Hack Your Home Routers

1,920 views

Published on

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
  • Free Download : http://gg.gg/114bb
    Hi I just wanna share something to you guys..
    I am using a great tool, as of now it is still
    working perfect.. you can download the full file
    for free here
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
1,920
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
26
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Hack Your Home Routers

  1. 1. Hack Your Home Router Secure Your Internet Access Zhongke Chen
  2. 2. Home routers have powerful hardware!
  3. 3. TL-WDR7500 • QCA9558 SoC, MIPS,720MHz • 8MB Flash • 128M RAM • QCA9558 (integrated 2.4ghz) • QCA9880 (5ghz) • AR8327N Gigabit Switch • USB 2.0 x2 • Serial/JTAG
  4. 4. But software is poor!
  5. 5. • Missing network features • Limited USB devices! • No extensions!! • Closed source!!! • Vulnerabilities!!!! • Backdoors!!!!!
  6. 6. One day Cisco opensourced software of WRT54G a H t! I k c
  7. 7. How?
  8. 8. • Choose a firmware to install • Openwrt: > 3500 packages • DD-Wrt: Advanced features • Tomato: Dual WAN • etc.
  9. 9. Supported hardware • http://wiki.openwrt.org/toh/start
  10. 10. ! Download • http://downloads.openwrt.org/ (xxxx-factory.bin) Flash • http://192.168.1.1/
  11. 11. First Login • Wire connect to the router • telnet 192.168.1.1 or http://192.168.1.1/ • Type passwd to set a new password for root user
  12. 12. Configure via SSH • ssh root@192.168.1.1 via Web GUI • http://192.168.1.1/
  13. 13. BusyBox v1.19.4 (2013-09-08 04:33:11 UTC) built-in shell (ash) Enter 'help' for a list of built-in commands. ! _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------BARRIER BREAKER (Bleeding Edge, r37917) ----------------------------------------------------* 1/2 oz Galliano Pour all ingredients into * 4 oz cold Coffee an irish coffee mug filled * 1 1/2 oz Dark Rum with crushed ice. Stir. * 2 tsp. Creme de Cacao —————————————————————————— root@OpenWrt:~#
  14. 14. Basic Configure • Internet connection • WIFI
  15. 15. What is special?
  16. 16. • Block Ads • Multiple dials to boost your bandwidth • IPv6 tunnel • Web server • Remote wake up your computer • Remote access network files • Dynamic DNS and remote control from outside • VPN Client + Policy route • AirCrack
  17. 17. • 3G Router • Tethering over your phone • Connect to HDD • • Share storage • • Download Movie Remote backup Connect to USB Audio • Play Music • AirPlay • Connect to webcam • …
  18. 18. Domestic Internet is CRUCIAL!
  19. 19. • DNS filtering/redirecting • IP blocking • IP+Port blocking • URL filtering -> TCP reset • Keyword filtering -> TCP reset • Certificate blocking -> TCP reset • SSL/TLS sniffer -> TCP reset • M-I-T-M (CNNIC certificate) • Email blocking • block for a period
  20. 20. • Email blocking: • use only gmail and other abroad mail boxes
  21. 21. • MITM • remove CNNIC certificate • don’t manual install 3rd party root certificate (12306)
  22. 22. • Modify hosts - DNS filtering X • HTTP Proxy - IP blocking X • SSL Proxy - browser doesn’t support X • Tor - tor directory and bridge blocked X • VPN (PPTP, OPENVPN, L2TP, …) - partially work • SSH Port forwarding - sniffer • FreeGate, UltraSurf, Psiphon - need frequent upgrade • GoAgent - SSL problem • ShadowSocks - TCP only
  23. 23. • Very slow! especially access domestic sites • Needs switch on/off frequently • Auto Route Traffic!
  24. 24. • Auto route traffic • Domain/URL based: PAC • • gfwlist IP based: route table • chnroute: all china IP ranges • geoip: query geo DB • DNS pollution/hijacking!!
  25. 25. • DNS pollution/hijacking • block ISP bogus IP (Ads) • Modify hosts - Manual work • use open abroad DNS server (Google DNS, OpenDNS) - Still hijacked • Encrypt DNS connection to abroad DNS server (DNScrypt) - not optimized • block bogus IP
  26. 26. • My Solution running on OpenWrt! • • iptables geoip module • • Shadowsocks (VPS in US) Domestic DNS + Abroad DNS + Bogus IP blocking Backup solution • PPTP VPN
  27. 27. • Corp Network • • VPN -> US/Korea/… • SSH -> US servers • • official proxy: rhv-entbc-001:3128, maa-entbc-001, etc SSH -> US servers -> SSH your own server eBay Guest • • no way ChinaUnicom
  28. 28. THANK YOU
  29. 29. Debrick Your Brick • RESET settings • TFTP flash • Serial port • JTAG
  30. 30. OpenWrt Development • Port OpenWrt to new hardware • Port app in C to OpenWrt • Write app code in Perl/Python/Lua/etc • Write app code in C • Write Kernel Extensions
  31. 31. References • https://en.wikipedia.org/wiki/OpenWrt • https://openwrt.org/ • https://en.wikipedia.org/wiki/ Great_Firewall_of_China

×