Connected Data Transporter​

From Exploitee.rs
Jump to navigationJump to search

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

ConnectedDataFileTransporter.jpg

This page will be dedicated to a general overview, descriptions, and information related to the Connected Data File Transporter.

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the File Transporter at Amazon

Disassembly

UART

Below is the UART pinout for the trasnporter.

  • The serial settings are: 38400 8n1

Exploitation

This device ships with an open U-boot installation meaning that with a UART adapter hooked up we have access to modify the default boot parameters. This opens the device to an technique called "Kernel Init Hijacking". This technique involves modifying the "init" boot argument which when passed to the kernel specifies which script will handle the boot-up process after the kernel is loaded. By defining this variable as "/bin/sh" we tell the kernel after booting to drop to a shell over UART. This allows us temporary root access to the file system.

Gaining Persistent Root Access To gain persistent root access after hooking up your UART adapter and "hijacking kernel init". Perform the following commands to change the root password.

mount /proc
passwd root

Demo