Here's a list of files in the internal memory of the router:
http://pastebin.com/JZt2yTxE
Also, I don't seem to have root access since the shell is started from the ATP console thats logged in from a non root user. Thats why when I do " ls" in some dir's there's no files inside, but from the file list i got there are files inside!
I'm also messing with adb to try to get this router ROOTED (oh android, you're everywhere)!
segunda-feira, 12 de setembro de 2016
quarta-feira, 7 de setembro de 2016
Huawei e5172 Router - Messing with it
The other day a friend of mine found a router just like the one i have, but it didn't have the front plastic cover, the Ethernet port was broken and it was full of dirt?
Anyways, since I like to get my stuff unlocked, but i dont want to break them, i asked him if he could give it to me for doing some experiments :D
(Yah the router had the ethernet port broken xD)
After googling around I found a way to get this (and many more) routers from huawei sim unlocked.
Just go to here http://huaweicodecalculator.com/new-algo/, login with your google account (yep seems weird, so maybe dont use your main account) then enter your imei and your router model, "+1" their page and you get a few codes.
Now in the router insert a different network sim card WITH PIN CODE DISABLED, power it on and go to the Web Interface ( http://192.168.1.1 ) and enter your username and password (admin ) and it will ask you for the network code, use the "NEW ALGO CODE" to unlock it.
Well one barrier down, now let's see if I can get a Global firmware, since the firmware from my isp is somewhat locked.
I've tried using the multicast upgrade tool to install, but with a weird result.
I might have mixed 2 firmwares and the router entered in "equipment mode" with a Blue and Pink power LED.
Googling a bit more I found this great blog about the B593 (which is VERY similar in terms of firmware, i even got ssh access to my router and found some files called B593 in a E5172), and this guy also bricked his router. He also had a fix, but it was risky since it was a different router.
https://blog.hqcodeshop.fi/archives/305-De-bricking-a-B593-s22.html
Anyway I tried and.... it worked. I was back in action, but while i was in Equip. mode i had free access to telnet and got the ssh password.
Thats located in "/var/sshusers.cfg". I also messed around with "/app/curcfg.xml" and found the "Superuser" account. The password is encripted but I already know the admin password, right? So i copied the admin password to the superuser field and went to the web interface: "Superuser" "admin". Voila i'm in. I got access to some more options like the remote management that the isp uses.
I also did a backup of the config file through the web interface, don't know if it works and changes the password. LINK
This time I read about getting the firmware update with a modified firmware (at 4pda.ru) ,simply editing the number inside the BIN file with notepad++, just change the number after V200R01C** to match the one you currently have, and upload through the web interface
In my case i used the " E5172As-22_MPWUDPUPDATE_V200R001C00SP201_Universal "
Here's the firmware for my operator NOS with fw SP58 LINK , this will update to a global firmware the router and allow to isntall any version. WARNING: you might no longer login through the web with this firmware if you dont have Superuser working!!!
Also I tried to use RS232 or UART and it seems that the TX pin connects to a IC that isnt there... so no access :(
https://exelab.ru/f/index.php?action=vthread&forum=5&topic=22698&page=1 -talking about how to crack the password encription but its in russian and translator fails sometimes
http://blog.asiantuntijakaveri.fi/2013/08/gaining-root-shell-on-huawei-b593-4g.html -possible getting commands to work. Only some version have this flaw
Anyways, since I like to get my stuff unlocked, but i dont want to break them, i asked him if he could give it to me for doing some experiments :D
(Yah the router had the ethernet port broken xD)
After googling around I found a way to get this (and many more) routers from huawei sim unlocked.
Just go to here http://huaweicodecalculator.com/new-algo/, login with your google account (yep seems weird, so maybe dont use your main account) then enter your imei and your router model, "+1" their page and you get a few codes.
Now in the router insert a different network sim card WITH PIN CODE DISABLED, power it on and go to the Web Interface ( http://192.168.1.1 ) and enter your username and password (admin ) and it will ask you for the network code, use the "NEW ALGO CODE" to unlock it.
Well one barrier down, now let's see if I can get a Global firmware, since the firmware from my isp is somewhat locked.
I've tried using the multicast upgrade tool to install, but with a weird result.
I might have mixed 2 firmwares and the router entered in "equipment mode" with a Blue and Pink power LED.
Googling a bit more I found this great blog about the B593 (which is VERY similar in terms of firmware, i even got ssh access to my router and found some files called B593 in a E5172), and this guy also bricked his router. He also had a fix, but it was risky since it was a different router.
https://blog.hqcodeshop.fi/archives/305-De-bricking-a-B593-s22.html
Anyway I tried and.... it worked. I was back in action, but while i was in Equip. mode i had free access to telnet and got the ssh password.
Thats located in "/var/sshusers.cfg". I also messed around with "/app/curcfg.xml" and found the "Superuser" account. The password is encripted but I already know the admin password, right? So i copied the admin password to the superuser field and went to the web interface: "Superuser" "admin". Voila i'm in. I got access to some more options like the remote management that the isp uses.
I also did a backup of the config file through the web interface, don't know if it works and changes the password. LINK
This time I read about getting the firmware update with a modified firmware (at 4pda.ru) ,simply editing the number inside the BIN file with notepad++, just change the number after V200R01C** to match the one you currently have, and upload through the web interface
In my case i used the " E5172As-22_MPWUDPUPDATE_V200R001C00SP201_Universal "
Here's the firmware for my operator NOS with fw SP58 LINK , this will update to a global firmware the router and allow to isntall any version. WARNING: you might no longer login through the web with this firmware if you dont have Superuser working!!!
Also I tried to use RS232 or UART and it seems that the TX pin connects to a IC that isnt there... so no access :(
https://exelab.ru/f/index.php?action=vthread&forum=5&topic=22698&page=1 -talking about how to crack the password encription but its in russian and translator fails sometimes
http://blog.asiantuntijakaveri.fi/2013/08/gaining-root-shell-on-huawei-b593-4g.html -possible getting commands to work. Only some version have this flaw
sábado, 30 de janeiro de 2016
PS Vita Portable Charger MOD
So I bought this "PS VITA PORTABLE CHARGER" from a shop in discount, it seemed a good deal because its a Power Bank with 5A and was a lot cheaper than most power banks.
First thing I did was to see if it had any power, it did...But the LED was RED so it was in his last charge... So I ordered a PSVita Usb cable and tried to charge it up... what? It's blinking really fast, and I tested with every usb charge I had at home. This lead me to think that SONY had once again some proprietary crap inside.
Note: I already had tried to short the data pin as suggest by some websites, but, spoiler alert, the reason it was blinking was because the cheap usb cable i have was not powering enough current so it would start blinking.
This thing, has a hidden screw beneath and it was freaking hard to open it, probably had glue around!!
Oh hello there, we have "Arduino" micro controller inside!! It's a Atmel Mega 8535L.
I looked at some datasheets online and I could probably read it's serial ports, but I dont have the tools to make a proper connection to those tiny pins.
The reason theres a micro-controller inside is probably to measure the temperatures on the batteries (forgot to take pictures of that, it's on the back side of these images), to prevent overcharge and to measure the input current.
Back on trying to make this thing to charge I started to find some test pins that I could solder some wires (to stop using that damn cable) and here I found two contacts next to each other! The Red arrow is Positive 5V and the Black arrow is GND.
Let's test this, I grab my old PSP charger, thats 5V 2A, thats enough for this thing that needs 5V 1A. Blink, Blink, Blink, Blink, (please don't start blinking fast!!!).... YES it's charging!!!
After the successful test I soldered some wires in there to make the pins accessible from outside
Voilà, here's the finished product, I still need to connect a cable to short the data pins so it begins charging (I could short those 2 pins on the right, which I think are the data pins from my testing, but again my soldering iron is a bit too big).
And that's how you charge your ps vita portable charge without any Sony crap, also is anyone interested in knowing more about that Atmel chip?
terça-feira, 26 de janeiro de 2016
ESP8266 Blink when channel goes live on Twitch
The solution was to host a simple PHP (that "just" works, sorry i dont know PHP) that prints 1 or 0 according to the status of a channel.
There you have the Arduino IDE Program and the php file, just change your ssid, your host url and the pins if needed (it uses 2 LEDs, in gpio 2 an 4).
Also dont forget about the ChannelList, just follow the examples I left there, max number of channels is 50 (that should be enough :P).
CM octane Keyboard LED Mod - Ambient Light Demo
Here's a demo of how it works the ambient light mode
domingo, 24 de janeiro de 2016
Cooler Master Octane Keyboard MOD
About a year ago I got this keyboard, it's pretty nice but I was limited to 7 colors and a mode where it would slowly change between colors.
So I got it open and guess what, the LED strip just connects to the pcb, just unplug it and tried to connect it to my arduino.
More interior images here: http://adrenaline.uol.com.br/forum/threads/review-teclado-cm-storm-octane.549264/
Here are the schematics, the LEDs are only there to simbolize where you would plug the wires in.
So I got it open and guess what, the LED strip just connects to the pcb, just unplug it and tried to connect it to my arduino.
The connector on the right is the one that plugs in to the RGB Strip:
Black - +5V
Red - GND for Red LED
Green - GND for Green LED
Blue - GND for Blue LED
While I had my keyboard open I also removed the plastic covers on the sides so the light could shine from the sides and the cable could come out too.
More interior images here: http://adrenaline.uol.com.br/forum/threads/review-teclado-cm-storm-octane.549264/
Here are the schematics, the LEDs are only there to simbolize where you would plug the wires in.
Just use a NPN transistor, I used a BC547, and a 330ohm resistor between the transistor and the Arduino pins.
The arduino code is this one:
Processing test code, you can use this to test the communication between your arduino and pc:
And heres a java program, I slightly modified it to work with this sketch:
Source in github https://github.com/dicamarques14/wallaceRGB/
You can also follow this guide: http://www.instructables.com/id/Arduino-RGB-LED-Music-Lights/
Just dont forget to change the pin numbers :)
Here's a video of the first test:
Subscrever:
Mensagens (Atom)