Replace data_center - Githubissues

Saturn49 / wecb

Firmware for Actiontec WCB3000N (Time Warner fork)

15 stars 6 forks source link

Replace data_center #7

Open Saturn49 opened 5 years ago

Saturn49 commented 5 years ago

This is a big issue, and likely one that will prevent any real further progress hacking the WCB3000N. I found one process called "data_center" which seems to be the heart of the configuration logic for this device. Unfortunately, it is closed-source and pre-compiled in this directory: https://github.com/Saturn49/wecb/tree/master/rtl819x/users/ctl/files/target/wecb/bin

I've attached the output from a run of it below, it looks like it sets up the network bridging and such, as well as serving as data storage for the web UI - the web cgi scripts looks like they are just a client for this server.

data_center_output.txt

It doesn't look like it is much more than a wrapper around some ioctls and shell commands but still not something I want to pick apart.

jhujhujhujhu commented 4 years ago

That's really annoying. I was wondering why I couldn't find the source code for data_center. You know what would be helpful is if we could find serial headers.

jhujhujhujhu commented 4 years ago

I'm not sure data_center is needed anymore after it sets up the bridge. I just killed both data_center and the script that keeps reloading it. Nothing adverse seems to have happened (although free memory jumped from 15MB to 29MB, and also can't login to the web interface). I then killed telnetd, and obviously couldn't log back in. So then I reloaded it via the webserver method and could log back in again. Still can't find anything adverse happening.

Next step is to prevent data_center from loading at boot and see what happens. It looks like it might setup ethernet? or MoCA? I'm not sure. I ordered a multimeter in order to find a serial port in case it actually does brings up ethernet.

jhujhujhujhu commented 4 years ago

I've decompiled data_center, but I'm not very good at MIPS assembly right now. There's a lot of references to tr69, a reference to telus, vz, and other things.

Edit * Found a free decompiler that my tax dollars are paying for over at https://ghidra-sre.org/ . This thing is pretty neat. Slogging through MIPS assembly is kind of hard so having a decompiler helps.