DATAPUISTOKEMISTI

ZTE MF286 has built-in factory backdoor allowing root shell access on embedded Linux running inside router. However since we don't know RSA-2048 private key used for encrypting device specific password we're not able to use this. Which doesn't mean we won't have other means to gain root shell.

When doing NAT with pool of addresses to choose from (instead of masquerading) Linux insists on always using same IP from pool for particular source IP. Often this is preferred, but not always. To workaround we need to patch kernel a bit.

Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.

Sorry, one more B593u post but felt this is worth documenting. While hacking my way into Huawei B593u I had big problem with Huawei crippled CFE bootloader. It was not talking to me and when I finally did get it to talk to me it was only one way. All I could see was CFE> prompt after smashing ^C but nothing else.

Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.

I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.

CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf

Some time ago I purchased external 3TB USB 3.0 hard disks, TrekStor DataStation maxi light 3TB to be exact. It seem disk models and manufactures used by TrekStor vary, which is no surprise. Therefore I have externally identical disk enclosures with three different models of disks due making three separate purchases over few months.

Huawei B593 has "few" security issues. If you want to play around here's some tips.

Same as old post except with updated patch for fresh Handbrake SVN version. Handbrake does good job auto-cropping black bars from source and calculating resulting aspect ratio. However if you're encoding digital TV recordings it's common to have channel logo on otherwise black portion of image.

XBMC has addons for various geolocked services, Hulu and iPlayer being among most popular. Switching between VPN connections manually gets boring quick so I hacked following script that will automatically connect and disconnect VPN to US / UK on demand. Tested with XBMCbuntu and XBMC 12.0 Frodo.

Enabling extroot on OpenWrt 12.09-rc1 is bit tricky. Likely reason you're trying to enable extroot is lack of free space i.e. router with 4MB flash. Problem is that unless you're interested in creating custom firmware images there's no space left for tools to enable extroot using old procedure. Following has been tested with TP-Link MR3220 v1. It's ar71xx with 32MB RAM and 4MB flash being lowest end of currently supported OpenWrt compatible devices.

Some years ago patch for OLSRd v0.5.6-r2 surfaced that added support for loadbalancing single flow over multiple paths. Documentation on how to set it up is scarce. I did get it working to some extent. It's somewhat unstable and doesn't really like single mesh node having multiple network interfaces, but it does loadbalance traffic over multiple paths as promised.

Sometimes when troubleshooting misbehaving applications having complete dump of process memory comes handy. Here's small script that does exactly that on Linux. Run it with pid of process you're interested as parameter.

Atheros WLAN card on my hack laptop HP nc6000 died sometime ago. No problem I thought as I had unused Intel 2200BG. After swapping card I was greeted with 104 unsupported wireless network device error. While 2200BG was one of original options for nc6000 one I installed had wrong PCI subsystem ID. Quick googling showed multiple people killing their nc6000 after flashing hacked firmware requiring soldering iron and eeprom programming device to recover. Nothing wrong with that and that most certainly has higher hack value, but not for me this time. Since card itself was ok for BIOS I started thinking if I could somehow change ID supplied by card to one HP BIOS accepts...

Need RDP access to remote Windows server or workstation, but forgot to enable it after installing OS? If there's no firewall blocking and required components are installed (as they are by default) run following command as user that has admin rights on target PC. PSEXEC.EXE -s \\HELSI1136 CMD.EXE /C "REG.EXE add ^"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server^" /v fDenyTSConnections /t REG_DWORD /d 0 /f"

There's often overlapping subtitles with XBMC and BBC iPlayer addon. Rather than modify actual addon and losing changes every time it's updated I hacked up script that edits SRT file after it's downloaded from BBC site but before XBMC reads it.

Now it's getting more interesting. XBMC is notoriously bad in buffering content. There's various patches floating around but none of them really does what I'm looking for:

Since XBMCbuntu is just Ubuntu with some tweaks next we apply my usual Ubuntu fixes over it. Only major difference is that this time we're not removing Network-Damager. And of course bunch of XBMC specific changes.

I had here series of posts, more like notes, of my XBMC install. I've since found out better ways to fix some of problems explained in those posts. To avoid having two set of posts with different instructions I took old ones down and will post new instructions.