Posts

Showing posts with the label LTE

Backdoor and root shell on ZTE MF286

ZTE MF286 has built-in factory backdoor allowing root shell access on embedded Linux running inside router. However since we don't know RSA-2048 private key used for encrypting device specific password we're not able to use this. Which doesn't mean we won't have other means to gain root shell.

Inside ZTE MF286 router

ZTE MF286 4G router is built around Qualcomm QCA9563 soc with 802.11bgn, QCA9882 802.11ac wlan, QCA8337 gigabit switch and MDM9230 LTE chip. There's also tempting serial port knowing all components used are already supported by LEDE (that has replaced OpenWrt). Photos here .

LTE 450MHz performance

Seems Ukkomobile has fixed their provisioning setup. LTE network itself came up last week, but only DNS traffic was allowed and all tcp/80 traffic was hijacked to infinite 302 redirect loop between www.ukkoverkot.fi and www.ukkomobile.fi.

Inside Ukkomobile 450MHz LTE router - Huawei B593s-31A

Image
450MHz LTE is alive!

How to capture LTE WAN traffic for diagnostic purposes on Huawei B593u and not so much of security

Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format. http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs