httpCRASH
-
Posts
107 -
Joined
-
Last visited
Posts posted by httpCRASH
-
-
-
Thanks digip! Win8, Ubuntu SE 11.04, Backtrack 5r3, Mac Os 10.6.8
damm Barry, your setup is awsome, i was kind of aiming for the same style, but yours is better
-
just after posting this, i ofcourse found this:
http://wiki.openwrt.org/doku.php?id=oldwiki:openwrtdocs:hardware:zinwell:zw4400
but still have no idea if i have to compile some custom openWRT or i can use one of the standart ones
-
Hi there,
i got my hands on 2 mesh AP's from zinwell,
i cant really see if its ZW4400 or ZW4200 because i cant find pictures of them, and the info on the boards is not easy to decode.
they have 4 Atheros wifi cards each, so thought they might be fun with openWRT on them.
when i look at this wiki page i can see that they use redboot
http://www.wiligear....0_Install_Guide
have anyone of you gues played with one of theese before, and maybe got a custom openWRT running??
-
haha, yeah, that is always a fun way to spend the afternoon, but i dont think that will do much here, as the router is not bricked, and has just been updated to the latest firmware (everything else seems to work fine), so its standart configs and clean install already :D
-
Give this a try:
http://forums.hak5.o...t.d#entry205878
put "sleep 10" in /etc/init.d/fstab file after "START=20" and this waits 10 seconds before mounting giving it time to settle in.
i actually tried this before posting, and i raised the sleep to 30, still no luck in auto mounting
-
i upgraded my mk4, and forgot to take a copy of my conf files.
im using a huawei e180 3g modem, with a micro sd card as swap and storage.
i found someone in the forums who uses the same type of modem, so got the 3g part down.
but the sd card is not auto mounting, and in /dev sda1 and sda2 is not showing up, only sda.
now i tried the bellow, and look there, mounted, and sda1 and sda2 now showing up in /dev
root@Pineapple:~# df -h
Filesystem Size Used Available Use% Mounted on
rootfs 1.1M 284.0K 868.0K 25% /
/dev/root 5.0M 5.0M 0 100% /rom
tmpfs 14.4M 88.0K 14.3M 1% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
/dev/mtdblock3 1.1M 284.0K 868.0K 25% /overlay
overlayfs:/overlay 1.1M 284.0K 868.0K 25% /
root@Pineapple:~# mount /dev/sda /usb/
mount: mounting /dev/sda on /usb/ failed: Invalid argument
root@Pineapple:~# df -h
Filesystem Size Used Available Use% Mounted on
rootfs 1.1M 284.0K 868.0K 25% /
/dev/root 5.0M 5.0M 0 100% /rom
tmpfs 14.4M 88.0K 14.3M 1% /tmp
tmpfs 512.0K 0 512.0K 0% /dev
/dev/mtdblock3 1.1M 284.0K 868.0K 25% /overlay
overlayfs:/overlay 1.1M 284.0K 868.0K 25% /
/dev/sda1 6.6G 250.2M 6.0G 4% /usb
root@Pineapple:~#
so what can i have forgotten in my new configs?
-
Just got my MK4 up and running yesterday, and while playing around found this update, and everything just got better.. :D
-
hell yeah!!
got my first Raspberry PI,and got it up and running with openELEC,
now i just have to get that damm 3D printer build so that i can make a better case, right now im using the box it came in :D
-
Are you powering it with the AC Adapter or via the serial cable? I used the AC Adapter.
i have an ac adapter connected, but the VDD pin is also connected if its that one you mean.
first cable i tried didnt have the VDD pin covered, and that way all output is totaly scrambled.
and look what happends if i just copy/paste the commands into the router instead of writing the commands manualy.
ar7240> þù÷ÿðxüÿÀÿøù~®ò`÷þ¾þîøþx<ø{ÜùüÈþ§÷~?ÄîÏø~÷ü.ÿ÷ÙÈ{¾|ùùù ar7240> ?þùÏÿ Saving Environment tÿ Flash... Protect off 9F040000 ... 9F04FFFF Un-Protecting sectors 4..4 in bank 1 Un-Protected 1 sectors Erasing Flash...Erase Flash from 0x9f040000 to 0x9f04ffff in Bank # 1 First 0x4 last 0x4 sectÿr size 0x10000 4 Erased 1 sectors Writing to Flash... write addr: 9f040000 done Protecting sectors 4..4 in bank 1 Protected 1 sectors ar7240> ²ûøÈØþüüÌüñøl>þû eth0 link down FAIL dup 1 speed 1000 Using eth1 device TFTP from server 192.168.2.11; our IP address is 192.168.2.1 Filename 'kernel.bin'. Load address: 0x80600000 Loading: ################################################################# ################################################################# ########################################## dÿne Bùtes transferred = 878938 (d695a hex) ar7240> øøìãìü°ÿÜüþ Erase Flash from 0ø9f650000 tÿ 0x9f7dffff in Bank # 1 First 0x65 last 0x7d sector size 0x10000 125 Erased 25 sectors ar7240> >.ÈØþüüßüÈØäþÜüÈàÿþ ÿ Copù to Flash... write addr: 9f650000 done ar7240> ø÷ü@üÜÿÜüüøÈþ_ä¾Úÿ eth0 link dÿwn FAIL Using eth1 device TFTP from server 192.168.2.11; our IP address is 192.168.2.1 Filename 'rootfs.bin'. Load address: 0ø80600000 Loading: ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# #### done Bytes transferred = 2347012 (23d004 heø) ar7240> øøþ?øìÇüø;ßüüø0 Erase Flash from 0x9f050000 0ø9f64ffff in Bank # 1 First 0x5 last 0x64 sector size 0ø10000 100 Erased 96 sectors ar7240> >ÃÐüÜøÿÌüÆìãÜüù&Ì|ó Copy to Flash... write addr: 9f050000 done ar7240> ±ÀìÇü ## Bting image at 9f650000 ... Image Name: MIPS OpenWrt Linux-2.6.39.4 Created: 2011-11-06 19:35:55 UTC Image Tùpe: MIPS Linux Kernel Image (lzma compressed) Data Size: 878874 Bùtes = 858.3 kB Load Address: 80060000 Entry Point: 80060000 Verifying Checksum at 0x9f650040 ...OK Uncompressing Kernel Image ... OK No initrd ## Transferring control to Linux (at address 80060000) ... ## Giving linux memsize in bytes, 33554432 Starting kernel ... Linux versiÿn 2.6.39.4 (mikko@Orz) (gcc version 4.5.4 20110808 (prerelease) (Linaro GCC 4.5-2011.08) ) #2 Mon Nov 7 03:35:44 CST 2011 bootconsole [early0] enabled CPU revision is: 00019374 (MIPS 24Kc) SoC: Atheros AR9330 rev 1 Clocks: CPU:400.000MHz, DDR:400.000MHz, AHB:200.000MHz, Ref:25.000MHz Determined physical RAM map: memory: 02000000 @ 00000000 (usable) User-defined physical RAM map: memorù: 02000000 @ 00000000 (usable) Initrd nÿt fÿund or empty - disabling initrd Zone PFN ranges: Normal 0x00000000 -> 0x00002000 Movable zone start PFN for each node early_node_map[1] active PFN ranges 0: 0x00000000 -> 0x00002000 Built 1 zonelists in Zone order, mobilitù guping on. Total pages: 8128 Kernel command line: .board=ALFA console=ttyATH0,115200 rootfstype=squashfs,jffs2 noinitrd. mem=32M rtfstùpe=squashfs,jffs2 noinitrd PID hash table entries: 128 (order: -3, 512 bytes) Dentrù cache hash table entries: 4096 (order: 2, 16384 bytes) Inode-cache hash table entries: 2048 (order: 1, 8192 bùtes) Primary instructiÿn cache 64kB, VIPT, 4-way, linesize 32 bytes. Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes Writing ErrCtl register=00000000 Readback ErrCtl register=00000000 Memory: 29340k/32768k available (2035k kernel de, 3428k reserved, 392k data, 180k init, 0k highmem) SLUB: Genslabs=9, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 NR_IRQS:80 Calibrating delay op... 265.42 BogoMIPS (lpj=1327104) pimax: default: 32768 minimum: 301 Mount-cache hash table entries: 512 NET: Registered protocol family 16 MIPS: machine is Generic AR71xx board bio: create slab <biÿ-0> at 0 Switching to clocksource MIPS NET: Registered protocol family 2 IP route cache hash table entries: 1024 (order: 0, 4096 bytes) TCP established hash table entries: 1024 (order: 1, 8192 bùtes) TCP bind hash table entries: 1024 (order: 0, 4096 bytes) TCP: Hash tables configured (established 1024 bind 1024) TCP reno registered UDP hash table entries: 256 (order: 0, 4096 bytes) UDP-Lite hash table entries: 256 (order: 0, 4096 bytes) NET: Registered protocol family 1 squashfs: version 4.0 (2009/01/31) Phillip Lougher JFFS2 versn 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. msgmni has been set to 57 io scheduler noop registered io scheduler deadline registered (default) Serial: 8250/16550 driver, 1 rts, IRQ sharing disabled ar933x-uart: ttùATH0 at MMIO 0x18020000 (irq = 11) is a AR933X UART console [ttùATH0] enabled, otconsole disabled console [ttyATH0] enabled, boÿtconsole disabled Athes AR71xx SPI Controller driver version 0.2.4 Atheros AR71øx hardware watchdog driver version 0.1.0 TCP westwood registered NET: Registered protocol family 17 802.1Q VLAN Support v1.8 Ben Greear <greearb@candelatech.com> All bugs added by David S. Miller <davem@redhat.com> VFS: Cannÿt open root device "(null)" or unknÿwn-block(0,0) Please append a correct "root=" ot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount rÿot fs on unknown-block(0,0) -
Try making sure your BUAD and all the options are set correctly. Remember to turn off Flow Control as well. Video link in my signature for clean flash via Serial.
yes, did a tripple-tjeck as the first thing when it didnt work, and have set it both in putty, and device manager... i have even tried the other standard baud rates to see if my router was somehow special
-
Bad ground can cause garbled output as well.
Maybe it's easier to buy a USB-to-UART (TTL 3.3V) cable for a couple of bucks on ebay
i have just tried connecting the ground connector on the router with a wire to my miditower, still did not do the trick,
but i actually think there might be something to it, because i found it really weird that its only some chars, and not all of them that gets scrambled, and if i type the same command 2 times in a row "help" for example, then its not the same chars that get scrambled...
-
If you haven't messed anything up, you might want to see what is already running on the ap121u because people have been able to upgrade using the update.bin on other openwrt flavors
as said, i got kernel panic, im counting that as "messed up"
-
Bad ground can cause garbled output as well.
Maybe it's easier to buy a USB-to-UART (TTL 3.3V) cable for a couple of bucks on ebay
yes, and i have already ordered a new cable, but that takes about 14 days before it arrives, and got the AP121U today, so wanted to play now now now :D
-
Make sure it's a USB-to-UART 3.3V cable. Sounds like you are using a wrong cable.
Wiki excerpt:
hmm, im pretty sure its 3.3v but made it for the old fon router, can anyone that remember confirm what was used for the first pineapple?
i made this one with the DS275
http://www.addictronics.com/wp-content/uploads/fonserial.JPG
-
Hi there,
im also getting kernal panic, and have tried the same settings, both in device manager and putty, but the characters looks a little off..
if i just press and hold the "o" key down it writes this on the screen:
ar7240> oooÿooooooooÿÿooooooÿoooooÿoooooooÿoÿooÿoÿoooÿoooooooooÿoooooooooooooooooooo
thoese weird chars is also comming when both pasting, or manually writing the commands...
a bad soldering in my uart to serial convertor maybe?? (its a homemade cable i made back in the day for my lafonera)
-
okay, this is getting even more weird...
hostapd.conf is not the right one either, it looks more like an example conf.
root@WN602:/# find / -name hostapd.conf
/etc/hostapd.conf
root@WN602:/# cat /etc/hostapd.conf |grep wpa
ssid=wpa-test
# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
# in wpa_key_mgmt.
#wpa=1
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
#wpa_passphrase=secret passphrase
#wpa_psk_file=/etc/hostapd.wpa_psk
#wpa_key_mgmt=WPA-PSK WPA-EAP
#wpa_pairwise=TKIP CCMP
#wpa_group_rekey=600
#wpa_strict_rekey=1
#wpa_gmk_rekey=86400
root@WN602:/#
EDIT: Think i got it, found this file, and the SSID looks right... WSC_ath0.conf
ignore_file_errors=1 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 debug=0 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 ssid=Viasat-on-demand dtim_period=2 max_num_sta=255 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wme_enabled=0 ieee8021x=0 eapol_version=2 eapol_key_index_workaround=0 eap_server=1 eap_user_file=/etc/wpa2/hostapd.eap_user # # WEP Selected # # # WPA-PSK Selected # wpa=2 wpa_passphrase=wn82M7a.9oLGQ wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP wpa_gmk_rekey=3600 # # Open (NO) Security # # # WSC configuration section # wps_disable=0 wps_upnp_disable=0 wps_version=0x10 wps_auth_type_flags=0x0023 wps_encr_type_flags=0x000f wps_conn_type_flags=0x01 wps_config_methods=0x0086 wps_configured=1 # wps_configured=1 wps_rf_bands=0x03 wps_manufacturer=Netgear, Inc. wps_model_name=WN602 wps_model_number=V2H1 wps_serial_number=none wps_friendly_name=FriendlyNameHere wps_manufacturer_url=http://manufacturer.url.here wps_model_description=Model description here wps_model_url=http://model.url.here wps_upc_string=upc string here wps_default_pin=20143107 wps_dev_category=6 wps_dev_sub_category=1 wps_dev_oui=0050f204 wp_dev_name=WN602(Wireless AP-2.4G) wps_os_version=0x00000001 wps_atheros_extension=0 wps_ap_setup_locked=0 wps_upnp_ad_period=1800 wps_upnp_ad_ttl=4
-
If they send these things out to customers in mass, they might all have the same passwords for easy configuration by techs over the phone.
exactly my point, and if this is true i think its a big security risk for the customers (if i can find the WPA key others can too)
As far as Reaver is concerned, I think that only allows you a connection via the WPS pin exchange, but doesn't actually show a WPA key handshake in any way.
i have just seen a couple of pics like these, and therefore thought reaver might be useful ;)
Once this device is on the network though, can you see its IP address? Can you nmap it, see what ports are open, like back door admin access over http on some random port? What happens if you MITM its connection with the rest of the network. Is it plain text data or all SSL/TLS encrypted traffic? I would imagine there has to be an administrative interface on some listening port for the management of the device, either for techs to update them or reset them before rolling out to customers. Could also try a direct connection via crossover cable to the WAN interface on the device from your PC (if it has a WAN port on the back) and see what type of data it sends out, or use a LAN tap between the device and your router/modem or whatever its connected to and see what kind of traffic its sending.
what exactly would you want this for? i already have root access with an TTL connection to the main board as shown above ;)
I know that i could bruteforce the WPA, but because i have root access this should not be nessesary in my opinion :)
-
thanks, will look into that when i get home from work :)
-
Routers don't ship with WPA keys or settings on by default. Unless you bought it used or second hand, it should have no passwords set for anything, other than the default admin passwod out fo the box, which if you have, you would be able to log on to the admin interface, and see the screen showing the WPA password.
im sorry to say it, but your totally wrong, theese are bought branded and fully locked down directly from Viasat (a TV provider) with only one purpose, to make a wireless bridge from your internet connection to where you want your IPTV boxes..
they dont tell the users that it is actually routers, and the instructions is only that you can press the WPS button to sync your units, the SSID is hidden, but i have found it as "Viasat-on-demand" and running WPA2
-
If you know the password, just grep the system for it??
yes, but unfortunally i dont know the password, when you buy theese boxes you have no access, and can only pair them with the WPS buttons.
and they are completly useless as anything other that a wireless bridge.
if you flash them with a clean install of openwrt they work fine, but it would be more fun to find the wireless key and see if they are all the same from new :)
-
check /etc/config/wireless
or find / -name wireless
have tried both yesterday, without any luck,
but is there another config file somewhere that tells the system what config files to use?
-
Hi Guys
Just posted this in another thread:
http://forums.hak5.org/index.php?showtopic=26280
It mentions a UK based supplier (I'm not on commission!) for Alfa products - I think he'll ship elsewhere in EU
only problem is that they are not selling them yet, i have contacted them by mail, and they still need final aproval to sell them.
and it IS the right 8 MB version they have in stock
-
Hi Guys
I don't know where you are based but here in the UK there is a supplier with stock of the Mark IV hardware, both barebones and in housing:
http://www.crucialwifi.co.uk/index.aspx?pageid=740999&chainID=79144&txtQuickSearch=Atheros+AR9331
If you are in the UK it saves on customs - but you will have to update firmware and you don't get the neat network cable and Hak5 stickers.
only problem is that they are not selling them yet, i have contacted them by mail, and they still need final aproval to sell them.
A quick message to inform all of you waiting for the AP121 or Hornet.....We are just waiting for the CE Certification from Alfa Network....this could be a matter of days or weeks
The good news is we do have the items in Stock.........5 of Each Unit ,the bad We can not distribute them within the EU until we have CE certification
Regards
CrucialWiFi
Having trouble accessing Netgear WN602v2's
in Hacks & Mods
Posted · Edited by httpCRASH
there is some screw holes under the rubberfeet if i remember correct,
and on the motherboard there are pins where you can connect a console cable,
on the ones in my closset there where also room for a seccond Ethernet port, so if you know how to use a soldering iron, and manage to flash it, you will have a nice little box... :)
by the way, if i remember correct it presents itself as another model when booting, and the model its showing via the console is easier to find an image for, cant remember if its openwrt or ddwrt, but im sure you will find it ;-)