Skip to content

re-ws.pl

ReverseEngineering WorkStation

  • Home
  • Tutorials
  • Random
  • About

Tag: backdoor

[Import]Airlive WN-151ARM UART pinout & root access

Posted on September 4, 2017 - September 7, 2017 by Kamil (aka. v3l0c1r4pt0r)

NOTE: This post was imported from my previous blog – v3l0c1r4pt0r.tk. It was originally published on 24th November 2015.

Airlive WN-151ARM pinout

For curious ones. Here is pinout of serial connection. As you can see UART pins are at J4 header (should have pin 4 labeled and 1 be square).

J4 header
Num. Function
1 VCC
2 RX
3 TX
4 GND

Edit: Oh, and one more thing: goldpin header, you see in the picture is soldered by me, so do not be surprised if you have to hold wires all the time during the transmission.

Root access

There is also possibility to gain root access without removing the cover and possibly voiding the warranty. You have to connect to router’s AP and enter

http://192.168.1.254/system_command.htm

into your browser (panel authentication required). Now you can execute any command you want with root privileges! So let’s type

/usr/sbin/utelnetd -d &

into Console command field and press Execute button. If everything went well, you should now be able to connect to your router using telnet at its default TCP port 23. After that you should see BusyBox banner and command prompt.

It is worth noting that this hidden console cannot be accessed by unauthorized person, so only router administrator can use this (in theory, in practice there are surely a lot of routers using default credentials and security of httpd binary is unknown).

Posted in RandomTagged Airlive, backdoor, electronics, hacking, hardware, Linux, pinout, UARTLeave a comment

Tags

Aero Android assembly C CAN can-hacking cmake Delphi Dreamspark electronics English FAT FAT32 FM Gingerbread GNU Radio GRC hacking hardware JavaCard JCOP kanał 14 kernel library Linux pinout PKI polski programming Python radio Reverse Engineering RTL-SDR SDC SDM SDR smart card software tor tty UART wifi Windows X.509 Xperia Pro

Recent Posts

  • Reading and programming 93Cx6 EEPROM with Digispark
  • Busybox-based Linux distro from scratch
  • Meet CC Factory – a factory for cross compilers
  • Peugeot 407 rain sensor pinout
  • OpenRISC 1000 support integrated into radare2

Recent Comments

  • MI-7 on Playing with GF-07 GPS device
  • Kamil (aka. v3l0c1r4pt0r) on Mounting encrypted Android emulator image
  • x on Mounting encrypted Android emulator image
  • Steve Quate on Playing with GF-07 GPS device
  • Joe on Security analysis of spy camera sold by Chinese suppliers: iMiniCam app

Categories

  • News
  • Random
  • Reversing LKV373A
  • Setting up new v3 Hidden Service with ultimate security
  • Tutorials
  • Uncategorized
  • Understanding JCOP

Links

  • Me @ github
  • LKV373A Wiki
  • DevTomek

Archives

  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • February 2019
  • November 2018
  • October 2018
  • June 2018
  • May 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Proudly powered by WordPress | Theme: micro, developed by DevriX.