Partial answer:
This page says the VIX TP5000 ticket processer has an RS422 interface option, which uses a 6V differential signal. So first thing I'd do is to get an RS422 USB dongle for 20 EUR or so, and have a look.
Next thing I'd do is to put it in a room with some access point with random SSID, and sniff traffic on a third computer with airomon
from aircrack-ng
and/or with wireshark
once you found a channel, to see if that gives any clues.
Edit
As it scans for an AP with SSID ERG
, do the following:
Use hostapd
to set up an unencrypted AP, see if it connects (i.e., associates and authenticates, use hostapd_cli
). If yes, you have won.
Otherwise, set up a WEP-encrypted AP, sniff traffic and see if you can't use this to crack the WEP password.
Once it connects, run wireshark
on the AP network interface. If you see a DHCP request, run a DHCP server. If you don't see any, maybe it already has a static IP address. Try a broadcast ping (ping -b -I 255.255.255.255
), if necessary scan the whole IPv4 address range with ping.
1Difficult to answer without any details, like exact model of the embedded system, whether it has a serial console or not, whether it has LAN or not, ... While WEP is crackable e.g. with
aircrack-ng
(WITH an AP so you can sniff traffic), there are very likely easier ways to get in. – dirkt – 2017-09-24T13:31:29.690hi its a VIX TP5000 it runs some version of linux on powerPC arch there is no Ethernet and there is something that looks like serial but with 6v on one pin and 0 on another and the last is common to system ground. I have though about using aircrack but id need to find a willing host to let me have a go with there system – Sam Jones Martin – 2017-09-24T13:52:50.417