Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| inbox:toh:zyxel:nbg7815_armor_g5 [2024/10/06 10:36] – fine/end pwned | inbox:toh:zyxel:nbg7815_armor_g5 [2024/10/31 16:08] – case pwned | ||
|---|---|---|---|
| Line 131: | Line 131: | ||
| - Reboot the device. | - Reboot the device. | ||
| - | < | + | < |
| cd / | cd / | ||
| wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin https:// | wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin https:// | ||
| Line 201: | Line 201: | ||
| - Login via SSH to the router. | - Login via SSH to the router. | ||
| - | - To use this method it is required to install kmod-mtd-rw first: '' | + | - To use this method it is required to install kmod-mtd-rw first: '' |
| - Change directory to /tmp. | - Change directory to /tmp. | ||
| - | - Copy & paste the code from "script | + | - Copy & paste the code from script |
| - Execute the script with '' | - Execute the script with '' | ||
| - Reboot the device. | - Reboot the device. | ||
| - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely. | - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely. | ||
| - | < | + | < |
| - | cat << | + | cat <<'EOF' |
| # Script to changing active boot partitions | # Script to changing active boot partitions | ||
| # Author: Karol Przybylski < | # Author: Karol Przybylski < | ||
| - | # Orginal script: https:// | + | # Orginal script: https:// |
| - | # It lacks the insmod mtd-rw i_want_a_brick=1 | + | |
| openwrt_type=$(cat / | openwrt_type=$(cat / | ||
| Line 265: | Line 264: | ||
| - Copy the files to the router to /tmp (e. g. using scp or an usb drive). Rename them to '' | - Copy the files to the router to /tmp (e. g. using scp or an usb drive). Rename them to '' | ||
| - Flash the kernel and rootfs to the currently not active partitions. Copy & paste the code from and execute the script with '' | - Flash the kernel and rootfs to the currently not active partitions. Copy & paste the code from and execute the script with '' | ||
| - | - Copy & paste the code from [[#Back to OEM firmware (1)|script | + | - Copy & paste the code from [[#Back to OEM firmware (1)|script |
| - Reboot the device. | - Reboot the device. | ||
| - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely. | - After reboot force a reflash of OEM firmware via WebGui using one of the provided [[#OEM firmware| OEM firmware files]] to purge OpenWrt entirely. | ||
| - | < | + | < |
| - | cat << | + | cat <<'EOF' |
| # check files | # check files | ||
| Line 333: | Line 332: | ||
| - [[#Opening the case|Open the device case.]] | - [[#Opening the case|Open the device case.]] | ||
| - Connect to the device via [[# | - Connect to the device via [[# | ||
| - | - [[#U-Boot access|Access the device via bootloader.]] | + | - [[#Bootloader/U-Boot access|Access the device via bootloader.]] |
| - [[#TFTP boot OpenWrt|TFTP boot OpenWrt]] to either reinstall or fix a broken installation | [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] to purge OpenWrt. | - [[#TFTP boot OpenWrt|TFTP boot OpenWrt]] to either reinstall or fix a broken installation | [[#TFTP flash OEM firmware|TFTP flash OEM firmware]] to purge OpenWrt. | ||
| \\ | \\ | ||
| Line 339: | Line 338: | ||
| ==== Opening the case ==== | ==== Opening the case ==== | ||
| - | <WRAP BOX> | + | 1. Remove the two rubber crosses from the device' |
| - | FIXME //Describe what needs to be done to open the device, e.g. remove | + | 2. Unscrew the two screws appearing after step 1. |
| - | </ | + | 3. Remove the socket. |
| + | 4. After step 3. another four screws appear. Remove them as well. | ||
| + | 5. Around | ||
| + | 6. Keep the device with bottom side up and pry it up carefully around the case to remove | ||
| + | |||
| + | *) You will likely break some of them. Especially those on the left or right side. The clips at the front' | ||
| + | \\ | ||
| ==== Serial ==== | ==== Serial ==== | ||
| Line 386: | Line 391: | ||
| - Generate the password:\\ \\ :!: **Do not enter the code below it into the current shell!** We have to open a new terminal application. We have distinguish here between Windows and Linux users!\\ \\ **__Linux__**: | - Generate the password:\\ \\ :!: **Do not enter the code below it into the current shell!** We have to open a new terminal application. We have distinguish here between Windows and Linux users!\\ \\ **__Linux__**: | ||
| < | < | ||
| - | cat << | + | cat <<'EOF' |
| ror32() { | ror32() { | ||
| echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) )) | echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) )) | ||
| Line 400: | Line 405: | ||
| <tabbox password> | <tabbox password> | ||
| < | < | ||
| - | sh tool.sh | + | sh tool.sh 013D72FF0710 |
| </ | </ | ||
| - Put the output from paragraph 4. in the terminal and press enter:\\ \\ < | - Put the output from paragraph 4. in the terminal and press enter:\\ \\ < | ||
| Line 431: | Line 436: | ||
| - Connect your PC/ | - Connect your PC/ | ||
| - Power up your router and get access to [[# | - Power up your router and get access to [[# | ||
| - | - Enter '' | + | - Enter '' |
| ===== Photos ===== | ===== Photos ===== | ||