Public Huawei document I linked couple days ago mentioned factory diagnostics tool called "Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.
Showing posts with label b593. Show all posts
Showing posts with label b593. Show all posts
Tuesday, August 19, 2014
Persistent customizations to Huawei B593u with stock firmware
Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.
Saturday, August 16, 2014
How to capture LTE WAN traffic for diagnostic purposes on Huawei B593u and not so much of security
Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format.
http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs
http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs
Serial console on Huawei B593u
Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.
What's inside Huawei B593u-12 LTE router?
There ain't many pictures showing innards of B593u around and even less ones with any details. This obviously needs to be fixed.
Tuesday, August 12, 2014
Well, that was easy
I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.
Monday, August 11, 2014
Teaser on Huawei B539u hacking
CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf
Saturday, August 03, 2013
Gaining root shell on Huawei B593 4G LTE router
Huawei B593 has "few" security issues. If you want to play around here's some tips.
Subscribe to:
Posts (Atom)