0

I would like to try to equip my non-specific China-Wall-Brick-WiFi-Router with root access and update it if necessary.

Here is a sample image of the device: Device

The problem is: The device has no official manufacturer, it is a noname China device. Accordingly, there is no manufacturer's website, nor are there any updates or downloads of the firmware.

Serial control via UART generates a shell output. Here it is theoretically possible to log on to the existing Linux system. The problem is that there is no access data. Trying standard access data such as root:root, root:admin, admin:admin or similar does not work.

The system has a modified version of OpenWRT (version OpenWrt Linux-3.10.14-p112871) and is booted with U-Boot 1.1.3 (Dec 25 2017 - 22:59:38).

I haven't had any experience with U-Boot yet, but it seems to be a slimmed down and limited version, as I only get very few commands displayed in the help in the U-Boot shell:

MT7628 # help ? - alias for 'help' bootm - boot application image from memory cp - memory copy erase - erase SPI FLASH memory go - start application at address 'addr' help - print online help loadb - load binary file over serial line (kermit mode) md - memory display mdio - Ralink PHY register R/W command !! mm - memory modify (auto-incrementing) nm - memory modify (constant address) printenv- print environment variables reset - Perform RESET of the CPU rf - read/write rf register saveenv - save environment variables to persistent storage setenv - set environment variables spi - spi command tftpboot- boot image via network using TFTP protocol version - print monitor version 
MT7628 # printenv bootcmd=tftp bootdelay=5 baudrate=57600 ethaddr="00:AA:BB:CC:DD:10" ipaddr=10.10.10.123 serverip=10.10.10.3 stdin=serial stdout=serial stderr=serial BootType=3 Environment size: 160/4092 bytes

How can I gain full root access to the device without damaging the current firmware?

I would prefer it if I could back up the complete firmware image in some way beforehand so that I can restore it in case of doubt. What is the best way to do this via U-Boot?

Are there perhaps bruteforce programs that connect via COM port (UART)? This would certainly also be a way of finding out the root password.

Improve this question

1 Answer 1

Reset to default
0

Not at all. Someone would have to implement such an access, and there's zero incentive to do so.

However, in theory your vendor needs you to give you the source code of the Linux kernel they're using, and since they're using OpenWRT, which is also GPLv2-licensed, also the whole build system for the image.

HOWEVER, this is GPLv2 – that means they do not give you the ability to actually flash a modified image to your system.

Improve this answer
4
  • Like in the question already sayed: The problem is: The device has no official manufacturer, it is a noname China device. Accordingly, there is no manufacturer's website, nor are there any updates or downloads of the firmware. Commented Jul 6, 2024 at 12:15
  • @AdrianPreuss I know, that's why I said "in theory". Even if you had the personal address of the CEO of the manufacturer, that'd be still out of your legal reach, realistically. You simply won't get the kind of access you hope for. Commented Jul 6, 2024 at 12:17
  • by the way, it doesn't matter who the manufacturer is, legally. The party selling you the device is obliged to give you the source code; not the one originally producing the device. And you've sent money somewhere to get this device, so you know who the seller is. But again, not a realistic venue. Commented Jul 6, 2024 at 15:31
  • The seller is already unknown. The device was buyed over wish.com and the artikle/seller already no more listened like the most china pseudo companys Commented Jul 9, 2024 at 12:30

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.