Is there an easy way to mount /dev/mtd13 and /dev/mtd11 which appears to be a UBI file system?
I received a router with custom firmware installed that sends network data back to somebody's servers, and I'd like to take a peek at what's going on. It's a linksys EA8300, which is dual partitioned and each install alternates partitions. This means I have openwrt shell access on partition 2 and mystery firmware on partition 1.
It's best to avoid any potentially destructive actions.
Create a full block-level backup, then analyze it on your PC with partprobe, lsblk, parted, etc.
In addition, if you have access to the upper level router, you can try to capture and analyze the traffic.
You can look at the actions taken by luci-app-advanced-reboot package by @stangri . I think that it temporarily mounts also the inactive kernel so that it gets its kernel version. Similarly you can use ubi commands (like ubiattach) to work with ubifs partitions.
Ps. Note that each firmware flash overwrites the inactive partition. If you flash a clean OpenWrt and then sysupgrade again, both partitions have got overwritten, and you have got rid of the "mystery firmware".