be widespread, because of one huge reason: proximity. Even the co-discoverer of the Atheros driver vulnerability, David Maynor, said:

The thing to keep in mind here is that this really isn't a problem yet. You won't see any WLAN viruses' base on driver level exploits any time soon for one very important reason, proximity. We wanted these issued raised and fixed before the distance of a wifi connection for your average user will be measured in kilometers instead of the meters it is today.

Don't go rip your wifi cards out just yet, but you should always adhere to good security techniques. Even without a driver level exploits man-in-the-middle attacks over wifi networks are a threat that you can mitigate by doing things like verifying the SSL certs for things you can connect to and don't do anything you want to remain personal or private over clear text on these access points. Also, for things like instant messaging, grab something like Adium X that supports encrypted IM conversations across multiple platforms. I know iChat does as well, but I am a big fan of something called OTR (http://www.cypherpunks.ca/otr/) which Adium supports.

And no, this wasn't a "Mac OS X"(-specific) or "MacBook" vulnerability; it is a vulnerability in the Atheros driver code, which, according to the presenters themselves, is exploitable on other platforms, including Windows and Linux. Mac OS X was chosen to prove a point, and unfortunately the "point" that many ordinary people ended up getting was that all "MacBooks" and only "MacBooks" were vulnerable to some kind of scary 802.11 attack, and worse, that setting the machine to not auto-associate with access points would solve the problem (it doesn't). Some interesting points from a SecurityFocus mailing list about the Atheros exploit:

* The exploit is running in kernel space and can do _anything_ it wants. It's not running as root because that would involve running under the kernel. In Intel terms, this is ring 0 stuff.

* Firewalls, "preferred networks" and other OS-level mitigation is worthless. The packets don't have to contain any IP data, they are pure 802.11{b|g} frames. The OS doesn't see the packet because it would have to get past the (exploited) device driver.

* The exploit doesn't require associating to an AP, being associated to an AP, anything. It just requires the wireless device to be on.

What this really illustrates is that when you let third-party, proprietary, unaudited code into a privileged capacity on an OS, it could indeed be an avenue for attack.

And now that attack can come from a dedicated device running in someone's pocket. ;-)

(Personally, I see no reason why hardware device makers should keep driver code proprietary, much less the hardware specifications needed to produce an open source driver. After all, isn't their bread and butter the hardware itself?)

This device could also associate with a wireless access point normally, and launch penetration tests against any hosts reachable on the network as well. TFA notes that the device is also equipped with ethernet and USB connectivity as well. Sounds like a neat little device, that could have other functionality as well.

Re:Nifty

[BootNinja]

(Personally, I see no reason why hardware device makers should keep driver code proprietary, much less the hardware specifications needed to produce an open source driver. After all, isn't their bread and butter the hardware itself?)

As far as wireless cards go, what I have heard is that many of the wireless manufactureres will not release proper specs because transmission strength is soft-coded into the driver. an open source driver would allow people to increase the strength of the signal broadcast by the wirless card. This would violate FCC regulations and possibly open up the manufacturer to legal trouble for selling a device that is not FCC compliant.

Not as good as Metasploit

[Riding+Spinners]

CmdrTaco said:

No MIMO-G. Less space than a nomad. Lame.

Uhh

[Devv]

I'm confused. I can't really see why this is much use except for hacking things with wifi but no internet connection and the like or what? And it gives a cool 007 look that no noe should give a crap about. Look I can hack while eating lunch at Mac Donald's with my ready to use exploits! I'm a genious!

Better Name:

[corychristison]

Hack-O-Matic seems more 133t. Instead of Silica...

:-)

Pen Testing?

[celardore]

The articles headline is "'Pen' Testing in the Palm of Your Hand". Wikipedia describes pen testing as "a method of evaluating the security of a computer system or network by simulating an attack by a malicious cracker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities."

For real 'pen testing', stick with what all the hackers already know. Worry about a handy tool to do it with, after you've dealt with tried and tested measures.

Is there a 5-day background check?

[jpellino]

Someone at the FTC, FCC and BSA has to check for alt.2600 postings and such...?

Re:Is there a 5-day background check?

Why would the Boyscouts of america care?

Or for that matter, why would the other BSA care?

Good.

I'm buying one of these tools and super-gluing it to my TV B Gone. Then I'm going to walk into CNN headquarters and completely change the way America gets her news.

Re:Good.

[russ1337]

I'm buying one of these tools and super-gluing it to my TV B Gone. Then I'm going to walk into CNN headquarters and completely change the way America gets her news.

Stopping Government propaganda in this manner would certainly be an act of terrorism.

Re:Good.

[megaditto]

You'll have much better luck with one of these Hacking Devices.

But does it run... oh wait

[andrewman327]

I see this as being very useful in big cities where warwalking is easy. Imagine the data you could gather by walking around Manhatten for a day with this device. I know that a while back 2600 made a color-coded map of open/secured wifi APs in Manhatten, but it would be even more interesting to learn which of those APs are suceptible to different attacks.

It is especially important to note the Bluetooth abilities in this context. IF properly tweaked, one hacker could wander around a major public event and automatically attempt to break into every Bluetooth device in range. You can get within range of thousands of people.

I wonder what errors this device has that need ironing out. Would it be able to detect its own security holes? (Ow, head asploding)

Immunity expects to sell Silica for about $3,000 and is working with external beta testers to iron out kinks before a projected October 2006 launch date.

Re:But does it run... oh wait

[daveaitel]

Functionality errors and UI issues mostly. In terms of security it's just a Linux on ARM with SSHD turned off. CANVAS itself is pure Python, so although there may be overflows in there somewhere, it's not going to be an every-day occurance.

The Nokia 770, the Sony Mylo, and the Trolltech Greenphone are just the start of how Linux + Wifi + mobile devices are going to change the world, imho. If you've done your development correctly you can do a LOT on these devices in very little time. It's the perfect thing for a small company or startup.

-dave

Re:But does it run... oh wait

[HTH+NE1]

I see this as being very useful in big cities where warwalking is easy. Imagine the data you could gather by walking around Manhatten for a day with this device.

Forget warwalking, think about warsmailing (war snail-mailing). Activate one of these devices and drop it in at the post office addressed to yourself. It'll ride in postal delivery vehicles, stopping in front of each house long enough to do some serious searching until it reaches yours. Then unwrap and see what you've harvested. Only cost is the postage and packing, virtually no gas or calories from you. Well, and the battery charge. Include a GPS device.

It will help to be near the end of the delivery route. Maybe address it to a house that doesn't exist and it'll come back undeliverable (though it risks not coming back at all).

Variations would be to use UPS, FedEx, etc., especially how their routing systems take it into interesting business areas. Route influencing could be done by including legitimate packages.

If anyone does this, please let me know of the results. I don't have the ability to do this, so I'm putting it out there for others to try. I've only just thought of it. (I'll be Googling for "warsmailing".)

Note: this opportunity will only last (in the US) until the DoHS decides that any packages with detectably active electronics or EM emissions must be intercepted and detonated, and they may be doing this already. Other countries may vary.

Re:But does it run... oh wait

I see this as being very useful in big cities where warwalking is easy. Imagine the data you could gather by walking around Manhatten for a day with this device. I know that a while back 2600 made a color-coded map of open/secured wifi APs in Manhatten, but it would be even more interesting to learn which of those APs are suceptible to different attacks.

I live on 2nd and 10th in Manhattan, and one day "a friend" did a passive scan with kismet. Quick summary, from my apartment over 75 wireless devices detected. Lots of unencrypted packets, I'll leave the rest of the details up to your imagination. Also there are several security related LiveCD distros already. Its the same as taking a laptop (wireless and bluetooth enabled) with a good set of security tools on it.

Re:But does it run... oh wait

[Asm-Coder]

Dang you, now I have to get one of these. (and GPS) Hang on, wait a minute.... (MOM! Do I have a science fair project this year?)

Re:But does it run... oh wait

[Kadin2048]

I had actually thought about doing something similar a while back. Actually I didn't want to do wireless transmit at all, I just wanted to mail a GPS receiver around and see if it picked up any sort of a trail.

My main question is whether it would ever get much of a GPS signal. You could spend an awful lot of time and money putting together a project like that, only to have it spend its entire journey in steel-roofed buildings and metal trucks where it can't hear the satellites and not get any position fixes.

I've never done any research on the topic, but I wonder if it's illegal to send an amateur radio beacon station (e.g. an APRS beacon) through the mail. Those are pretty simple to assemble and robust, and the range is a lot longer than 802.11. (They use a designated frequency on the 2m -- that's 144MHz -- band to report position to various fixed stations; the results can be seen on the internet among other places.)

It would be pretty neat to watch the progress of a package through the mail system in real time. Even UPS's admittedly slick tracking system can't hold a candle to that.

Re:But does it run... oh wait

[Kamineko]

I don't think I'll be smailing a $3,000 hackamajigger any time soon.

When somebody invents a self booting open-source pen testing suite which you can lop on a cheap laptop, then I'll warsmail for you all you like. (Although, folks will typo with warm-sailing, so be aware ;)

Re:But does it run... oh wait

[everett]

I'd hope you're a middle school or high school student, but I fear you may be a Ph.D candidate this being Slashdot. (Not that there is anything wrong with being 27 and still living with Mom and Dad.)

Re:But does it run... oh wait

My biotech company tried something like this some time ago. We wanted to see measure the range of temperatures encountered during mail transit, so we loaded a bunch of packages up with digital recording thermometers like they have at museums and sent them off to friends with desert or arctic-type addresses. Nobody at the post office seemed to notice or care, although of course this had a lot less potential for harm than a wi-fi probe.

"hand-held hacking tool" aka...

[Esion+Modnar]

a machete. TIBHAW,TTV.

Script kiddies

(...) Immunity's Canvas product to allow security professionals to conduct pen tests while walking through office cubicles.

Since it's a pen-based device, should the users of this product be classified as "script kiddies"?

Don't delay! Buy now! The first 10 buyers will also receive an official Immunity Canvas' McGyver Swiss Army knife* (with lock-picking add-ons) and a t-shirt bearing the sentence "Look, mom: I'm a hacker!" in the front and "kick me" in the back.

* Parents: this is a safe product; to prevent injury, the Immunity Canvas' McGyver Swiss Army knife is manufactured in non-toxic plastic.

So... it's a Zaurus running a pen-testing toolkit?

[Lxy]

The article doesn't specify details, but it sounds like what you can do with a Sharp Zaurus. You need to be selective, but you can get linux running with something like metasploit without too much effort. This unit's got more RAM and disk I'm sure, but it's hardly revolutionary.

I've already got a portable hacking device...

[wwiiol_toofless]

it's called a hatchet. (Thank you, I'll be here till 5, be sure to tip your admin!)

Re:I've already got a portable hacking device...

[wwiiol_toofless]

Ah dammit, I'm redundant! Get outta my brain plz.

Re: First Post SNAKES ON A PLAIN!

[Lxy]

The word is PLANE, as in those big metal things that fly.

If you want to see Snakes on a PLAIN then go to Nebraska. They have lots of them there.

Immunity's Dave Aitel

[StikyPad]

Not to be confused with Insomniac's Dave Attell, although both equally fond of the back door.

oblig

[Lurker2288]

And they sure are sick of those m----- f----- snakes on those m------ f----- plains. Forgive me.

Proximity is no problem.

[Ungrounded+Lightning]

You won't see any WLAN viruses' base on driver level exploits any time soon for one very important reason, proximity.

One of the proposed uses is to turn it on and mail it to the site in question. It can perform "tests" (including man-in-the-middle attacks) "while sitting on the CEO's desk".

Or in the mail rooom. On in the inbox of somebody on vacation.

Of course that means it (or a similar device) could be shipped in the same way. It could run for a couple weeks (or until the battery is exhausted), rooting around the company's wireless LAN and shipping the result out the internet to the attacker's safe drop. Then (or when the package it opened) it could purge its own software and self-destruct or turn itself into something innocent appearing, such as a promotional toy. (Perhaps it could sucker somebody into recharging it.) Or it could be built into some other object and never discovered.

If the IT staff isn't on the edge of their seats about searching for rogue WiFi devices and/or sniffing network traffic it could have weeks to work undetected. Even if they ARE on the ball and have the cutting-edge stuff it can snag a lot of interesting stuff at computer speeds in the time it takes to hunt it down and kill it or succesfully cut it off from all outside contact (including masquerading as a legitimate device).

Re:Proximity is no problem.

[SatanicPuppy]

Couple of weeks? For a wifi enabled hand held device? Where the hell do you buy your batteries?!?

Unless it gets hooked up to some kind of battery array, I think we can safely peg the window for this thing at 24 hours at the extreme outside, though it's probably less than 12.

Now, depending on how smart it is, you could have it come up for 5 or 10 minutes at a certain time when you know something good will be available (e.g The boss syncs his pda), but it would have to be some cron-esque computer scheduled job, and I'm not sure why any environment (other than maybe a retail environment) would be running a regular job across wireless.

I think it'd be much more effective for the old Delivery Guy trick; something to keep in your pocket while you wander through the office, looking for someone to deliver your package to...Though I don't know how it is in other places, but where I work everything gets signed for in front, and a guard brings you your package. Of course, we don't use wireless either, so that's two for two.

Re:Proximity is no problem.

[drinkypoo]

I can get about 16-20 hours of runtime using wifi on my iPAQ H2215 with the extended battery; something like 24 hours of runtime while playing music and/or watching movies without wifi being on. (I have a sandisk 128MB CF+Wifi - it has no internal wifi.) Using something about the capacity and size of a laptop battery would definitely let you get obscene amounts of runtime. My iPAQ is nowhere near the most efficient PDA, either.

Re:Proximity is no problem.

[SatanicPuppy]

Can't find anything like technical specs on it, but its described as being "slightly larger than a regular pda", which seems like it would definitely require external battery to get above a day of uptime.

I wonder as well about broadcast power vs battery life...In strictly passive mode it wouldn't matter, but trying an active MiM attack, you'd need to be broadcasting pretty strongly not to have the existing signal drown you out.

Re:Proximity is no problem.

"Of course that means it (or a similar device) could be shipped in the same way. It could run for a couple weeks (or until the battery is exhausted), rooting around the company's wireless LAN and shipping the result out the internet to the attacker's safe drop. Then (or when the package it opened) it could purge its own software and self-destruct or turn itself into something innocent appearing, such as a promotional toy. (Perhaps it could sucker somebody into recharging it.) Or it could be built into some other object and never discovered."

Ya, go ahead, earthling. Send me one of these (According to TFA) $3,000 toys.

Pawn shop value: US$50.00

Playtime value: Priceless

Re:Proximity is no problem.

[Amouth]

you are thinking of sitting there and using it..

if you don't have the screen on or the back light you can run for over a day and more if you only run wifi or bluetooth...

i have a dell axim x30 with the extended battery - internal wifi .. i have turned on the wifi and logged into aim and forgot.. it went to sleep (cut the screen off) but it kept the wifi going.. came back to it a day later and the battery was at around 30-40

if you design something to last you can pull it off..

Re:Proximity is no problem.

[Ungrounded+Lightning]

Ya, go ahead, earthling. Send me one of these (According to TFA) $3,000 toys.

What are your company's technology secrets, customer lists, and/or bid calculations worth to your competitors?

$3,000 hardware cost on an industrial espionage operation that lets your competition marginally underbid you on, say, a $200,000,000 project with 60% margins? Chump change.

On an op that lets them snatch your design secrets and combine them with their own, building a new product that drives your company under? You can play with the "toy" in the unemployment line.

Nice, but does it run...

...Oh, never mind.

interesting, but...

[Tumbleweed]

...not as cool as the one the Warbears use .

Finally

[kanzels]

Finally a feature from movies becoming reality ;-)

Metasploit has run on Zaurus for over 2 years

Metasploit has been successfully running on Zaurus for over 2 years... And has more exploits (not two thirds DoS's like Canvas)... And the exploits actually work... And its free...

Re:Metasploit has run on Zaurus for over 2 years

[daveaitel]

Let's face it though, typing RHOST=192.168.0.1 into a Zaurus isn't exactly user-friendly even if you got more than 30 minutes of wireless time out of the Zaurus battery. :>

Last I checked we have 5 DoS's. But it's not quantity with something like this, it's quality. You need one really good Linksys exploit, no? :> Last time I checked CANVAS is the only product that has a Linksys overflow, but I'm happy to be proved wrong.

-dave

Re:Metasploit has run on Zaurus for over 2 years

oh, I get it now. this is just lame grandstanding

Re:Metasploit has run on Zaurus for over 2 years

Re: MSF exploits are actually reliable. (original post) Last time I saw a co-worker use a version of Canvas, 3 out of 4 attempts with the chunked encoding for Apache win32 crashed the service, the fourth did nothing. MSF was 4 for 4. Also the lab IDS (Sourcefire box) caught all of the Canvas attempts, but not MSF. The MSF command shell presented post exploitation doesn't peg the CPU on the auditors workstation, can't say the same for the quality 1995 widget set the UI in Canvas uses.

Re:Metasploit has run on Zaurus for over 2 years

[spinja]

I agree with Dave on this. Using Metasploit in its current form isn't much fun on the Zaurus. I have been working on something similar off and on for the last two years (using two Z 5500's) and the biggest problem is the user interface and automation. While it is possible to script up some ninja magic with Metasploit, the time required to do it right may be worth the price of the Immunity's SILICA device.

As version 3.0 of the Framework gets closer to release, expect the situation to change. The new plugins and auxiliary modules will allow this type of automated hackery and tool integration. If anyone wants to help, we are always looking for sharp developers. The 3.0 codebase is written almost entirely in Ruby and we even have some developer documentation. Anyone interested should send an email to hdm[at]metasploit.com with a list of their skills and any specific areas they want to work on. The 3.0 beta 1 release can be obtained from the following URL:

http://metasploit.com/projects/Framework/msf3/

-HD

Re:Metasploit has run on Zaurus for over 2 years

What CPU, LCD, and ethernet chipset will be in Silica?

Good portable device

[identity0]

I'm actually looking for a good mobile device right now, which doesn't have to have these security tools, but be a general-purpose geek tool. Unfortunately, I've yet to find a good one. It seems most companies are trying to woo consumers with flashyness and power instead of mobile usefulness.

What I want is a portable device the size of the old Libretto or Picturebook, with all the modern memory card type slots, wi-fi, ethernet, phone, USB, Firewire, PC-card, and anything else needed to interface with common devices and perhipherals. I don't want to have to carry a bunch of dongles and USB cables to use common hardware I might run into. I don't want a fast processor and memory, I just want the hardware interfaces and the longest possible battery life in a very small package.

All the mini-notebook makers out there seem intent on trying to cram as much processor power and memory into a small package, which incidentally results in them running so hot they could burn you, and shortens battery life to lunch-break length. What are you going to do with a Athlon 64, play WoW on a 8-inch screen?

*sigh* maybe this device will be different, but seeing as how it says "Currently it supports 802.11 (Wi-Fi) and Bluetooth wireless connections or optionally Ethernet via USB", it doesn't sound like it.

yes, that small

[brennz]

I saw this at Defcon in the Immunitysec booth. Dave had some nice demos going on, and he was also showing off
Visualsploit http://www.immunitysec.com/documentation/vs_niprin t.html

Silica is a full port of Canvas onto the Nokia, not "allows simulated hacking attacks", instead "full exploitation framework".

Canvas licensing creams Core Impact (3kish vs. 30k).

Re: First Post SNAKES ON A PLAIN!

[Ninwa]

Is it considered bad karma to reply to your own AC with a joke and get +5 for it? Just sayin'!

Next up: Windows version

[xtaski]

Next they'll have a Windows version: it will come preloaded with 150 viruses, worms, and network security tools. Just put it in your shirt pocket, walk through your office and infect coworkers' PCs.

positive?

[Fuzzums]

I don't know if "... and is based on Linux." is really that positive for the Linux reputation :)

this could be bad for security

[jessecurry]

if this is too widely used it could have a negative impact on computer security as people running penetration tests may get lazy and simply run through the tests that this handheld device supports rather than carrying out an exhaustive security analysis.

Re:this could be bad for security

[pete6677]

Nah, they'll just ban these devices from the office, thinking that will keep the network secure.

Portable electronic thumb?

Ok, so are half the security researchers on the planet going to be working against this, while the other half work on updating it?

LARPing!

[Whatsisname]

Sweet, now it is time for Deus Ex LARPing! Grab my crossbow and sunglasses and I'm set.

Why is this a good thing?

Yes, I know testing your security is a good thing, making sure you have everything save and "hacker-proof." Not that things could EVER be totally hacker-proof.

But selling a hacker tool? Isn't that like advertising your p2p service by saying you can get copyrighted material on it? Or saying that your pistol is great for killing people? Shouldn't that be wrong?

"Here! Take this CD! You can crack any encryption scheme anywhere! But remember, its just for knowledge sake and you can't use it! We will not be held responsible for your actions! GOOD LUCK!"

o_O

"A portable hacking device equipped with hundreds of exploits and an automated exploitation system will go on sale in the United States in October."
^^ They call it a hacking device in the first sentence. They go on to say its for security testing, and that law enforcement and businesses have shown interest, and that it's $3000--which would stop a lot of script kiddies and small time hackers. Maybe its just me that feels odd about the hacking tool in the first place. I feel odd about lock picks! I know that they're supposed to only be sold to keymakers (Are you the keymaster?) and locksmiths. But you always find a small ad in the back of some cheap magazine for x-ray glasses, super strength pills and lock picks. What's to say these hacking tools won't?

VCRs can be used for piracy. Guns can be used to kill. This hacking tool can be used to hack people's computers. They have good uses, too. But which of those uses would be more likely and more prevelant?

Portable hacking device you say?

Reminds me of this

FYI

for future google queries TIBHAW, TTV == Thanks, I'll be here all week, try the veal.

Old tech...

[Gli7ch]

Pfft. I used hundreds of tools like this when I was in UNATCO way back in the 2050s.

Multitools I think the were called.

Re: First Post SNAKES ON A PLAIN!

[geekoid]

Oh, I that it was a transendental plane of meditation.

Nintendo-based?

[tholomyes]

I was just thinking today that, with the Max Media dock and Linux, you could do something like this on your DS lite. Not a lot of practical use for the average user, but useful for comprehensive penetration testing.

Digging through Eisenberg's office

[Goraek]

Finally, I'll be able to run that damn gate bypass...

That linux stuff is just for hackers

[flappinbooger]

Didn't the **AA say that a while ago?

Or, should I say HAXX0RZZ...

imagine

a beowulf cluster of these babies.

US$ 3k

[DieNadel]

Dave,

Since you're here: why such a high price-tag? I'd say that it's to prevent kiddies from using it, but I'm curious whether the cost of putting it together would be so high.

Anyway, congrats on the good idea.

Re:US$ 3k

[daveaitel]

Because there's a lot of boring work that has to go into something like this, which means Immunity has to pay someone to do it, hence, we have to charge money to get it out the door.

Imagine buying a thousand cheese sandwhiches, adding a garnish, and shipping them to people all around the world. Not cheap! And you didn't have to do any advertising or hire people to answer phone calls from customers who don't know which hole a sandwhich goes into, document all the parts of your sandwhich for people who like that sort of thing, or update your sandwhich every month with new exploits.

There's also a lot of really fun work to do here, which is why it's not costing you 100K and why it's getting done at all from a company without VC funding.

Re:So... it's a Zaurus running a pen-testing toolk

[Irongeek_ADC]

I've not put Metasploit on mine, but I can't see why it's not possible. Here are some of the things I ave installed:
Nmap
Zethereal
Ettercap
Ngrep
TCPDump
Kismet
Nmap
THC-Hydra
Nemessis

http://www.irongeek.com/i.php?submenu=zaurus/zauru sheader&page=zaurus/zaurusmain

All on a Zaurus 5500 and for a lot cheaper than the asking price of this new toy.

Closed source device

[DrYak]

Personally, I see no reason why hardware device makers should keep driver code proprietary, much less the hardware specifications needed to produce an open source driver. After all, isn't their bread and butter the hardware itself?

Hardware *was* those companies' bread and butter a long time ago, when hardware was a big bunch of complicated dedicated chip cummunicating together. All the secret was in the hardware. And due to the diversity of OSes back then, a company had better to show specification in order to catch more market (An old ATI SVGA card I had back then was packaged together with complete register specifications so one could hack it's own drivers in adition to the few packaged in (Windows, AutoCAD, etc.)).

Today, hardware is mostly a third party chip slapped on a reference board. The company that sells them (like D-Link) get the chip and the drivers in the same package (like, say, from realtek) they don't develop anything and thus don't have anything to document.
And nowadays, more and more of those chips aren't dedicated chip, but in fact some highly programmable chip with somewhat customized IO ports and special hardware (connectors, antenas, etc.) connected to the Port. Most of the magic is in the drivers and the firmware (look at how much gizmo - like routers - today are a plain SoC with special IO. Some run linux, most run secret software). And such chip producer have a lot of incentive NOT publish standarts, because :

• voluntary product limitations and/or segmentation (some /. mentionned the signal power limitation. I may mention the number of computer that can be connected to a xDSL modem) may more often be limitations in the drivers and/or firmware. By making it open, chip maker will enable user to remove such limitations and exploit their hardware to its full potential, THUS REMOVING THE POSSIBILITY TO EARN MORE CASH by selling them a more expensive version without the limitations. (just have a look on all "I converted my dual controller to Full RAID or converted my plain celeron to SMP capable, just by flashing and/or rewiring a pin"-type of guide that you can find all over the internet).

• a lot of bugs and such other limitations may not be due to br0ked hardware, but circumvention around the bugs may be done in the firmware and/or the drivers. Making the drivers and/or specification available will enable the users to circumvent the bugs, THUS REMOVING THE POSSIBILITY TO EARN MORE CASH by removing the incentive that users have to buy a newer fixed version of the same hardware they already have paid for

• Because the chip are rather multi-purpose, opening the specification, firmware and/or drivers would enable users to hack their hardware and find new creative and useful way to use the hardware, in ways which wasn't intended initially by the creators, THUS REMOVING THE POSSIBILITY TO EARN MORE CASH by selling a new different product to do the new activity to users who already bought before the same hardware for another purpose under a different product name. (As a counter exemple just look at what hapenned with the small WiFi-enabled routers that run linux. Since the system is open, users group found a lot of creative way to abuse the hardware, like giving it mesh ability, or converting to a low-power war-driving box, etc. Excpet that Linksys and other using the same design understood the oportunity and even started selling "deluxe" box with more memory and CPU speed to attract more hackers to buy the product)

• As the magic is more in the software than in the hardware, there's a risk that user and competitor realise that 99% of the processing is done in software on the CPU and the last 1% could be swapped with any other similar hardware from other manufacturer, THUS REMOVING THE POSSIBILITY TO EARN CASH by selling this 1% themselve. (as an example see the WinModems who only were glorified sound cards with most decoding work done in the CPU. The same could be done wit

Food for thought...

Sonic Drive Inn's credit card machines that they have on every stall runs on wireless.

Ehehe

[nnn0]

i did that on my linux running ipaq a couple of years ago, only news here is that now you can get one preloaded. it took me days getting linux to run on that old ipaq :)