Open mbrevda opened 6 years ago
JacobMisirian
commented
6 years ago The subsequent releases of the firmware by DblTek did not exactly "fix" this issue. Merely, they made the math problem harder to reverse engineer. I haven't had the time to reverse engineer these later firmwares, but a good rule of thumb is that if the device gives a challenge starting with the letter "n", then it is vulnerable to this tool. Hope this helped with your 'research'! ;)
mbrevda
commented
6 years ago Hope this helped with your 'research'!
I'm simply trying to explore my own device with the hopes that I'll be able to fix it's flakiness.
challenge starting with the letter "n"
My challenges for dbladm start with an H, although the secid challenges are all numeric.
reverse engineer these later firmwares
If you do RE them, be sure to let us know! My device is a rather flakey and I'm trying to get it working.
JacobMisirian
commented
6 years ago Ah I see. Well, currently I do not believe there are any public tools out there for breaking into those newer firmwares. So your device is safe from skids. However, if an APT such as a nationstate wanted to get into your box, they totally could. A good solution is to put your device behind NAT (like a router) and disable the telnet service by blocking the port with iptables.
mbrevda
commented
6 years ago My box is behind nat and is not accessible. What I need is access (for myself)!
It seems the algo was updated in later firmware. Does this still work? There also seems to be another user,
secid, that uses the device's serial number as past of the challenge