The last two lines are the admin login (user admin, password admin). dump admin and wifi password from LAN rawe.
TECHNICOLOR ROUTER KEYGEN GITHUB DRIVER
If it is possible to address 128megabytes after 0x80000000 the real physical memory is mapped to these addresses.įrom linux bootlog: Serial: BCM63XX driver $Revision: 1.4 $ Next steps are to check the available address space (too high addresses crash the unit). As this takes ages to dump megabytes of data over uart, here is just the stirngs command on the first few dumped kilobytes after 0x80000000 to prove that it is at least possible to get some useful data out of this: strings are used by the bootloader for the flash partition overview table printed on startup). power up the device, reset it and then dump the RAM contents. Fortunately the boot images seem to get loaded into this address space during bootup which may make the system cold-boot-attackable. It is not possible to dump the flash content by the bootloader as the memory dump function only handles addresses 0x80000000 and up.
The linux login does not work (admin/admin), as the session terminates immediately after login. There is one SPI flash of 1megabyte, one parallel nand flash chip and one DDR ram chip. One UART interface provides bootloader access, the other one linux /dev/ttyS0. Finally I've got a unit the cable provider does not want back, so it is time to open it up and check for the two UART interfaces.
0 kommentar(er)
