Hacking COMPLETED Fusee-LEDE Dongle (6$ payload injector)

[capitaineflam25]

David Buchanan already explained his great work on this thread but it is now mixed up with other projects so i created this dedicated thread.

The router i bought is this one from AliExpress.



I followed David's instructions without any issues
Find attached the already compiled binary file (firmware.bin) for those who want to save some time on compiling.

The update method from the original router website failed (seems common), so i used the USB drive method explained here.
(Only difference was my USB Flash drive popped on /dev/sda and not /dev/sda1)

After rebooting it, the router IP is set to static as 192.168.1.1 so you may need to connect it with an ethernet cable to your computer and force its IP address to 192.168.1.2

Then using WinSCP to connect to the new IP of the router, you can edited /etc/config/network to change it back to DHCP :

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0'
    option proto 'dhcp'

To change the payload (which is fusee by default), use WinSCP to connect to the router and replace /usr/share/fusee-nano/payload.bin



Edit : Please find a new default firmware with WiFi enabled at startup (SSID is LEDE, no password), DHCP client enabled by default for ethernet, and SXOS payload as default

Edit 2 : You'll find better images in the following topic that include USB key payload update.

 

[capitaineflam25]

Sorry, i will add links later (i'm a new member and i'm not allowed to write links now)

Edit : link added.

 

[OkazakiTheOtaku]

Looks intriguing. Definitely want a link to the exact device you used so I can do this.

 

[capitaineflam25]

You may "base64 decode" this string until i'm allowed to post links (Type base64 decode on google and use the first site)

aHR0cHM6Ly9mci5hbGlleHByZXNzLmNvbS9pdGVtLzNHLTRHLVdpZmktUm91dGVyLU1pbmktV2lyZWxlc3MtUG9ydGFibGUtV2lmaS1Sb3V0ZXItNEctSG90c3BvdC1SSjQ1LTE1ME1icHMtV2lmaS1Ib3RzcG90LVN1cHBvcnQvMzI4MTcyNTk0NTEuaHRtbA==

 

[OkazakiTheOtaku]

You may "base64 decode" this string until i'm allowed to post links (Type base64 decode on google and use the first site)
-snip-

I gotchu fam, here it is
https://fr.aliexpress.com/item/3G-4...150Mbps-Wifi-Hotspot-Support/32817259451.html

 

[DayVeeBoi]

Almost all of those generic micro routers will do the trick as most of them are based on the same couple chipsets and use OpenWRT as a base or it's installable.

 

[Nemean]

How difficult is this to do as I currently have a SX pro on order as I just want an easy method for payloads as I currently have an iPhone. Im not even bothered about SX OS tbh so this could save me some money.

 

[capitaineflam25]

How difficult is this to do ?

Connect to the router with a telnet client (Like Putty) and check the amount of memory your router embeds (by typing free on the command line).
If it's 32Mo you may put uboot_usb_256_03.img on a FAT formatted flash drive (if 16Mo, use uboot_usb_128_03.img)
Add the LEDE firmware.bin image on the flash drive (available on the first post) and connect the flash drive to the router.

Mount the USB flash drive with the following command:

mount /dev/sda1 /mnt
or in my case /dev/sda /mnt​

Wait a few seconds and verify that you see files

ls /mnt
You should see your files. Do not go further if you do not see files !​

Upgrade uboot - be careful, do not reset router during and after this operation !

mtd_write write /mnt/uboot_usb_256_03.img Bootloader
You should see on console

#Unlocking Bootloader …
#Writing from /mnt/uboot256.img to Bootloader … [w]​

Upgrade firmware - do not reset router during this operation!

mtd_write write /mnt/firmware.bin Kernel
You should see on console

#Unlocking Kernel …
#Writing from /mnt/firmware.bin to Kernel … [w]​

Reboot router with the following command.

reboot​

After rebooting, the router will automatically inject fusee.bin to your switch if connected with an USB C cable.

 

[SexiestManAlive]

so after i do this do i have to use the usb drive with the router everytime? or just the usb c cable?

 

[BlastedGuy9905]

This is extremely inconvenient due to having to carry a portable battery around.. Wouldn't it just be more convenient to reverse-engineer the SX PRO Dongle and build the same thing?

 

[Pacote]

This is extremely inconvenient due to having to carry a portable battery around.. Wouldn't it just be more convenient to reverse-engineer the SX PRO Dongle and build the same thing?

Sure, would you care to do it?

 

[capitaineflam25]

so after i do this do i have to use the usb drive with the router everytime? or just the usb c cable?

The flash drive is used once for setup. Then you only need the USB C cable to connect to the console, and a micro USB cable (it comes with the router) to power it with 5V (with a power bank on my picture)

 

[DayVeeBoi]

Is there any reason why ESP8266 based devices aren't the go to device for this? Seems a no brainer, AFAIK you can USB i/o and it has integrated wireless capability. Plus every Dev/hacker has one. I guess that means there must be a reason why it cant be used.

 

[Joshtech]

This is extremely inconvenient due to having to carry a portable battery around.. Wouldn't it just be more convenient to reverse-engineer the SX PRO Dongle and build the same thing?

There are ones with built in batteries
https://www.ebay.com.au/itm/5-In-1-...or-Iphone-Ipad-Charger-180-R9C3-/263722331213

... convenient enough?


Cheers for the firm @capitaineflam25, works a charm!

 

[cearp]

$6 is very cheap! and diy is fun.
but for only about $17 more (sx pro, dongle+license compared to just the license), i get the dongle that works perfectly without a battery.


and i believe it can load different payloads, it doesn't have to just be tx os? so that cool.

so @Nemean - since you have already ordered the pro, i would say don't worry about this diy method.
unless you really enjoy playing with unix, and have time to spend.

i like playing with small devices, but just to use for exactly one function (hacking the switch) -- i'd rather just pay for the dongle that does it perfectly.

 

[BlastedGuy9905]

Sure, would you care to do it?

Your attitude sucks ass. Can you do it? I bet you can't. Just like most people here. I'm just giving an idea.

--------------------- MERGED ---------------------------

There are ones with built in batteries
https://www.ebay.com.au/itm/5-In-1-...or-Iphone-Ipad-Charger-180-R9C3-/263722331213

... convenient enough?


Cheers for the firm @capitaineflam25, works a charm!

Oh wow, that's nice! Thanks for that.

 

[SexiestManAlive]

would this work too? https://www.amazon.com/Lookatool®-H...rd_wg=Up6T3&psc=1&refRID=2BNG6RC5T3A6JEPW7G0R

 

[weatMod]

i like the pi zero better
if only there were something on aliexpress that was really small line an inch with a USB type C male on one end and micro USB male on the other end
i can usually find any kind of adapter on there but i couldn't find anything like that
you could just stick it in the pi zero micro usb and it would only stick out an inch
also couldn't find any small inch or half inch micro USB male to USB type C male cables either or of any length for that matter
weird that i can find every other type of adapter imaginable but not that
i'm not brave enough to attempt soldering a USB type C male connector directly to the pi zero

 

[DayVeeBoi]

would this work too? https://www.amazon.com/Lookatool®-H...rd_wg=Up6T3&psc=1&refRID=2BNG6RC5T3A6JEPW7G0R

Yes

--------------------- MERGED ---------------------------

i like the pi zero better
if only there were something on aliexpress that was really small line an inch with a USB type C male on one end and micro USB male on the other end
i can usually find any kind of adapter on there but i couldn't find anything like that
you could just stick it in the pi zero micro usb and it would only stick out an inch
also couldn't find any small inch or half inch micro USB male to USB type C male cables either or of any length for that matter
weird that i can find every other type of adapter imaginable but not that

This is what I use for PS4, it's not USB C but theres plenty of small adapters available

It's available here for $4 USD --> https://www.aliexpress.com/item/ESP...337.html?spm=a2g0s.9042311.0.0.7b374c4d9NWJAL

 

[guily6669]

humm that last one looks pretty damn nice, then we just need to add a huge capacitor or a very tiny battery to it and a USB-A to USB-C small fitting so it excludes using cables and bam, a very nice small dongle for very cheap.

 

[DayVeeBoi]

humm that last one looks pretty damn nice, then we just need to add a huge capacitor or a very tiny battery to it and a USB-A to USB-C small fitting so it excludes using cables and bam, a very nice small dongle for very cheap.

Yeah I think it could have 3.3v available so you could use a small button cell (like a hearing aid battery?) since these ESP8266 can run directly from 3.3v although I haven't opened it yet to see if this particular device has anything exposed to the user. I haven't kept up on Switch hacking, theres no way to power the device from its USB-C?