SamKnows speed test

jure1985

Pripravnik
27. jul 2008
114
0
16
ko dam passwd in vnesem novega mi piše da je samo read-only
in nato ko želim preko porta 2222 it noter ne prime pass. kakšna ideja?
 

XSIDE

01101010
22. jul 2007
4.406
487
83
::1/128
Citat:
Uporabnik jure1985 pravi:
ko dam passwd in vnesem novega mi piše da je samo read-only
in nato ko želim preko porta 2222 it noter ne prime pass. kakšna ideja?

Če je fs mountan kot read-only, lahko probas
mount -o remount,rw /
preden pozenes passwd.
 

darjan

Vulkanizer
13. sep 2007
53.125
7.019
113
Kaj tole je še aktualno, imam namreč eno tole njihovo napravico montirano, pa zadnje čase sploh ne dobim več reporta.

Sem že "oddelal" svoje in je treba vrnit ruter al ga obržim al kak je postopek sploh?
 

darjan

Vulkanizer
13. sep 2007
53.125
7.019
113
hm..kje pa je tisti login page, ko lahko dostopaš do user CPja. nekaj so predelali stran pa ne najdem več tega?
 

Matko

pohodnik
18. jul 2007
5.625
722
113
Če kdo potrebuje postopek za prepis whiteBoxa WDR3600

Koda:
 # Hacking the SamKnows Whitebox
The SamKnows Whitebox is a free router (TP-Link TL-WDR3600) provided by SamKnows to gather internet speed statistics. Ok that's great, but any person with a small amount of hacker's spirit will want to hack it to install some custom firmware to take advantage of the two gigantic antennas on the back, the USB ports and everything else.

## Step 1 : Debug mode
Root access can be obtained via a "debug mode" on the router giving you a direct root shell via telnet, amazingly simple.

* Disconnect the Whitebox from the internet.
* Connect your computer directly to the Whitebox via Ethernet to one of the four ethernet ports on the Whitebox.
* Configure your computer's IP settings to "Manual" setting the computer's IP address to `192.168.1.2`, the Subnet Mask to `255.255.255.0` and the Gateway to `192.168.1.1`.
* Turn off the Whitebox.
* Turn on the Whitebox.
* Wait for all the lights to come on and turn off once, then spam the "WPS / Reset" button on the back of the Whitebox.
* Continue spamming until the second LED from the left flashes continuosly. You are now in "debug mode".

## Step 2 : Changing the root password

Ok, so now you have a root shell on the Whitebox via telnet, wasn't that hard. Now connect to the Whitebox with a telnet client (Putty on Windows, Terminal on linux) :

    $ telnet 192.168.1.1
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Escape character is '^]'.

     === IMPORTANT ============================
     Use 'passwd' to set your login password
     this will disable telnet and enable SSH
     ------------------------------------------


    BusyBox v1.19.4 (2012-11-21 13:26:44 GMT) built-in     shell (ash)
    Enter 'help' for a list of built-in commands.

                         _
     ___  __ _ _ __ ___ | | ___ __   _____      _____
    / __|/ _` | '_ ` _ \| |/ / '_ \ / _ \ \ /\ / / __|
    \__ \ (_| | | | | | |   <| | | | (_) \ V  V /\__ \
    |___/\__,_|_| |_| |_|_|\_\_| |_|\___/ \_/\_/ |___/
           P E R F O R M A N C E   M O N I T O R I N G

     OS: OpenWRT Attitude Adjustment, r35093
     SW: WDR3600 Build
     -------------------------------------------------
    root@(none):/# 

There you have it, a root busybox shell. Next up... mounting the filesystem :

    root@(none):/# mount_root
    switching to jffs2

Now we can perform modifications to the system, for example we could change the... root user's password maybe (They gave us the hint when connecting via telnet)

    root@(none):/# passwd
    Changing password for root
    New password: 
    Bad password: too short
    Retype password: 
    Password for root changed by root

I set the password to "root", hence the "Bad password" warning. 

## Step 3 : SSH inside

Telnet is a pile of shit, a move to SSH is recommended.

Now if you restart the box (don't bother trying `reboot` it doesn't do much, just pull the plug), plug the Whitebox back in to your router then you should be able to access the device via SSH on port 2222 (once you've found the DHCP assigned IP address, check your router's web interface to see if you can get a list of all connected devices, or try an IP scan on the local network)

    $ ssh root@10.0.0.44 -p 2222
    root@10.0.0.44's password: 

    BusyBox v1.19.4 (2012-11-21 13:26:44 GMT) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

                         _
     ___  __ _ _ __ ___ | | ___ __   _____      _____
    / __|/ _` | '_ ` _ \| |/ / '_ \ / _ \ \ /\ / / __|
    \__ \ (_| | | | | | |   <| | | | (_) \ V  V /\__ \
    |___/\__,_|_| |_| |_|_|\_\_| |_|\___/ \_/\_/ |___/
           P E R F O R M A N C E   M O N I T O R I N G

     OS: OpenWRT Attitude Adjustment, r35093
     SW: WDR3600 Build

    root@OpenWrt:~#

## Step 4 : Explore

Now you're inside, you can explore around, find your device's "Unit ID" to spoof metrics :

    root@OpenWrt:/tmp/samknows# cat /tmp/samknows/unitid
    123456

You can also modify it to pretend you're someone else (Warning : the "unitid" goes back to default on reboot) with a quick `vi /tmp/samknows/unitid`

You can also find out how everything works (such as sending results and all the different test) and disable reporting by exploring `/tmp/ispmon`

    root@OpenWrt:~# cat /tmp/ispmon/cron/crontab 
    40 * * * *  /tmp/ispmon/bin/dcsclient https://dcs-uk.samknows.com:443 -v >/dev/null 2>&1
    45 * * * * /tmp/ispmon/scripts/pcscript >/dev/null 2>&1
    25 * * * * /tmp/ispmon/scripts/sanity.sh >/dev/null 2>&1
    26 * * * * /tmp/ispmon/scripts/submit.sh >/dev/null 2>&1
    30 * * * * /tmp/ispmon/scripts/timesync.sh >/dev/null 2>&1
    35 6 * * * /usr/sbin/udhcpcrestart.sh >/dev/null 2>&1
    38 22 * * * /tmp/ispmon/scripts/background_tests.sh restart >/dev/null 2>&1

This shows which scripts are called by the system and how often. The same output can be obtained via `crontab -e`

Cronjob execution can be disabled for the current session with `killall crond`

And if you want to disable stuff permanently, take a look at `/overlay` (A good explanation is available [here](http://wiki.openwrt.org/doc/techref/flash.layout))

# Step 5 : Flash

The great thing about this little Whitebox is that we can install pratically anything on it, I've chosen to install DD-WRT. To start off you need to find the correct firmware for the Whitebox and download it to your computer.

Pop over to the [DD-WRT Router Database](http://www.dd-wrt.com/site/support/router-database), type `TL-WDR3600` and download the `factory-to-ddwrt.bin` file.

Put the file on a web server on your computer to make it accessible from the Whitebox so the router can access http://192.168.1.2/factory-to-ddwrt.bin

* Now go back to step 1 and access the Whitebox via telnet.
* Execute the `mount_root` command.
* Move to the `/tmp` directory : `cd /tmp`
* Execute `wget http://192.168.1.2/factory-to-ddwrt.bin`
* Execute `mtd -r write /tmp/factory-to-ddwrt.bin firmware`

You should now have the following output, it can take a few moments, don't panic :

    root@(none):/tmp# mtd -r write /tmp/factory-to-ddwrt.bin firmware
    Unlocking firmware ...

    Writing from /tmp/factory-to-ddwrt.bin to firmware ...     
    Rebooting ...

## Step 6 : Enjoy

Now the telnet session should die and your Whitebox should reboot, I'll call it the Blackbox now because it's turned to the dark side.

Now by visiting http://192.168.1.1/ in your browser you will be greeted with your brand-spanking-new version of DD-WRT. I'm not going to cover setting everything up, that's your problem now. Have fun with your Blackbox !
https://www.snip2code.com/Snippet/213787/Hacking-the-SamKnows-Whitebox

DDwrt - firmware
https://www.dd-wrt.com/site/support/router-database

Putty - telnet/SSH odjemalec
http://www.chiark.greenend.org.uk/~sgtatham/putty/

Mognosee - enostaven webserver:
https://www.cesanta.com/mongoose
 

darjan

Vulkanizer
13. sep 2007
53.125
7.019
113
Hm, ja pa kaj ni tako, da če ne uporabljaš ruterja za namene samknows portala (torej merjenje in poročanje delovanje net-a), jim ga potem moraš vrniti?
 
22. jul 2007
13.519
1.721
113
124
Še nobeden ga ni vrnil
wink-1.gif
 

Daniel

Guru
21. dec 2007
5.868
3.492
113
Vračajo ga samo v UK. Jaz sem staro verzijo predelal v Router, nov WDR3600 pa še kar meri. Imam sicer urejen SSH dostop do njega, a ga še ne nameravam predelati, ker mi v omrežju prav lepo funkcionira za IGMP snooping :)
 

darjan

Vulkanizer
13. sep 2007
53.125
7.019
113
Aja, to pa je potem za razmislit, itak je laufal zdaj 24/7 nekaj let, mislim da sem odslužil svoje
smile-1.gif


Je pa tastari ruter (beli..taki kot ga ima Telemach), kateri način je najlažji za njegovo "predelavo?
 

Daniel

Guru
21. dec 2007
5.868
3.492
113
Vržeš ga v Failsafe način, in mu preko Telneta določiš geslo, potem se pa SSHjaš gor in vse možnoati so ti odprte. Obstaja kar nekaj vodičev na internetu.
 

amacar

Majstr
29. apr 2010
4.171
489
83
Meni tudi preko ssh ni slo, sem potem kr preko telneta flashal, link ki sem ga prilepil, pa ocitno ne deluje vec.
 

sass

Guru
1. sep 2007
5.229
863
113
ne vem, meni vsake pol leta napišejo, da se je polletno obdobje zbiranja podatkov zaključilo, vendar so se odločili zbiranje podatkov podaljšati še za dodatne pol leta.
 

Daniel

Guru
21. dec 2007
5.868
3.492
113
To so že kar generični maili. Jaz ga imam še kar priklopljenega, naj imajo neko veselje :)