Extracting Wi-Fi Password from Netgear N300 Router over UART
Vložit
- čas přidán 30. 06. 2024
- In this video, we get a UART shell on a Netgear n300 Wi-Fi router and extract the SSID and password.
UART adapter datasheet:
www.ftdichip.com/Support/Docu...
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nmatt0/
#iot #hacking #wifi #reverseengineering #firmware - Věda a technologie
Men am I glad I found you....Have been looking into IoT device security and this is the kind of content I exactly need
Always a good day when Matt Brown posts, love the work boss
Very nice, Matt! 👍 Liked that you worked on the audio quality in comparison to older videos! 👍 Pro tip for upcoming videos: look directly into the camera when you speak to us! 😉
Nice work Matt!
Great work, great speach!
Awesome content, enjoying these videos, hope to see some more soon
Could drop a UART shell but you can always reset the router password by holding in reset for a certain amount of time. I usually start with PWR, then TX a active High, leaving the other to be RX, and you can use any GRD. I made a little UART detection device you place the probes over the pins and it will emit a sound indicating they are most likely UART pins.. Also OSCOPE makes this all much much easier….
Great stuff
Hey, I think there's some guy hacking my wifi
What makes you think that?
Love this guy... we could be friends!!!
Can you make a video on firmware extraction and writing using the CAN bus protocol? Thank you
What is the microscope do you use? btw great show. Best
love your stuff! would you be interested in taking viewer hardware? i have a stm32 scooter mainboard and id love to see what you could do with it, it’s a bit beyond my skills to work on rn 😢😢
It's 2024, and we still ain't getting university credits for these type of videos 😩.
Lol
I have an old T-Mobile branded WiFi LTE Signal Expander with a clearly labeled “FTDI” port, but no time to investigate. I believe it’s a small 4G LTE Femtocell the company handed out to subscribers who inquired. Would this be of any interest to you?
Hello nice video, thanks for sharing, can you please explain where the web UI password is stored, I have a second hand router and the previous owner change the web UI pass and I can not modify any router setting..... obviously reset the router is not an option.
this is going to be very device specific.
How to read out openwrt root password if I forgot? I cannot upload new firmware without login in.
Hi, will you try with an "Alcatel Lucent 9361 Home Cell V2"?
it's a good challenge :D
Ive been looking at a Cisco MR74 and have been looking at ways i could replace the stock firmware with OpenWRT with your channel ive managed to remove the NAND flash chip and put it in a chip reader ive pulled the stock firmware off i need to now rewrite the uboot and the firmware is the uboot on a separate chip i could rewrite or are the uboot and firmware all on the same nand chip some of this stuff is confusing and i have loads of these cisco AP's id be willing to ship you one providing you dont share any of the serial numbers publicly
Thanks for the video. Can you talk more about why you decided to check processes and what the ps command did exactly with the ‘w’ (ps w | grep ..)
Could you try hacking the firmware of a modern router? Try a latest model. Maybe a huawei router. I tried to hack the huawei b535 router but I only managed to get uart output and wasn't able to type anything.
Also I think the backend of that router uses lua.
Hey Matt, would you make a video extracting admin password of Tenda AC10 AC1200. In my country usually the internet provider install the internet and put on the router an admin password in order to keep you calling them to get support for config anything further. This router is chinese but each country rebrand it and sell like "a amazing native router".
When you try to guess the password, the admin page send a POST username and password to the /login/Auth. I wonder where and how it is stored in the router.
Great videos thanks!
This sounds like an interesting project. I'll see if I can get my hands on one.
I bought this router, it has a uart on the production model (from what I've seen). Going to be my first attempt at this after watching Matt's videos. Thanks for giving me a project to do buddy.
There is balifiber router in my country (mojo C-100). I can't find anywhere for that stock firmware. Or information about webui address. Do you had any video about hacking mojo c100?