Showing posts with label Huawei. Show all posts
Showing posts with label Huawei. Show all posts

Thursday, March 23, 2017

Inside Huawei B315s-22 4G router

Huawei B315s-22 contains Huawei HiSilicon 6361 SoC, Realteak Ethernet switch and Broadcom WLAN. Not much to see, but some photos here.

Friday, September 02, 2016

Convert Huawei E3372h-153 from HiLink/router-mode to Stick/modem-mode [ UPDATED 2016-09-02 ]

This is updated version of my original post. I purchased additional modem that's externally identical to old one but had different serial port USB ID (USB\VID_12D1&PID_1442&MI_00) missing from earlier driver pack causing original instructions to fail. I have also included latest Stick-mode firmware I've found and corrected some incorrect information on original post.

Modern Huawei USB LTE modems can be used in two very different modes. Default is HiLink mode where it functions as router doing NAT and other nastiness much like more traditional 4G routers connected over WLAN or Ethernet. Unsurprisingly default mode is HiLink, but luckily it can be changed to Stick mode getting rid at least one layer of NAT and related issues.

Actually there's also third mode which is subset of Stick, instead of native NCM interface it uses legacy PPP over emulated serial port. This can be sometimes useful with older routers with USB port but you won't be able to reach full speed in this mode.

Internet has plenty of information on how to do that. As it often is not all of that is true. Most interesting bits are also written in Russian. Despite huge improvements in translations from Google Translate it's still a bit of hit and miss.

Following these instructions will also resolve Error Code 19 and "brick" with Error Code 13 (rapidly flashing green led). Which is also why some steps may seem bit pointless at first. Feel free to skip them and then start again from beginning when Mr Error #19 and Mrs. Error #13 bite you. :)

Tuesday, August 23, 2016

Upgrading Huawei E367u-2 firmware

Trying to upgrade Huawei E367u-2 from old 11.810.09.00.00 to latest available 11.838.01.00.1131 ends up with error code 16. This one was easy to fix - flash first 11.810.09.33.00 and then to latest.

Wednesday, July 22, 2015

Crossflashing Huawei B593s-22 from Sonera to Elisa firmware

My B593s had ancient Sonera branded firmware that has DNS issues when IPv6 is active. At least IPv6 reverse queries stall causing long delays. There's some rumors going that Sonera provides updated firmware over-the-air, but I couldn't trigger update despite trying hard. Might be because I was using Elisa SIM card. Since Elisa does have fairly recent firmware available for download I thought why not use Elisa firmware instead - get IPv6 bug fixed, have correct operator settings as default and also future updates should work without extra hacks.

Saturday, August 30, 2014

Modifying Huawei B593u firmware images using FMK

Nothing special here in my opionion, but I've seen few comments saying that FMK doesn't work with Huawei B593u. Just follow instructions below and you end up with normal firmware image having one important difference - you can telnet in as admin from LAN side of device.

Tuesday, August 19, 2014

Huapwn - Backdoor on your Huawei B593u

Public Huawei document I linked couple days ago mentioned factory diagnostics tool called "Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.

Persistent customizations to Huawei B593u with stock firmware

Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.

Saturday, August 16, 2014

Unpacking Huawei B593u compressed Broadcom CFE bootloader

Sorry, one more B593u post but felt this is worth documenting.

While hacking my way into Huawei B593u I had big problem with Huawei crippled CFE bootloader. It was not talking to me and when I finally did get it to talk to me it was only one way. All I could see was CFE> prompt after smashing ^C but nothing else.

Differences of Huawei B593u and B593s

I got few B593u models and it's pretty straight forward Broadcom BCM5358 based router with Linux. As usual GPL sources were never published by Huawei crooks. LTE modem side is simply Qualcomm MDM9200 based Huawei USB dongle connected internally to Broadcom SoC over USB.

How to capture LTE WAN traffic for diagnostic purposes on Huawei B593u and not so much of security

Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format.

Serial console on Huawei B593u

Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.

What's inside Huawei B593u-12 LTE router?

There ain't many pictures showing innards of B593u around and even less ones with any details. This obviously needs to be fixed.

Tuesday, August 12, 2014

Well, that was easy

I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.

Monday, August 11, 2014

Teaser on Huawei B539u hacking

CFE> boot -elf -tftp

Saturday, August 03, 2013

Gaining root shell on Huawei B593 4G LTE router

Huawei B593 has "few" security issues. If you want to play around here's some tips.