<muley>
FYI I've seen a lot of bot traffic sniffing for this luci exploit lately. Probably been patched already (?), but just in case, the requests all are similar to this: https://pastebin.com/Uz9pqE3h
<muley>
just wanted to report, thx for all you do
skynet2 has quit [Ping timeout: 480 seconds]
damo22 has quit [Read error: Connection reset by peer]
madwoota has quit [Ping timeout: 480 seconds]
madwoota has joined #openwrt-devel
damo22 has joined #openwrt-devel
rua has quit [Quit: Leaving.]
damo22 is now known as Guest6867
Guest6867 has quit [Read error: Connection reset by peer]
damo22 has joined #openwrt-devel
<damo22>
i found passwd.bak in /etc of the vendor firmware
<damo22>
but the password i cracked doesnt work
<damo22>
/etc/passwd is a symlink to /var/passwd
<damo22>
woot logged in
<damo22>
admin:1234
danitool has quit [Ping timeout: 480 seconds]
<damo22>
ASIC 7628_MP (Port5<->None)
<damo22>
ah its a Ramips
damo22 has quit [Quit: Leaving.]
damo22 has joined #openwrt-devel
SlimeyX has joined #openwrt-devel
<damo22>
heh i got the dropbear password but i cant shell in
<damo22>
PTY allocation request failed on channel 0
<damo22>
shell request failed on channel 0
<damo22>
dang, the gpios are not on /sys/class/gpio
<damo22>
theres a /proc/tplink with controls for them
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tidalf has joined #openwrt-devel
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<russell-->
damo22: can you get a u-boot prompt on the serial console?
<damo22>
not sure how to interrupt u-boot
<damo22>
i am trying to figure out the layout
<damo22>
im not sure how the existing split layout for mt7628an_tplink_8m-split-uboot.dtsi works, because my mtd starts at 0:20000 (boot) but i have uboot
<damo22>
my flash is 16m
<damo22>
is it possible the "boot" partition is not actually starting at the beginning?
<damo22>
where would u-boot live?
<damo22>
[04050C08][04050C0D]
<damo22>
DDR Calibration DQS reg = 00008986
<damo22>
Board: Ralink APSoC DRAM: 64 MB
<damo22>
U-Boot 1.1.3 (May 16 2023 - 17:33:33)
<damo22>
cant seem to get a uboot shell
<damo22>
its too quick
<russell-->
damo22: tplink devices often you have to type (or paste) "tpl" at a strategic moment
<damo22>
TFTP from server 192.168.0.225; our IP address is 192.168.0.2
<russell-->
the last three partitions are going to contain important information, be sure to preserve them somehow in case you need to restore them later
<damo22>
its just that i saw a dtsi file with a split layout that had factory-uboot and boot
<russell-->
also the boot partition
<damo22>
this seems to be very similar to my device layout, apart from the fact its an 8m version mt7628an_tplink_8m-split-uboot.dtsi
<russell-->
first step in any device hackery: SAVE EVERYTHING
<damo22>
yeah so can i dump spi flash internally to somewhere i can pick it up?
<damo22>
i suppose i could attach a soic8 clip would that easiest?
<russell-->
if you can log in, which you apparently can, dd each of the /dev/mtdblock* files to a /tmp/mtdblockN.img and then scp them off, is one method
<damo22>
oh yea
<russell-->
soic8 clip is another method, or micrograbbers (soic clips can be fiddly)
<damo22>
i cant shell in via ssh for some reason
<damo22>
vendor dropbear is broken
<russell-->
can you scp *from* the device?
<russell-->
from a serial console shell prompt
<damo22>
hmm i will try
<russell-->
if you use an extern spi programmer, read 4 or 5 times and make sure you get the same file content every time
<russell-->
external*
<damo22>
yeah, and not c2 a0 c2 a0 c2 a0
<russell-->
sometimes you are fighting the CPU for access to the spi pins, best is to figure out how to hold the cpu in reset, but you can sometimes get away without doing that
<damo22>
i ported a x86 chipset using a raspberry pi 2
<damo22>
/usr/bin/dbclient: No such file or directory
<damo22>
lost connection
<russell-->
the other classic method is to tftpboot an initramfs image (which doesn't touch the flash) and then use the openwrt tools in that running version to copy of the flash
<damo22>
nc
<damo22>
lol dont have that
<russell-->
the slow way is to use the u-boot command md.b to dump the flash contents to a serial console and then (after light modification) convert it back to binary using xxd
<russell-->
it might take hours to dump at 115200
<damo22>
yeah i might just dump with a clip
<russell-->
that's fastest
<damo22>
so i might need to tftpboot something that doesnt touch flash when i am trying stuff out
<russell-->
those will be a kernel with initramfs filesystem (running out of a tmpfs), that you tftpboot, and thereby not touch flash
<damo22>
perfect
<russell-->
... not modify flash, that is
<russell-->
but will have the tools (dd and scp) you need to make copies
<damo22>
does it have vi?
<russell-->
yes
<damo22>
thats handy
<damo22>
the vendor image does not have rmdir
<damo22>
at least rm -fr works
<russell-->
what kind of filesystem are they using?
<damo22>
i think its squashfs
<russell-->
"mount" should tell you
<damo22>
ive shut things off for today
<damo22>
time to eat
<russell-->
what timezone are you in?
<damo22>
Australia
<damo22>
+10 or +11
<russell-->
careful your router doesn't fall of the bottom of the earth into space
<damo22>
heh
<damo22>
flat earther hey
<russell-->
there are members all around the globe!
<damo22>
thats good
<damo22>
decentralised
<damo22>
im hoping to replace my router+old phone with a single device to save power
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<damo22>
but theres no way i will run a vendor firmware
<damo22>
we have something called NBN national broadband network, its a complete joke, the LTE network that is being superceded soon is already faster than my old wired internet
<damo22>
because fiber to my premises would be too expensive to dig a trench, and would be upward of AUD$100 per month for a decent speed
<damo22>
Australia mate, where the technology is backwards
tidalf has joined #openwrt-devel
tidalf has quit []
tidalf has joined #openwrt-devel
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tidalf has joined #openwrt-devel
tidalf has quit []
tidalf has joined #openwrt-devel
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tidalf has joined #openwrt-devel
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ptudor has quit [Quit: Strict-Transport-Security: max-age=48211200; preload]
ptudor has joined #openwrt-devel
tidalf has joined #openwrt-devel
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tidalf has joined #openwrt-devel
tidalf has quit []
tidalf has joined #openwrt-devel
tidalf has quit []
tidalf has joined #openwrt-devel
guidosarducci has quit [Remote host closed the connection]
tidalf has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
robimarko has joined #openwrt-devel
tidalf has joined #openwrt-devel
tidalf has quit []
aiyion has quit [Remote host closed the connection]