User comments on ISPs
  >> EE (Everything Everywhere) and Orange


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User glossywhite
(committed) Tue 07-Jul-20 01:27:27
Print Post

[Photos]: Inside EE "Smart router"


[link to this post]
 
https://photos.app.goo.gl/5KrN8Z4ow48TMrb27

EXTREMELY easy to take apart!
Standard User glossywhite
(committed) Wed 08-Jul-20 19:58:56
Print Post

Re: [Photos]: Inside EE "Smart router"


[re: glossywhite] [link to this post]
 
Update:

I have been doing some "nmap" scans of the "Smart router":

nmap -A -T4 192.168.1.254
Starting Nmap 7.70 ( https://nmap.org ) at 2020-07-08 19:54 BST
Nmap scan report for 192.168.1.254
Host is up (0.042s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
53/tcp open domain (generic dns response: REFUSED)
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
|_ bind
80/tcp open http DD-WRT milli_httpd
|_http-server-header: httpd
|_http-title: Home
81/tcp open hosts2-ns?
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 303 See Other
| Location: http://192.168.1.254/hurl_800_auto_a.htm
| Connection: close
| Content-Type: text/html
| Content-Length: 203
| <html>
| <head>
| <title>Redirect</title>
| </head>
| <body>
| <h1>Redirect</h1>
| <p>Redirect to <a href="http://192.168.1.254/hurl_800_auto_a.htm">http://192.168.1.254/hurl_800_auto_a.htm</a>.</p>
| </body>
|_ </html>
443/tcp open ssl/http DD-WRT milli_httpd
|_http-server-header: httpd
|_http-title: Home
| ssl-cert: Subject: commonName=bthomehub.home/organizationName=BT/countryName=UK
| Subject Alternative Name: DNS:bthub.home, DNS:bthub, DNS:bthomehub.home, DNS:api.home, DNS:hub.home
| Not valid before: 2017-12-31T16:02:00
|_Not valid after: 2067-12-19T16:02:00
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port53-TCP:V=7.70%I=7%D=7/8%Time=5F061671%P=x86_64-pc-linux-gnu%r(DNSVe
SF:rsionBindReqTCP,20,"\0\x1e\0\x06\x81\x85\0\x01\0\0\0\0\0\0\x07version\x
SF:04bind\0\0\x10\0\x03")%r(DNSStatusRequestTCP,E,"\0\x0c\0\0\x90\x85\0\0\
SF:0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port81-TCP:V=7.70%I=7%D=7/8%Time=5F061669%P=x86_64-pc-linux-gnu%r(GetRe
SF:quest,154,"HTTP/1\.1\x20303\x20See\x20Other\nLocation:\x20http://192\.1
SF:68\.1\.254/hurl_800_auto_a\.htm\nConnection:\x20close\nContent-Type:\x2
SF:0text/html\nContent-Length:\x20203\n\n<html>\n<head>\n<title>Redirect</
SF:title>\n</head>\n<body>\n<h1>Redirect</h1>\n<p>Redirect\x20to\x20<a\x20
SF:href=\"http://192\.168\.1\.254/hurl_800_auto_a\.htm\">http://192\.168\.
SF:1\.254/hurl_800_auto_a\.htm</a>\.</p>\n</body>\n</html>\n")%r(FourOhFou
SF:rRequest,154,"HTTP/1\.1\x20303\x20See\x20Other\nLocation:\x20http://192
SF:\.168\.1\.254/hurl_800_auto_a\.htm\nConnection:\x20close\nContent-Type:
SF:\x20text/html\nContent-Length:\x20203\n\n<html>\n<head>\n<title>Redirec
SF:t</title>\n</head>\n<body>\n<h1>Redirect</h1>\n<p>Redirect\x20to\x20<a\
SF:x20href=\"http://192\.168\.1\.254/hurl_800_auto_a\.htm\">http://192\.16
SF:8\.1\.254/hurl_800_auto_a\.htm</a>\.</p>\n</body>\n</html>\n");
Service Info: OS: Linux; Device: WAP; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 97.23 seconds
Standard User jamesmacwhite
(newbie) Thu 09-Jul-20 06:40:30
Print Post

Re: [Photos]: Inside EE "Smart router"


[re: glossywhite] [link to this post]
 
Is that nmap detection of DD-WRT firmware correct? The previous 4GEE Home Router was OpenWrt 14.07. Interesting if they have used DD-WRT this time around.

Edited by jamesmacwhite (Thu 09-Jul-20 08:11:41)


Register (or login) on our website and you will not see this ad.

Standard User jabuzzard
(committed) Thu 09-Jul-20 18:24:22
Print Post

Re: [Photos]: Inside EE "Smart router"


[re: jamesmacwhite] [link to this post]
 
OpenWRT's storage and memory requirements have ballooned in recent years. On the other hand DD-WRT is still supporting 4MB FLASH / 32MB RAM devices. Might have something to do with it.
Standard User jamesmacwhite
(newbie) Thu 09-Jul-20 18:28:10
Print Post

Re: [Photos]: Inside EE "Smart router"


[re: jabuzzard] [link to this post]
 
Yeah, I guess it isn't that surprising. I think with OpenWrt you can also run it on small flash/low RAM devices, but you'd have to start faffing around with the build tools and probably building custom images that strips away things.

Interesting though. I ended up poking the 4GEE Home Router a bit a while ago and found one potential exploit with the backup and restore functionality and a secret hotplug trigger that enables the dropbear daemon, fun times.
Standard User glossywhite
(committed) Thu 09-Jul-20 21:04:14
Print Post

Re: [Photos]: Inside EE "Smart router"


[re: jamesmacwhite] [link to this post]
 
In reply to a post by jamesmacwhite:
Yeah, I guess it isn't that surprising. I think with OpenWrt you can also run it on small flash/low RAM devices, but you'd have to start faffing around with the build tools and probably building custom images that strips away things.

Interesting though. I ended up poking the 4GEE Home Router a bit a while ago and found one potential exploit with the backup and restore functionality and a secret hotplug trigger that enables the dropbear daemon, fun times.


Hello smile

Would you share the method with me, via PM? Many thanks.
  Print Thread

Jump to