Hacking AutoRCM Implementation by Reisyukaku

C

Captainstryder

Member
Newcomer
Level 2
Joined
May 20, 2018
Messages
14
Trophies
0
Age
33
XP
138
Country
Norway
So does this make it impossible to boot from anything other than a RCM payload ? If so that would essentially softboot your switch unless you had a payload delivery system on you (if the switch turns off).

Am I wrong?
 
Wierd_w

Wierd_w

Well-Known Member
Member
Level 5
Joined
May 12, 2018
Messages
406
Trophies
0
Age
41
XP
651
Country
United States
Just about any microcontroller with a gpio, and a USB interface would work if you stuck the tiny was7227q IC on. Seriously, the thing is damned tiny. So tiny it is meant exclusively for mechanical assembly. A custom PCB breakout for one would likely not be that expensive to have made to order from the usual suspects.

Hardware modchips are not my specialty though. I am much more interested in making a flashable image for a commodity device to serve as a replacement/alternative to the SX dongle.
 
  • Like
Reactions: CymraegAce, Xandroz and GraFfiX420
James310

James310

Well-Known Member
Member
Level 6
Joined
Oct 4, 2015
Messages
977
Trophies
0
Location
Somewhere in California
XP
883
Country
United States
Captainstryder said:
So does this make it impossible to boot from anything other than a RCM payload ? If so that would essentially softboot your switch unless you had a payload delivery system on you (if the switch turns off).

Am I wrong?
Click to expand...
Yup, but you can always “unbrick” it to go back to normal...
 
  • Like
Reactions: Don Jon
Wierd_w

Wierd_w

Well-Known Member
Member
Level 5
Joined
May 12, 2018
Messages
406
Trophies
0
Age
41
XP
651
Country
United States
Captainstryder said:
Hope someone produces the TX dongles for sale as a stand alone product. Dunno if I want to pay for their software, but I'll pay for a little gadget like that.
Click to expand...

Myself and others are working on a software payload for commodity devices!

A suitable candidate can be obtained right now from aliExpress and some other places. It does not have a brand name (being a chinese POS), but supports OpenWRT. A C implementation of the FG injector for embedded linux was recently released by one of our own, and the combination is ripe for exploitation.

Once I get the test article, and cook up the flashable image, it's off to the races.
 
  • Like
Reactions: Don Jon
D

Deleted_444986

Guest
Wierd_w said:
Myself and others are working on a software payload for commodity devices!

A suitable candidate can be obtained right now from aliExpress and some other places. It does not have a brand name (being a chinese POS), but supports OpenWRT. A C implementation of the FG injector for embedded linux was recently released by one of our own, and the combination is ripe for exploitation.

Once I get the test article, and cook up the flashable image, it's off to the races.
Click to expand...
Is this the mentionned releases ? https://github.com/atlas44/sam-fusee-launcher
 
Wierd_w

Wierd_w

Well-Known Member
Member
Level 5
Joined
May 12, 2018
Messages
406
Trophies
0
Age
41
XP
651
Country
United States
Thomhack said:
can you post the link of the product or pm me please
Click to expand...

The device has a rather cryptic identifier from OpenWRT, because it does not have a "Brand name." It is one of those horrible chinese no-name products.

That said, here is the OpenWRT page for the device..
https://wiki.openwrt.org/toh/unbranded/a5-v11

It lays bare the caveats about consistency of the product line... But it is still hard to pass up as a hardware candidate.

As for where to buy-- AliExpress, Ebay, etc.
 
D

Deleted_444986

Guest
Wierd_w said:
The device has a rather cryptic identifier from OpenWRT, because it does not have a "Brand name." It is one of those horrible chinese no-name products.

That said, here is the OpenWRT page for the device..
https://wiki.openwrt.org/toh/unbranded/a5-v11

It lays bare the caveats about consistency of the product line... But it is still hard to pass up as a hardware candidate.

As for where to buy-- AliExpress, Ebay, etc.
Click to expand...
your solution can run any payload ?
 
Wierd_w

Wierd_w

Well-Known Member
Member
Level 5
Joined
May 12, 2018
Messages
406
Trophies
0
Age
41
XP
651
Country
United States
Thomhack said:
your solution can run any payload ?
Click to expand...

I still need to create (and test) the flashable image. However, that is the plan Stan. The C based injector accepts a payload file on the command line. While the space on the device is very limited, It isnt like the FG payload file is terribly large. I expect a very small JFF2 partition with pivot mount to be possible. New payloads could be placed there.
 
D

Deleted_444986

Guest
but it's a 3G router ???
Wierd_w said:
I still need to create (and test) the flashable image. However, that is the plan Stan. The C based injector accepts a payload file on the command line. While the space on the device is very limited, It isnt like the FG payload file is terribly large. I expect a very small JFF2 partition with pivot mount to be possible. New payloads could be placed there.
Click to expand...
 
Wierd_w

Wierd_w

Well-Known Member
Member
Level 5
Joined
May 12, 2018
Messages
406
Trophies
0
Age
41
XP
651
Country
United States
Thomhack said:
but it's a 3G router ???
Click to expand...

It is a small MIPS based SoC, with 4mb of SPI flash, and 32mb of RAM, with a USB2 host port and Wifi.
The device is a "3g router" in the sense that you can plug your own cellular USB dongle into the port, and then it bridges the connection over Wifi for you.

We intend to use that USB port for our own purposes. OpenWRT typically uses any unused space in the flash chip to create a writable partition with the JFFS2 file system. Since there is only 4mb of space TOTAL on this thing, the squashfs root image will gobble up most of it. However, I expect about 1mb-ish of space to be free for JFFS2. New payloads can be persistently saved there, if this holds true.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Misc  Getting the MIG Switch to load an XCI dump without its original Initial Data

DBI language error

Emulation Homebrew  duckstation for Switch

Can you trade in a banned switch for an unbanned one?

Why is Atmosphere so dominant?

Last switch firmware blocking MIG SWITCH?

Crosscode Hacking thread

Hacking  Loader.kip for AMS 1.7.0 with FW 17.0.1 - sys-clk error ??

General chit-chat
Help Users
    SylverReZ @ SylverReZ: @BigOnYa, https://www.youtube.com/watch?v=tvA_fNxRcw0