Last chance to enter The Hackaday Prize.

Hacking into your router’s administrative interface

zte_zxdsl_router_hack

[Arto] recently upgraded his home Internet subscription from an ADSL to VDSL, and with that change received a shiny new ZTE ZXDSL 931WII modem/wireless router. Once he had it installed, he started to go about his normal routine of changing the administrator password, setting up port forwarding, and configuring the wireless security settings…or at least he tried to.

It seems that he was completely unable to access the router’s configuration panel, and after sitting on the phone with his ISP’s “support” personnel, he was informed that there was no way for him to tweak even a single setting.

Undaunted, he cracked the router open and started poking around. He quickly identified a serial port, and after putting together a simple RS232 transceiver, was able to access the router’s telnet interface. It took quite a bit of experimentation and a good handful of help from online forums, but [Arto] was eventually able to upload an older firmware image to the device which gave him the configuration tools he was looking for.

Aside from a few Ethernet timeout issues, the router is now performing to his satisfaction. However, as a final bit of salt in his wounds, he recently read that the admin panel he was originally seeking can be accessed via the router’s WAN interface using a well-known default password – frustrating and incredibly insecure, all at the same time! He says that he learned quite a few things along the way, so not all was lost.

Comments

  1. Topper says:

    And why the heck is needed – there is ssh/telnet interface trough the Ethernet :)
    Lost of time

  2. xeracy says:

    ahh… one of those moments where you finished building an extra dimensional space-portal to get out the house and then you return only to find that your house had a front door all along… been there…

  3. fdawg4l says:

    I didn’t RTFA, but “was able to access the router’s telnet interface” sounds strange. Do you mean serial console?

  4. effigy says:

    Agreed with Topper, this isn’t poor-thought-process-a-day…

    Hacks w/out aesthetic are cool, hacks without the best tech are cool, hacks w/out a defined need are cool, but someone failing to think critically in any way shape or form about a problem and going overkill in their garage…

    “(no response to LAN http, ssh or telnet)” from the original article, note something missing?

    not so cool… just fail

  5. Lars says:

    For a site frequented by enthusiastic tinkerers and creative minds, there are an awful lot of naysayers here. Yes, you are probably all geniuses at what you do in your basements and garages (or think of doing it…when you get time….) But that is no reason to piss on other people’s efforts. Try to come down from your respective high horses and be little constructive. Rant off.

  6. William says:

    I agree with Lars. There seems to be an increasing number of trolls commenting on Hack a Day.

  7. Aaron says:

    Neat hack, though I don’t know if I’d noise it to the world as it’s likely to piss the DSL carrier off somewhat if they ever find out about it.

    (They must be the only DSL carrier in town, too, I guess. Otherwise who would stay with a company that doesn’t even want to let you do simple port forwarding or set your own SSID and key?)

  8. tech says:

    Agreed, he set out to find a work around and had fun doing it. Learning along the way and I dare say it’s more of a hack than any of you have accomplished. Prove me wrong!

  9. NatureTM says:

    +1 Lars

    Also, if he has admin access, is there a setting to change that WAN password?

  10. Morgauxo says:

    Great job doing this.. but.. assuming the ISP is not offering any option with these features… I’d rather see the ISP boycotted by all makers/hackers/informed people than the problem hacked by consumers. They should have a modem offering w/o a router, or at least a non-broken one. Bring your own modem would be nice too.

  11. Life2Death says:

    This is one of the many reasons I will never use a ISP modem.

    They dont care about your security, features, and I’ve seen benchmarks (done them to back it up too) that prove that their hardware is at the very least, a bottle neck to the speeds you pay for.

    Cheaper and easier to get your own modem. ATT paid for mine.

  12. doktorj says:

    Wow, wtf is wrong with people on HaD these days. Can you honestly say you’ve never had an off day, missed an obvious solution and learned something interesting while pursuing a fix that you didn’t really need? I’ve learned a lot of useful stuff that way, over the years. Also, let’s be honest here: A WAN only management interface is really not so obvious, considering that every other router on the planet either allows both interfaces or only LAN. The very idea of a WAN only management interface with a default password is so absolutely ridiculous and insecure that it certainly wouldn’t be the first thing I would think of.

  13. Effigy says:

    no,I cant say I’ve never messed up a project, chosen a bad path, given up half-way or less, or ended up with a pile of worthless junk when I didn’t

    what I CAN say is I don’t expect each and every learning experience stepping stone I go through to make it on HaD. I’m not saying we don’t all fail sometimes, I’m just saying there are more interesting things to read about…

  14. Topper says:

    Lets clarify – such project is usefull when you need console access to com device w/o any (denied or missing) way to access. So far so good, but here is misleading of users with such DSL devices. They’ll start to disassembly his devices, which is propperty of ISP in most cases, and go in troubles because of little hope to outsmart the bad guys in ISP.
    This is my 2 cents.

  15. addidis says:

    Highly recommend taking your screw driver to the motorola video recorder boxes that comcast gives out. Those boxes are feature packed but comcast chooses not to use the internals. Some of them should be able to be used with out the comcast blessing (motorola made it so the services are run by the customer , in this case comcast so ~most~ of it wont work) But there are some things on it that should be hackable.

  16. t&p says:

    You do know that the services that give you these things OWN them. They will make you pay for it and ban you from using their service thinking that you are trying to uncap routers and modems while getting free TV.

  17. addidis says:

    Ive done a bit of research, see the part where I mentioned the customer being comcast (not the guy with the screw driver) I was intentionally vague on the feature list they carry so any one would be forced to research it the same as I did and realize the potential for trouble should they choose to bring a screw driver to it.

  18. Miroslav says:

    Box is typically yours after 1 year of service or something like that. You paid it off, and then some, by then :)

  19. Simon says:

    I quite like it here in the UK.. Awful Internet, but at least most areas have a choice and given the small size of our country we have a LOT of information on what’s good and bad about a provider.

    Also, being able to access hardware level serial, is COOL, perhaps not the best way in this case, but knowing it can be done it would be awesome to see the hacks you can put into the router. Perhaps switch on disabled features?

  20. Marios Hadjimichael says:

    My ISP recently upgraded its modems to these, but only allows the configuration to be done from the ISP’s offices. (dsl port)
    I can change basic local network settings, but cannot access firewall and other settings.
    Can’t figure out what to do! (I don’t want to open the modem)
    Note that the WAN port does not work!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,190 other followers