UART Root Shell on Linux Router - Hacking the Totolink WiFi Router

preview_player
Показать описание
In this video, we discover a hardcoded root password though the aid of OpenWRT's failsafe mode.

OpenWRT Failsafe Mode Docs:

---------------------------------------------------------------------------------

IoT Pentesting Certification from TCM:

Need IoT pentesting services?
Please consider Brown Fine Security:

Come join us on Discord for some device hacking!

🛠️ Stuff I Use 🛠️

🪛 Tools:

🫠 Soldering & Hot Air Rework Tools:

🔬 Microscope Setup:

About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.

- Soli Deo Gloria

💻 Social:
  1. Matt Brown
Рекомендации по теме
UART Root Shell 0:14:35

UART Root Shell on Linux Router - Hacking the Totolink WiFi Router

Hacker's Guide to 0:17:40

Hacker's Guide to UART Root Shells

Finding UART and 0:20:11

Finding UART and Getting a Root Shell on a Linux Router

Fun With HARDWARE 0:31:15

Fun With HARDWARE HACKING!!! - UART ROOT SHELLS and Finding SECRETS!

IoT Hacking - 0:41:23

IoT Hacking - Netgear AC1750 NightHawk - UART Root Shell

UART Serial Hack 0:18:23

UART Serial Hack 9100a IP Video Server Linux Shell

Intro to Hardware 0:12:07

Intro to Hardware Reversing: Finding a UART and getting a shell

Tutorial: Access the 0:12:53

Tutorial: Access the UART (Serial Port) on GNU/Linux with a simple C program

Intro to UART: 0:05:53

Intro to UART: Root Access through the serial backdoor

Extracting Firmware from 0:12:27

Extracting Firmware from Linux Router using the U-Boot Bootloader and UART

Getting root shell 0:02:38

Getting root shell on NEC Aterm WR8165N via UART by extracting HW_RANDOM_KEY

TP-Link Router UART 0:00:10

TP-Link Router UART Access via Articulated Arms - Shell popped

How to get 0:11:53

How to get Uart

IKEA DIRIGERA - 0:00:16

IKEA DIRIGERA - Reverse Engineering - UART Serial Output

Let's code a 0:20:19

Let's code a Linux Driver - 24: Serial (UART) Driver

Prototype of UART 0:00:24

Prototype of UART Probe

HLK-RM28E UART-ETH-WIFI router 0:00:10

HLK-RM28E UART-ETH-WIFI router module based on the MT7621+MT7612E,

CackalackyCon1 - Deral 0:55:47

CackalackyCon1 - Deral Heiland - Uboot to Root

Rooting My Router 0:13:06

Rooting My Router [Part 1] - Dumping Firmware Through UART

HiSilicon IP Camera 0:05:46

HiSilicon IP Camera UART installation, Console into Linux U-Boot Zosi JTAG

Getting root on 0:04:24

Getting root on a Winkhub through UART

Tenvis T8810 IP 0:00:26

Tenvis T8810 IP Camera UART Kernel Hijack Root

Hardware Hacking - 0:21:57

Hardware Hacking - UART

Hacking The Mojo 0:32:43

Hacking The Mojo C-75 - Root Shell via Firmware Modification

Комментарии
Автор

Been a while since posting a video so thanks for viewing!
Was busy last month competing in a HackerOne Live Hacking Event with Amazon and AWS! Excited to get back to YT. 😎

mattbrwn
Автор

How nice of them to label and even populate the UART interface lol

gametec_live
Автор

Man, "google the password hash" is such a forehead-knock moment, absolutely beautiful!

OhadLutzky
Автор

Awesome, just what I was looking forward to!
Coincidentally I just opened my old ASUS RT-AC57U V3 router and the UART is even labeled!
Strangely enough the router has a dropbear SSH server that you can turn on in advanced settings, but the entire rootfs seemed to be mounted as a tmpfs.
I'll post some comments here after I get a little bit more time to investigate the router later today.

RetroDelete
Автор

Its amazing to see ur projects u have opened me up to an whole new domain

tarunvignesh
Автор

Love your work and high quality videos on a nesh topic is amazing thank you 🎉

johnkutney
Автор

Finally, i was waiting for the upload.

ripplerxeon
Автор

Your videos are what got me into type things like routers. I have 1 router, but im not gonna mess with it until the new year as im waiting to see if the company wants it back as i just upgraded my internet

Mr._Mythical
Автор

Cool Matt. Thanks. Look forward to the next episode.

bin_chicken
Автор

7:06 had to pause the video right before the partition table it claims it's a raspi

hexdef
Автор

LOL. You didn't remove the label. You cut it. Warranty not voided!

mjmeans
Автор

nice, really fun content to watch! keep up the good work!

manjsc
Автор

We know is a great day when there's a new drop by Matt Brown.

arghyl
Автор

Another great video. Looking forward to the next one

petehinch
Автор

Finally some use for those suspicious thingies trying to pass as TP-Link

Mordecrox
Автор

TIO is a great cross-platform serial console tool with modern features and auto rate selection.

vladimirrus
Автор

The irony is I'm actively doing a uart install while watching this

illililililillli
Автор

This was a good video. I appreciated the way you presented the process. I reached out to you through your email on your website. I am looking forward to hearing back from you.

bumpinz
Автор

Hi Matt please make a video on ways of obtaining Tuya local keys. Eg (Tuya light bulb) by capturing network traffic with Wireshark etc.
Awesome channel and excellent video Thanks

MrSuperSnuiter
Автор

Hah i am watching this while messing with a Tv settopbox via uart and compiling openwrt for my router i am also working on, but the router is laying on the side of my desk while my settopbox is near my keyboard. Its also partly due to your videos that i got inspired to go hardware hacking and uncovering the world of embedded Linux. Its also cause i just like messing arround with devices and stuff! And sometimes uncovering vulnerabilities and easter eggs/hidden elements

electronic
welcome to shbcf.ru