Zsun SD111, SD112 and SD113 are Wi-Fi / USB flash drives with respectively 8GB, 16 GB and 32GB storage. GearBest sent me the 8GB version (SD111) for review, as it could be an interesting platform to hack. I’ve take picture of the device, take it apart to check the board, review quickly the standard features with Android and Ubuntu, and try to access the board from the network.
Zsun SD111 Unboxing
I received the device in the following package.
The flash drive comes with a micro USB to USB cable for charging and accessing the device from a computer, and a user’s manual in Chinese.
You’ll probably prefer using a soft copy user manual in English…
Zsun SD111 Board and Battery
To open the stick, insert a sharp and thin object in the hole for the neck strap, and push upwards to lift the top cover a little, and finish popping up the cover with another sharp object. I used some tools from a dissasemble toolset I recently bought.
The Wi-Fi SoC is Atheros AR9331, AXP192 is used for charging, and on the top of the Qualcomm SoC you’ll also find UART pins probably allowing access to the serial console (Not tried yet). There’s also SMSC USB2240 USB bridge to handle the USB flash drive part of the device.
On the back you’ve got the flash and RAM, with the board being named SD111_HW_V2_0.
The battery is apparently 700 mAh as claimed in the specifications.
In my first Zsun SD111 blog post, the specifications were not fully complete, so here’s an update:
- SoC – Qualcomm Atheros AR9331 Wi-Fi SoC @ 400 MHz
- System Memory – 32MB DDR SDRAM (Winbond W9425G6JH-5)
- Storage – 8 MB SPI flash (Winbond 25Q64FS1G) for firmware, and 8 GB eMMC (Toshiba THGBM2G6D2FBAI9 ?) for storage
- Wi-Fi – 802.11 b/g/n up to 150Mbps with open, WEP, and WPA/WPA2 security.
- USB – micro USB 2.0 port to transfer files and charge the battery
- Battery – 700 mAh Li-Po battery. Good for 3h30 of continuous use. Includes automatic power off after 5 minutes of inactivity.
- Misc – Power button, abd LED
- Dimensions – 8 x 3 x 1.2 cm
- Weight – About 30 grams
Zsun SD111 Mini Review
I’ve put the device back together, to try it out. First I connected it to my Ubuntu PC with the provided USB cable, and charging LED went on, but the drive was not recognized as a standard USB flash drive, and nothing was shown in the kernel log. That’s because it needs to be switched the USB storage mode in the app as we’ll see later.
First you need to press the power button on the top of the stick for two seconds to turn it on, and install Apple Extender (previously known as SuperDisk) app in Android or iOS.
Then you can either connect to zsun-sdXXYYZZAA ESSID via the Android setting, or simply start the app and select the device ESSID. From there you’ll then be able to access the files and drive on the flash drive, and copy files and directory from/to your phone and it works quite well.
When you select files or folders, icons to share, copy, cut, and delete appear at the top. Further options are available with the setting button, such as changing the ESSID, checking the firmware (via Device state menu), backup the data and so on. You may to select “Connect network” if you rely on your Wi-Fi router for internet connectivity.
If you want to use the device as a standard USB flash drive, you need to slide the blue button on the bottom right in order to enter “PC” mode.
In theory, It’s also possible to access the flash drive with Wi-Fi from a PC, but you need to install ZSunCloud.exe program (Windows only) from http://www.zsuncloud.com/. Unfortunately, I;’ve been unable to find the program, maybe because I can only read a few Chinese characters… [Update: ZSunCloud.exe is actually inside the stick, as we’ll see below]
TCP Services Opened on Zsun SD111
I’ve also checked whether it could be possible to access the device from the network, So I enabled Wi-Fi on my computer, and connected to zsun-sdXXYYZZAA access point.
Let’s find the subnet used:
1 2 3 4 5 6 7 8 9 |
jaufranc@FX8350:~$ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:0f:53:b1:01:21 inet addr:10.168.168.101 Bcast:10.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20f:53ff:feb1:121/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21 errors:0 dropped:0 overruns:0 frame:0 TX packets:93 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4389 (4.3 KB) TX bytes:17762 (17.7 KB) |
and scan for open TCP ports:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
sudo nmap -sS 10.168.168.1 Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-14 09:06 ICT Nmap scan report for 10.168.168.1 Host is up (0.046s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 8080/tcp open http-proxy MAC Address: 00:03:7F:11:56:48 (Atheros Communications) Nmap done: 1 IP address (1 host up) scanned in 21.91 seconds |
So Telnet is open, but unfortunately I could not find the login credential, trying the usual root/root or admin/admin. I also tried to load the webpage in my web browser with http://10.168.168.1, but I got was an empty page with the title “Success”. Looking into the code it will provide a download link if it detects Android, iOS mobile device or a Windows computer, and this is the link to use to download the windows application: http://10.168.168.1/cgi-bin/Submit.cgi?name=windows.
Trying http://10.168.168.1 generates an “Access Error: Site or Page Not Found” page.
So unless we can find the right username / password for telnet, it seems impossible to access the device without soldering the UART pins, and I may try to do just that this week-end if some of you are interested.
GearBest, which kindly provided the sample for the review, sells Zsun SD111 (8GB) for $22.74, but if you want more storage can purchase 16 or 32GB versions on DealExtreme, Amazon, GeekBuying, and others.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
http://www.amazon.com/Wireless-Portable-Storage-Smartphones-Tablets/dp/B00KX2F9IS/ref=sr_1_12?s=electronics&ie=UTF8&qid=1415893488&sr=1-12&keywords=wireless+flash+drive appears to be the same device at a better price.
Hmm.. would be interesting to see the results if you scan the device. I believe you only scanned your own Ubuntu computer first time..
i prefer this one
http://www.aliexpress.com/item/TA9315-Multi-function-WIFI-150Mbps-Wireless-Router-4000mAh-Power-Bank-Support-Audio-SD-Card/874806807.html
You scan you own computer, not zsun stick
Excellent, thanks for review! I suspected ad materials were a bit cunning to call it to have “Qualcomm SoC”, glad to know it’s ol’ good Atheros AR9331 actually!
The rest of specs are good too, but I find “There’s also SMSC USB2240 USB bridge to handle the USB flash drive part of the device.” a bit cryptic. What do you mean – there’s real eMMC connected over QSPI bus, right?
The lack of 22/23 ports open is actually good, as it means it’s not the case that sole purpose of this device is to compromise user’s data. And usage of nginx in addition to that gives an impression that guys actually tried to do it right, not just flashed reference SDK build on it. But there’s no 443 port open, so no talk of real security.
Another unclear moment is: “You may to select “Connect network” if you rely on your Wi-Fi router for internet connectivity.”. Can you please describe unambiguously how it’s possible to connect to both normal Internet connect and ZSun over WiFi? Thanks in advance.
And yeah, waiting for your UART soldering results. You may also want to run Wireshark to see how that Android client works.
Thanks again!
Oh, and looking at the official site, they have models with up to 128Gb now. But they lost English version of their site ;-).
> There’s also SMSC USB2240 USB bridge to handle the USB flash drive part of the device.
Ah, I slowly seem to be getting that too. So, it seems they use dedicated USB-flash controller to handle “USB” mode. That’s also apaprently the reason why you need to switch WiFi vs USB modes. Still, dunno why. It’s impossible for AR9331 not to have USB device interface support (right?), so is that the case that USB2240 is known high-performance controller (and/or maybe AR9331 has only 1.1 device support? Need to read datasheet.)
@bjarne
@guest
I realized this morning, and I was hoping nobody would notice…. Anyway, I’ve updated the post, and the telnet port is indeed open.
@Paul
Sorry, big blunder when scanning, as I scanned my computer… I probably did that a bit too late before going to bed.
So telnet (23) is open, but I don’t know the password, and it’s probably not running nginx.
About “Connect network”. If you want to connect to SD111, you need to use this access point, which by default is not connected to the internet. So if you use 3G/LTE no problem. Now if you want the stick to connect as a bridge between your phone and router, select “Connect network” (as shown in the screenshot), it will list the ESSID in your environment, select your router Wi-Fi, input its password, and there you go, you can connect to the stick, and access to the internet via Wi-Fi through the stick.
@cnxsoft : Thanks for updates.
So, can we go a bit deeper into “Connect network” feature: you select “Connect network” within Zsun client app, what happens next exactly? Does “it will list the ESSID in your environment” looks like native Android WiFi connection dialog (together with following password dialog)? Or rather, it’s all inside Zsun client app, and you input WPA password into it (which thus can compromise it)?
In either way, that means that Android device would be connected to 2 WiFi APs at the same time. Fairly speaking, I never heard about tat being possible at all (far less supported by Android), that’s why I’m going to detailed on it. I surely heard about WiFi device having 2 APs at the same time, or being an AP and client at the same time, but again, never heard about connecting to 2 APs at the same time.
Actually, if you think it about it, it’s not possible in general case, when 2 APs are on different channels. So, how that must work in Zsun is that user keeps being connected to Zsun, ESSID/passwd of another AP being passed to Zsun, and Zsun then connects to it and proxies user’s traffic. Well, that’s not exactly ideal – it will lead to extra battery usage on Zsun.
Sorry for going in such detail on this stuff – I really hoped that Zsun is a product which has any value for mere people, not just hackers. Not sure it is. Of course, it’s WiFi what is to blame – it is utterly not suitable for forming piconets, and thus even chip pricing like ESP8266 doesn’t make it good choice for IoT. Well, it’s another matter.
@Paul
Everything is done in the app.
The Android device is only connected to the Zsun device. Packets are send the to the zsun device which forwards it to your Wi-Fi router. It just works like Soundmate I reviewed some time ago.
Just got this device and really thanks for this excellent post ( the only English version I could find 🙂 ). I am not able to see any files in the app and its just keeps ‘loading’. Also, the firmware downloaded but didn’t update. Anyone faced similar issues?
Gearbest also has this similar product:
http://www.gearbest.com/usb-flash-drives/pp_112476.html
Zsun software fails to work with my zsun stick (downloaded both from zsoundcloud.com and appstore)
Android L – Sony Xperia Z2
let me tell you:
telnet:
port 11880
root
zsun1188
samba:
Admin
5up
Iv had mine about two years never been able to use it the app I have appears to all in Chinese. Is there a video to take you through it step by step.
Regards Colin
@Colin
I used that app: https://play.google.com/store/apps/details?id=com.wltx.mycloudclient&hl=en, and it was in English when I used it. I did not have to do anything to change the language.
login: root
password: zsun1188