I have a Verizon Ellipsis Jetpack MHS800L LTE hotspot (designed by Franklin Wireless). I downloaded the firmware update package from here, ran binwalk on it, and found that it's running OpenWrt Barrier Breaker. Also, /etc/passwd and /etc/shadow are fully visible, so cracking the root password shouldn't be difficult.
There's no source available from either Verizon or Franklin. Here are some pictures of the board. I gave it a try, but couldn't find a UART. Does anything on here look like a UART to you guys? Here's the FCC data. There are these weird metal pieces on the plastic bumpers that bridge some of those pads on the side of the board (visible in FCC pictures). Does anyone know what that would do?
Also, it's running a telnet server, but connecting to it says "connection closed by foreign host." How do you think I get a shell over telnet?
Since I made that post, the firmware update page has been taking down, and my laptop's SSD died, so I don't have the firmware image anymore. It may be on my desktop, but I'm not certain. Also, if I find it, I'm not sure I can legally repost it.
Some updates:
There's a secret page in the firmware that allows you to (among other things) enable an SSH server, and upload firmware updates. The updates are tarballs with some kind of hashing/signature scheme. I also emailed Franklin Wireless a few times asking for source code, and have been ignored every time.
If you can't tell, it's been a long time. I haven't worked on this since the winter, but I may give it another shot.
Binwalking the updater exe gives you the rootfs. There are some hidden pages in the webserver (/etc/www). If you navigate to http://<the_router_ip>/webpst/labpst/index.html you'll find some interesting dev options that may be of use.
hello, i understand this thread is old but i want to share this to help more people: i got root on the MHS815L. I don't have an 800L but maybe someone can test on there.
basically: get the "jetpack" cookie when you log in,
I dug out my MHS800L, but it's in pieces. I can't find the antennas or case, and my laptop can't find its SSID when the router is on. We probably just need to attach some new antennas