hack your home routers
TRANSCRIPT
Hack Your Home RouterSecure Your Internet Access
Zhongke Chen
Home routers have powerful hardware!
TL-WDR7500
• QCA9558 SoC, MIPS,720MHz
• 8MB Flash
• 128M RAM
• QCA9558 (integrated 2.4ghz)
• QCA9880 (5ghz)
• AR8327N Gigabit Switch
• USB 2.0 x2
• Serial/JTAG
But software is poor!
• Missing network features
• Limited USB devices!
• No extensions!!
• Closed source!!!
• Vulnerabilities!!!!
• Backdoors!!!!!
One day Cisco open-sourced software of
WRT54G
Hack It!
How?
• Choose a firmware to install
• Openwrt: > 3500 packages
• DD-Wrt: Advanced features
• Tomato: Dual WAN
• etc.
!
Download
• http://downloads.openwrt.org/ (xxxx-factory.bin)
Flash
• http://192.168.1.1/
First Login
• Wire connect to the router
• telnet 192.168.1.1 or http://192.168.1.1/
• Type passwd to set a new password for root user
BusyBox v1.19.4 (2013-09-08 04:33:11 UTC) built-in shell (ash) Enter 'help' for a list of built-in commands. ! _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- BARRIER BREAKER (Bleeding Edge, r37917) ----------------------------------------------------- * 1/2 oz Galliano Pour all ingredients into * 4 oz cold Coffee an irish coffee mug filled * 1 1/2 oz Dark Rum with crushed ice. Stir. * 2 tsp. Creme de Cacao —————————————————————————— root@OpenWrt:~#
Basic Configure
• Internet connection
• WIFI
What is special?
• Block Ads
• Multiple dials to boost your bandwidth
• IPv6 tunnel
• Web server
• Remote wake up your computer
• Remote access network files
• Dynamic DNS and remote control from outside
• VPN Client + Policy route
• AirCrack
• 3G Router
• Tethering over your phone
• Connect to HDD
• Download Movie
• Share storage
• Remote backup
• Connect to USB Audio
• Play Music
• AirPlay
• Connect to webcam
• …
Domestic Internet is CRUCIAL!
• DNS filtering/redirecting
• IP blocking
• IP+Port blocking
• URL filtering -> TCP reset
• Keyword filtering -> TCP reset
• Certificate blocking -> TCP reset
• SSL/TLS sniffer -> TCP reset
• M-I-T-M (CNNIC certificate)
• Email blocking
• block for a period
• Email blocking:
• use only gmail and other abroad mail boxes
• MITM
• remove CNNIC certificate
• don’t manual install 3rd party root certificate (12306)
• Modify hosts - DNS filtering X
• HTTP Proxy - IP blocking X
• SSL Proxy - browser doesn’t support X
• Tor - tor directory and bridge blocked X
• VPN (PPTP, OPENVPN, L2TP, …) - partially work
• SSH Port forwarding - sniffer
• FreeGate, UltraSurf, Psiphon - need frequent upgrade
• GoAgent - SSL problem
• ShadowSocks - TCP only
• Very slow! especially access domestic sites
• Needs switch on/off frequently
• Auto Route Traffic!
• Auto route traffic
• Domain/URL based: PAC
• gfwlist
• IP based: route table
• chnroute: all china IP ranges
• geoip: query geo DB
• DNS pollution/hijacking!!
• DNS pollution/hijacking
• block ISP bogus IP (Ads)
• Modify hosts - Manual work
• use open abroad DNS server (Google DNS, OpenDNS) - Still hijacked
• Encrypt DNS connection to abroad DNS server (DNScrypt) - not optimized
• block bogus IP
• My Solution running on OpenWrt!
• Shadowsocks (VPS in US)
• iptables geoip module
• Domestic DNS + Abroad DNS + Bogus IP blocking
• Backup solution
• PPTP VPN
• Corp Network
• official proxy: rhv-entbc-001:3128, maa-entbc-001, etc
• VPN -> US/Korea/…
• SSH -> US servers
• SSH -> US servers -> SSH your own server
• eBay Guest
• no way
• ChinaUnicom
THANK YOU
Debrick Your Brick
• RESET settings
• TFTP flash
• Serial port
• JTAG
OpenWrt Development• Port OpenWrt to new hardware
• Port app in C to OpenWrt
• Write app code in Perl/Python/Lua/etc
• Write app code in C
• Write Kernel Extensions
References
• https://en.wikipedia.org/wiki/OpenWrt
• https://openwrt.org/
• https://en.wikipedia.org/wiki/Great_Firewall_of_China