View Full Version : Hacking and patching TP-LINK TD-W8901G router

Piotr Bania Chronicles
January 31st, 2014, 05:40
Recently a critical vulnerability has been found in TP-LINK routers and few other router devices. This particular vulnerability to which I am referring was described here ("http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/"). Basically it is so called ROM-0 attack. In short attacker by requesting ROM-0 through HTTP request (ie. can download all important and secret data stored in your router. This includes your ADSL login/password combination, WIFI password and basically all of your configuration data. Actually I was a bit pissed at TP-LINK for this crap so I have decided to patch the vulnerability by myself.

You can read the entire reversing journey here (blogger doesn't like assembly code :-)):

In other news:

kon-boot v2.4 was released (now covers Windows 8/8.1 on-line account authorization bypass, so you can login into your box without knowing the password even if you have on-line MS account)
kon-boot for MAC OSX was updated to cover 10.9 Mavericks (both options available: password bypass and new root account)

Peace out!