Showing posts with label b593. Show all posts
Showing posts with label b593. Show all posts

Tuesday, August 19, 2014

Huapwn - Backdoor on your Huawei B593u

Public Huawei document I linked couple days ago mentioned factory diagnostics tool called "Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.

Persistent customizations to Huawei B593u with stock firmware

Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.

Saturday, August 16, 2014

How to capture LTE WAN traffic for diagnostic purposes on Huawei B593u and not so much of security

Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format.

http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs

Serial console on Huawei B593u

Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.

What's inside Huawei B593u-12 LTE router?

There ain't many pictures showing innards of B593u around and even less ones with any details. This obviously needs to be fixed.

Tuesday, August 12, 2014

Well, that was easy

I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.

Monday, August 11, 2014

Teaser on Huawei B539u hacking

CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf

Saturday, August 03, 2013

Gaining root shell on Huawei B593 4G LTE router

Huawei B593 has "few" security issues. If you want to play around here's some tips.