Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Hacking and patching TP-LINK TD-W8901G router

All the collected blog posts from the members of our community, and some others
(i.e. both from <a href="http://www.woodmann.com/forum/blog.php">local</a> and external blogs, please let us know about any good external ones to import!). Feel free to discuss/comment any blog post in here.
Locked
Piotr Bania Chronicles
Posts: 38
Joined: Tue Jul 14, 2009 10:32 pm

Hacking and patching TP-LINK TD-W8901G router

Post by Piotr Bania Chronicles »

Recently a critical vulnerability has been found in TP-LINK routers and few other router devices. This particular vulnerability to which I am referring was described here. Basically it is so called ROM-0 attack. In short attacker by requesting ROM-0 through HTTP request (ie. http://192.168.1.1/ROM-0) can download all important and secret data stored in your router. This includes your ADSL login/password combination, WIFI password and basically all of your configuration data. Actually I was a bit pissed at TP-LINK for this crap so I have decided to patch the vulnerability by myself.

You can read the entire reversing journey here (blogger doesn't like assembly code :-)):
http://piotrbania.com/all/articles/tplink_patch/



In other news:
  • kon-boot v2.4 was released (now covers Windows 8/8.1 on-line account authorization bypass, so you can login into your box without knowing the password even if you have on-line MS account)
  • kon-boot for MAC OSX was updated to cover 10.9 Mavericks (both options available: password bypass and new root account)
Peace out!

http://blog.piotrbania.com/2014/01/hack ... 8901g.html
Locked