- Thread starter capitaineflam25
- Start date
- Views 112,791
- Replies 459
- Likes 26
First connect the dongle to your router via ethernet. This is important because otherwise your device cannot get internet access.
Then determine the IP address of your dongle, usually your router can tell you what this is if you log in to it and look at the list of connected clients.
In my case it is identified as "ShenZhen Zhengjili Electronics" on IP Address 192.168.0.194.
Once you have your dongle's IP address, download and install an SSH client such as
PuTTY https://www.putty.org/
or BitVise https://www.bitvise.com/ssh-client-download
Use one of these to connect to the IP Address of your dongle on port 22 for SSH. You will get a terminal window automatically where you can enter the commands I gave you.
It's easy enough. Just follow the instructions and ask for help if you need it.
First connect the dongle to your router via ethernet. This is important because otherwise your device cannot get internet access.
Then determine the IP address of your dongle, usually your router can tell you what this is if you log in to it and look at the list of connected clients.
In my case it is identified as "ShenZhen Zhengjili Electronics" on IP Address 192.168.0.194.
Once you have your dongle's IP address, download and install an SSH client such as
PuTTY https://www.putty.org/
or BitVise https://www.bitvise.com/ssh-client-download
Use one of these to connect to the IP Address of your dongle on port 22 for SSH. You will get a terminal window automatically where you can enter the commands I gave you.
It's easy enough. Just follow the instructions and ask for help if you need it.
Done this however it keeps saying my password is incorrect I have tried admin, password and blank
Happy to help.
Last question any recommendation on a site that allows direct linking?
--------------------- MERGED ---------------------------
But of course :-D
Man I love your dedication, russian hardware hacking sites are not your average Joe's source of info
If you end up finding the login, I'd be sooo grateful
Not sure if what FGFlann has advised will solve your issue but root and no password worked for me and I have the battery device same as yours?
https://www.station307.com/ is wget friendly and efficient.
I believe this is a different problem involving a variant stock firmware rather than logging into LEDE.
I now get this and have deleted the SXOS payload
wget: SSL support not available, please install one of the libustream-ssl-* libraries as well as the ca-bundle and ca-certificates packages.
Oh, figures. Try this instead. It's easier anyway and I should have got you to do this instead of making it so roundabout.
Download: https://winscp.net/
Choose SCP file protocol. Log in the same way you do with SSH, navigate to /usr/share/fusee-nano/ and you can copy the payload.bin locally.
I compared your image to the one found on the openwrt page for the a5-v11 hardware. Their teartdown pics show that there should be a serial interface that is covered up by the green lacquer on the other side of the PCB. Here is a hotlink to the image in question:
you would need to scrape off the lacquer on the TX and RX pads, and scrape off a portion on the ground plane, then prime the surfaces with a small dollop of solder, then attach some jumper wires.
Could you verify that those pads exist on your hardware?
I think they do - however I'm not going down that road, waaay to tedious. Please see picture FYI
Attachments
If there is a serial debug port, then we can get the /etc/passwd file, and run it through something like jack the ripper to get the default root password for these devices. The presence of the header is kinda required to get that out of the device though. Sadly, GBATemp is either super busy right now or something, as I cannot load the large version of your image at this moment.
*edit
It finally loaded. Those 4 solder pads along the top look suspiciously like a serial debug interface. I would have to go over the top of them with a multimeter checking for activity to see which ones are +3v, TX, and RX. The last one on the right looks like it could be GND.
Since the purchase I made from AliExpress has ***STILL*** not arrived, I have ordered one from ebay. If I still get no love, I might offer to purchase yours via a paypal transaction. I could then do the serial debug thing, and get the default user/pass out for this model that way.
--------------------- MERGED ---------------------------
Sadly, getting a reliable batch for processing is just as difficult for any of us as it is for anyone else. The makers of this hardware seem to go out of their way to conceal the factory of origin, or the specific board IDs used in their hardware offerings, making it very difficult to get a big shipment of known working product for flashing.
If a good supplier with a consistent product offering appears, I bet there would be a market here, and I could easily see the Chinese makers of these devices offering the product for switch hacking quickly.
Last edited by Wierd_w,
I was having a lot of trouble getting the router co-operate (I have one of the ones with the built in batteries here) and it turns out it's because it hated the USB Flash Drive I was trying to use with it. So...if you're having a problem, you're best off trying another drive just to be safe. I feel like a fool I didn't think of it immediately. Should probably stop trying to do things like this when I'm sleepy.
Working great now, at any rate!
Working great now, at any rate!
Last edited by 9thSage,
My device (also with built in battery) does not power the USB port in the AP mode. It has 3 switch positions: off, power bank and AP. In power bank mode it only powers the USB (system is not booting) and in AP mode, the USB works but you don't get power. So a USB stick will not work. I logged in with telnet and in my firmware there was no ftp-daemon, only nmbd and smbd. So I configured samba, mounted the extended /tmp filesystem via samba, put in bootloader and mini.bin and flashed both.
In openwrt mini I used wget to get my firmware from my notebook, since USB still does not power up.
In the final firmware (with fusee patch), USB still does not power (so it seems to be a hardware issue), but switch powers itself and therefore it works!
In openwrt mini I used wget to get my firmware from my notebook, since USB still does not power up.
In the final firmware (with fusee patch), USB still does not power (so it seems to be a hardware issue), but switch powers itself and therefore it works!
Neat. My device just arrived today. I wasn't able to use the web interface to simply flash the firmware so I had to take the telnet route to flash uboot and firmware.bin. It was smooth sailing from there.
Everything worked fine, I used the firmware.bin from this post: https://gbatemp.net/threads/fusee-lede-dongle-6-payload-injector.508750/page-5#post-8124213
changing the payload using a usb drive and pluging it in with a payload.bin file on the root worked perfectly fine.
Awesome job. I also did a quick time run to see how quick this is. From powering the router on it takes about 23 seconds until it is properly booted and sent the payload to the switch.
Everything worked fine, I used the firmware.bin from this post: https://gbatemp.net/threads/fusee-lede-dongle-6-payload-injector.508750/page-5#post-8124213
changing the payload using a usb drive and pluging it in with a payload.bin file on the root worked perfectly fine.
Awesome job. I also did a quick time run to see how quick this is. From powering the router on it takes about 23 seconds until it is properly booted and sent the payload to the switch.
Yeah, strange how random these things appear to be. In my case I had some problems with it not seeming to want to power on the drive even after I changed it, but I got it to work with some fiddling. Maybe something is a little weird with the USB port on mine or some such thing....or maybe it's just something to do with the stock firmware.
It works consistently to launch the exploit. *shrug*
Just to be sure:
When connecting to the wireless ssid, I am not getting assigned a DHCP address, but a zeroconf one. I assume there was no space for a DHCP server? What is the ip address of the device when connecting via WiFi?
I also assume there is no web UI for the "router" portion, right?
Btw: using a tiny OTG adapter makes this very portable:
When connecting to the wireless ssid, I am not getting assigned a DHCP address, but a zeroconf one. I assume there was no space for a DHCP server? What is the ip address of the device when connecting via WiFi?
I also assume there is no web UI for the "router" portion, right?
Btw: using a tiny OTG adapter makes this very portable:
Last edited by Localhorst86,
Correct. There's no space left on my image at least. I wanted to make it as compatible as possible for its intended purpose, so I prioritized the most common external file systems. Piggybacking off the DHCP server of my main router is sufficient for my purposes. I could try and squeeze a DHCP server in there by dumping EXT4 but I'm not sure how successful that would be. Also correct, there is no web UI, it would mean sacrificing an essential feature because dumping EXT4 alone isn't enough to make room for Luci.
Similar threads
-
-
-
@
Xdqwerty:
something about ea reverse engineering the genesis so they could make their games there+1 -
-
@
BakerMan:
if they get permission from 4j (the studio who helped put minecraft on consoles), they could put the console edition tutorial worlds in the game, as seeds+1
and i mean all of them (if not, maybe a few highlights, like TU1, TU31, and TU69) -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
