Been a while since posting a video so thanks for viewing! Was busy last month competing in a HackerOne Live Hacking Event with Amazon and AWS! Excited to get back to YT. 😎
Is there a way to get that command line access without that UART to USB cable? For example, could you use a Pi Pico, connected via USB to your PC and connect the UART cables to that instead?
Never worked on any big project but I'm always blown away by how easy people make it for themselves in production. have I lost encrypted drives due to me forgetting the password yes, because I was supposed to remember it, have I made it harder for me to figure out a program after turning off all debugging information, yes, because only two three people were supposed to test it. have I heard the line "omg the password is too hard"; =company(yearofthelordQ[1-4]) my passwords at work are usually =nameofcompany(24Q4).... or: equal name of the company the year I made the password and the quater that we are in. why on earth would sara from CS ask the customer "pleas connect to the uart port and press F" now remount the partition and you should be all clear :)" Mark from engineering should only need to press F on his testbench have the bench type the password and press R for reset or F for "I'm a big fuckup" or Factoryreset I don't get why they would dump all that information in human readable characters in a production model... it's nice for rights to repair, but they could also just advertise it to the customer if that was the point: press the F button and you should be all good.
Awesome, just what I was looking forward to! Coincidentally I just opened my old ASUS RT-AC57U V3 router and the UART is even labeled! Strangely enough the router has a dropbear SSH server that you can turn on in advanced settings, but the entire rootfs seemed to be mounted as a tmpfs. I'll post some comments here after I get a little bit more time to investigate the router later today.
The timing on it couldn't have been better for me too! Ended up downloading firmware and extracting the shadow file for a device I'm working with at the moment. Found the hash on a Chinese forum. Actually allows me to use the device for what I need rather than throwing raspis in the middle just because they decided to lock down the actual Linux part of the device they are marketing as running on "Linux"
Your videos are what got me into technically-cumputers-but-almost-not-really type things like routers. I have 1 router, but im not gonna mess with it until the new year as im waiting to see if the company wants it back as i just upgraded my internet
Hah i am watching this while messing with a Tv settopbox via uart and compiling openwrt for my router i am also working on, but the router is laying on the side of my desk while my settopbox is near my keyboard. Its also partly due to your videos that i got inspired to go hardware hacking and uncovering the world of embedded Linux. Its also cause i just like messing arround with devices and stuff! And sometimes uncovering vulnerabilities and easter eggs/hidden elements
Hi Matt please make a video on ways of obtaining Tuya local keys. Eg (Tuya light bulb) by capturing network traffic with Wireshark etc. Awesome channel and excellent video Thanks
Oh totolink is the most insecure router I must say. Its cgi-bin is a vendor's software written in C and has full of os command injection, stack-based buffer overflow. They made a mitigation function to detect OS command injection but it's very to bypass it (I discovered this one and got a CVE) p/s: I bricked my TOTOLInk testing a blind OS command injection (which writes a value into system) LoL. Reset button helped nothing lmao.
Almost too easy. But then, as you say, why do a load of hard work when someone else has already done it for you. Something to always remember before diving in headlong.
@mattbrwn is there a way to get that command line access without that UART to USB cable? For example, could you use a Pi Pico, connected via USB to your PC and connect the UART cables to that instead?
If you want an advice, the Huawei b818-263 would be a tough challenge, even more if the firmware is branded and you try to unlock to use it with other cell network isp
I enjoy your videos. Any chance you'd do a video on Qualcomm modem hacking inside mobile devices? Maybe not even physical, I'm just trying to understand how some things work and you're good at explaining things. The sim unlock flow is very interesting to me, i think i understand it but maybe I don't. I captured my network unlock https flow (oneplus device) which gave me some ideas of how it works but info on the depths of this topic is highly guarded it seems
last time I'm wandering around and founf this ZLTX28Pro find the uart use a very high baudrate hit enter seems like the circuit for rx on board seems disconnected didn't have any knowledge about circuit naybe someone can help me give an idea
Great video buddy! Can you make a detailed tutorial about Openwrt firmware? I know my request is out of context but it would be helpful for me since I like your explaining style
Been a while since posting a video so thanks for viewing!
Was busy last month competing in a HackerOne Live Hacking Event with Amazon and AWS! Excited to get back to YT. 😎
Do you have a video about the base setup of the machine you use for this in general.
you know whats kinda funny? you sort of look like a very young jim carry
Is there a way to get that command line access without that UART to USB cable? For example, could you use a Pi Pico, connected via USB to your PC and connect the UART cables to that instead?
How nice of them to label and even populate the UART interface lol
Never worked on any big project but I'm always blown away by how easy people make it for themselves in production.
have I lost encrypted drives due to me forgetting the password yes, because I was supposed to remember it, have I made it harder for me to figure out a program after turning off all debugging information, yes, because only two three people were supposed to test it.
have I heard the line "omg the password is too hard";
=company(yearofthelordQ[1-4])
my passwords at work are usually =nameofcompany(24Q4).... or: equal name of the company the year I made the password and the quater that we are in.
why on earth would sara from CS ask the customer "pleas connect to the uart port and press F" now remount the partition and you should be all clear :)"
Mark from engineering should only need to press F on his testbench have the bench type the password and press R for reset or F for "I'm a big fuckup" or Factoryreset
I don't get why they would dump all that information in human readable characters in a production model... it's nice for rights to repair, but they could also just advertise it to the customer if that was the point: press the F button and you should be all good.
Awesome, just what I was looking forward to!
Coincidentally I just opened my old ASUS RT-AC57U V3 router and the UART is even labeled!
Strangely enough the router has a dropbear SSH server that you can turn on in advanced settings, but the entire rootfs seemed to be mounted as a tmpfs.
I'll post some comments here after I get a little bit more time to investigate the router later today.
It can be that the rootfs is a squashfs read only image
Man, "google the password hash" is such a forehead-knock moment, absolutely beautiful!
The timing on it couldn't have been better for me too! Ended up downloading firmware and extracting the shadow file for a device I'm working with at the moment. Found the hash on a Chinese forum. Actually allows me to use the device for what I need rather than throwing raspis in the middle just because they decided to lock down the actual Linux part of the device they are marketing as running on "Linux"
Its amazing to see ur projects u have opened me up to an whole new domain
LOL. You didn't remove the label. You cut it. Warranty not voided!
Lol good point.
Finally , i was waiting for the upload.
Your videos are what got me into technically-cumputers-but-almost-not-really type things like routers. I have 1 router, but im not gonna mess with it until the new year as im waiting to see if the company wants it back as i just upgraded my internet
Don't mess with routers the ISP gives you, not technically yours.
@@Anatomize01 the company litteraly told me if i don't get a box within 3 months it's mine
Love your work and high quality videos on a nesh topic is amazing thank you 🎉
7:06 had to pause the video right before the partition table it claims it's a raspi
Good to see u back !
nice, really fun content to watch! keep up the good work!
Cool Matt. Thanks. Look forward to the next episode.
Another great video. Looking forward to the next one
Very useful video. Keep it up!
We know is a great day when there's a new drop by Matt Brown.
Finally some use for those suspicious thingies trying to pass as TP-Link
To be fair I'm suspicious of any TP-Link product to begin with.
0:44 what a rebel!
great video, subbed
Awesome Video.
The irony is I'm actively doing a uart install while watching this
Ok
oK
Hah i am watching this while messing with a Tv settopbox via uart and compiling openwrt for my router i am also working on, but the router is laying on the side of my desk while my settopbox is near my keyboard. Its also partly due to your videos that i got inspired to go hardware hacking and uncovering the world of embedded Linux. Its also cause i just like messing arround with devices and stuff! And sometimes uncovering vulnerabilities and easter eggs/hidden elements
Hi Matt please make a video on ways of obtaining Tuya local keys. Eg (Tuya light bulb) by capturing network traffic with Wireshark etc.
Awesome channel and excellent video Thanks
TIO is a great cross-platform serial console tool with modern features and auto rate selection.
Oh totolink is the most insecure router I must say. Its cgi-bin is a vendor's software written in C and has full of os command injection, stack-based buffer overflow. They made a mitigation function to detect OS command injection but it's very to bypass it (I discovered this one and got a CVE)
p/s: I bricked my TOTOLInk testing a blind OS command injection (which writes a value into system) LoL. Reset button helped nothing lmao.
MATTS THE 🐐 NO 🧢
Almost too easy. But then, as you say, why do a load of hard work when someone else has already done it for you. Something to always remember before diving in headlong.
@mattbrwn is there a way to get that command line access without that UART to USB cable? For example, could you use a Pi Pico, connected via USB to your PC and connect the UART cables to that instead?
Крутяк, новое видео!
I am wondering, how discovered bugs by you are compared to routersploit capabilities? Are they could be found by routersploit package?
Nice video :)
If you want an advice, the Huawei b818-263 would be a tough challenge, even more if the firmware is branded and you try to unlock to use it with other cell network isp
I have a board that has four pins, CLK, DIO, GND AND POWER, which protocol should I use?
I enjoy your videos. Any chance you'd do a video on Qualcomm modem hacking inside mobile devices? Maybe not even physical, I'm just trying to understand how some things work and you're good at explaining things. The sim unlock flow is very interesting to me, i think i understand it but maybe I don't. I captured my network unlock https flow (oneplus device) which gave me some ideas of how it works but info on the depths of this topic is highly guarded it seems
Casual vacations to Southeast Asia ❤❤❤
What terminal software is he using, looks clean
i3wm + i3 gaps config + xfce4-terminal
@@mattbrwn Appreciate the info, thanks!
What if you have a shell that says is "root" with U-BOOT and it's running android. How do we find the equivalent of /etc/shadow?
I couldn't find picocom like you used on terminal, I have Parrot and Kali linux, so, how do I download the picocom? Thank you.
How would I determine the BAUD rate if I didn’t know?
Guess common rates! Or use a logic analyzer
last time I'm wandering around and founf this ZLTX28Pro find the uart use a very high baudrate hit enter seems like the circuit for rx on board seems disconnected didn't have any knowledge about circuit naybe someone can help me give an idea
cs2012 (Counter Strike Global Offensive apear in 2012) 😂
6:17 "Catution"......"Waitting"
Not just OpenWRT, but an ancient build -- not shocking, considering everything else, but still! Barrier Breaker on a contemporary device? Yikes.
for the algorithm
That router is very similar to the Netgear X10 router
I wonder if you can hack into a 4G WiFi Dongle. I know there is an Android on it.
According to NBTC and KingIT distributor Sticker , this must be from Thailand.
Hold the readline()!
Great video buddy!
Can you make a detailed tutorial about Openwrt firmware? I know my request is out of context but it would be helpful for me since I like your explaining style
just google openWRT documentation then....read?