Topic: Linksys locking down serial bootloader console to prevent hacking

The content of this topic has been archived between 11 Apr 2018 and 16 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 2 of 2

Post #26

rwhitby

9 Jul 2008, 05:34

You can also use the shadow_data trick to get into the normal userspace.

At the U-Boot console, type:

setenv shadow_data admin:XkRnx5gdf6RdQ:0:0:99999:7:::
boot

Then login with username 'admin' and password 'admin'.

Now to start exploring the running system ...

-- Rod

Post #27

rwhitby

11 Jul 2008, 03:14

I've found the way to make this permanent.

At the U-Boot console, type:

setenv shadow_data admin:XkRnx5gdf6RdQ:0:0:99999:7:::
setenv sync_to_pt enable
reset

After the reboot, the shadow_data value will be set to the new value, allowing you to use the default 'admin' password to log into userspace.

If we are able to decode the firmware upgrade image format, we should be able to make an 'unlocking' firmware image which does these three commands (and unlocks the console) from userspace.

(Last edited by rwhitby on 25 Feb 2009, 12:20)

Post #28

rwhitby

11 Jul 2008, 06:11

There is also a new firmware image at ftp://ftp.linksys.com/downloads/NA/firm … .06_fw.bin , so we should now be able to get further in decoding the header on that image as detailed on http://www.nslu2-linux.org/wiki/WRP400/ … edFirmware

Looks like there are RC4 digests involved somehow ...

-- Rod

(Last edited by rwhitby on 12 Jul 2008, 02:30)

Post #29

corpzz

28 Mar 2009, 14:59

There is a ETSI 1.00.06 firmware: WRP400_v1.00.06_006_052908_1658_ETSI.bin, tested and working.
Under this adress:

http://spa-update.nordnet.fr/wrp400/fir … 8_ETSI.bin

(Last edited by corpzz on 28 Mar 2009, 15:00)

Post #30

zeflo

16 Jun 2009, 11:20

hi, is there a way i can get openwrt running on my wrp400?

what is this ETSI-Firmware doing?

Post #31

rwhitby

29 Nov 2009, 14:19

There is new firmware available for this device which supports fail-over to a USB 3G stick.

See http://www.nslu2-linux.org/wiki/WRP400/SourceCode and http://svn.nslu2-linux.org/svnroot/unwrapped/trunk for more details.

-- Rod

Post #32

bodyguard83

26 Jan 2010, 18:58

Maybe if would be possible to create own uboot configuration with kernel and apps without cybertan rom. Voip advantages might be added later. Maybe software could be debuged in some kind of arm emulator and debugger...

Post #33

bodyguard83

17 Oct 2010, 14:09

There is a new firmware wersion . 2.0.20. Cisco add new modem, some fixes. No minor inprovements
link
http://www.cisco.com/en/US/products/ps10028/index.html
My two 3G modem still dosn't work.

The discussion might have continued from here.

Page 2 of 2