[plug] Dissecting Router/Modem

Tim weirdit at gmail.com
Thu Sep 8 15:47:15 WST 2011

Hey Everyone.

I've recently been dissecting a modem that I have been given to
review. After some hardware hacking I have access to the serial
console, and a usb flash drive it runs some stuff off. It runs a basic
linux os (busybox).
I've attempted extracting the firmware from /dev/mtdblock0 but even
though file says it's a squashfs, I can't seem to mount it (can't find
the superblock).
I've also attempted to cross compile (it's a broadcom mips based
system) but so far haven't been able to. I've been looking mostly at
the openwrt site for tools and tips.

I'm wanting to analysis some processes it runs while it's running, but
so far it appears that some processes are running (telnetd) but I
can't find a binary for it. I'm not wanting to run openwrt or another
alternative firmware on it, (although that would be a bonus as long as
I can get back to original). I can't get any firmware updates to
analysis, so need to analysis it all off the running router.

So ideally I'm looking for tips on extracting kernel/firmware and
being able to access it and see how it loads up. Being able to rebuild
the firmware with changes. And being able to compile tools that will
run on it. I've noticed that broadcom seems to support fedora with
it's toolchain, haven't tried running it under debian yet.
I'm really enjoying hardware hacking so now I want to pull all modems
apart I have to see if I can get more detailed access to the
underlying systems!

p.s. I've not mentioned the hardware yet due to a pending review on
it. After the review I'll post details of all the "hacks" required to
gain access as it's a very locked down system.

Timothy White - Somewhere in Australia

More information about the plug mailing list