Teardown: Recon Sentinel

It might be hard to imagine now, but there was a time when the average home had only a single Internet connected device in it. This beige box, known as a “desktop computer” in those olden days, was a hub of information and productivity for the whole family. There was a good chance you might even need to wait for your turn to use it, since it’s not like you had a personal device in your pocket that let you log on from the bathroom whatever room you might be in at the time. Which is just as well, since even if you had broadband back then, you certainly weren’t shooting it around the house with the Magic Internet Beams that we take for granted now.

Things are a lot more complicated today. Your computer(s) are only part of the equation. Now there’s mobile phones and tablets sharing your Internet connection, in addition to whatever smart gadgets you’ve brought into the mix. When your doorbell and half the light bulbs in the house have their own IP address, it takes more than a fresh copy of Norton AntiVirus to keep everything secure.

Which is precisely what Cigent Technology says the Recon Sentinel was designed for. Rather than protecting a single computer or device, this little gadget is advertised as being able to secure your entire network by sniffing out suspicious activity and providing instant notifications when new hardware is connected. According to the official whitepaper, it also runs a honeypot service Cigent calls a “cyber deception engine” and is capable of deploying “Active Defense Countermeasures” to confuse malicious devices that attempt to attack it.

It certainly sounds impressive. But for $149.99 plus an annual subscription fee, it better. If you’re hoping this teardown will tell you if it’s worth springing for the $899.99 Lifetime Subscription package, don’t get too excited. This isn’t a review, we’re only interested in cracking this thing open and seeing what makes it tick.

Well…That Was Easy

Folks, this is a first. Inside the Recon Sentinel’s oddly shaped injection molded enclosure is a ROCK64 board from Pine64 and the same I2C 16×2 LCD that we’ve all got kicking around our parts bin. That’s it. Beyond the enclosure, the only custom made component for the Recon Sentinel is the adapter cable that goes from the 40 pin Raspberry Pi style expansion header down to the four wires that connect to the display. It’s even packing a run-of-the-mill SanDisk 8 GB micro SD, at least the one in the Wonder Bible was branded.

It’s no exaggeration to say that the hardware for this product is only one step above a DIY weekend build. You could go on Thingiverse right now, find a printable case that could take this identical LCD and whatever flavor of Linux board you’re fond of, and be half-way there. Which would be fine if this was some kind of prototype, but this is what they’re actually shipping out to customers.

While calling it “easy” might be a stretch, building a single board computer (SBC) that runs Linux is now within the reach of the dedicated hacker. We’ve also seen a number of individuals create custom carrier boards for the Raspberry Pi Compute module. In short, there’s no technical reason that even a small company couldn’t pump out a custom board that would be a better fit for this application. Something with dual Ethernet interfaces would have been ideal, and there’s no reason to include USB and HDMI ports if they’re never going to be used.

That said, it looks like Pine64 was clearing out stock of the entry-level ROCK64, selling them for just $25 USD in single quantities. The Recon Sentinel might be the product of some bulk-order deal that brought the unit cost even lower. It wouldn’t be the first time one company’s fire sale lead to the creation of a new product.

Doing Recon on the Recon

We don’t normally concern ourselves with the software side of things during these teardowns, but frankly, there’s usually more hardware to look at. So in this case, it seems appropriate to take a closer look at the Linux system running inside the Recon Sentinel. Clearly that’s where all the time and effort was spent on the product anyway.

I searched online a bit and didn’t find any indication of what the root password for the Recon Sentinel is out of the box, but of course it’s not hard to gain access when you can just pop the micro SD card out. I mounted it on my desktop, wiped the hashed root password from /etc/shadow, and then replaced the sshd_config file with a minimal version that allowed root logins and blank passwords. I didn’t want it phoning home, so I plugged it into an unused wireless router that allowed it to pull a DHCP lease without getting a link to the Internet. The LCD showed an error message about connectivity, but I was able to log in over SSH with no issue at that point.

The system appears to be the standard Debian Stretch image that Pine64 distributes for the ROCK64, with the addition of some Raspbian packages. It looks like most of the custom software developed for the Recon Sentinel was developed in Python, so it’s easy to open up the files and see what its up to. There’s also a handy tool called lcd_display that allows you to push two lines of text to the screen which is used extensively throughout the system.

While it’s easy enough to pop in and poke around (and convenient that the LCD is already set up and working), there’s a few issues with the OS that make repurposing it impractical. For one thing, it appears that local logins have been disabled entirely. I also noticed that after a few minutes the device reboots, probably because it can’t connect to the Internet. Of course you could identify and undo these changes, but I think your time would be better spent wiping it and starting fresh.

Putting the Sentinel to Work

Ultimately, the Recon Sentinel may be one of most unusual commercial devices we’ve ever looked at. Sure we’ve uncovered boards we recognized before, such as the Electric Imps that are often found hiding inside of Quirky’s line of oddball IoT gadgets, but nothing quite like this. If there’s a more eminently reusable device for hardware hackers, I can’t imagine what it would be. Just wipe the SD card, do a fresh install of Debian, and you’ve got a handy little Linux box with a built in LCD display that you could use for literally anything.

In fact, some enterprising company has apparently gotten their hands on a bunch of surplus Recon Sentinels and started offloading them on Amazon as development kits. Prices seem to fluctuate, but overall it looks like you can pick one up for less than 15% of the original price. It seems like a safe bet that things aren’t going so great for the company, so personally, I’d skip the Lifetime Subscription. It’ll probably end up being a lot shorter than you hoped for.