skip to main |
skip to sidebar
I have a ADSL modem at my disposal at my office. I am going to test my learnings from my personal Broadcom Beetel router in my home.
This ADSL modem is supplied by BSNL. This device has got 4 LAN Ethernet ports and has a Wifi-AP built in. Wan side, it connects to a ADSL enabled POTS line.
I have logged into GUI. surprise surprise, I saw the exactly the same look and feel of my Airtel -supplied-beetel modem. Of course It shows some wifi menu, vpn config menu and more capable firewall menus. Apart from these same font, same color, same table everything same. I checked the bottom of device, it shows it is made by UTStarcom and manufactured in China. My home modem has No info though. It should be either Beetel modem is also manufactured by UTStarcom OR Broadcom chip vendor has supplied the same code base to these OEMs.
I ventured telent-ing into the box. I see 'some' difference here though. I see fixed menu showing. In my home modem, you have to press ? to get the list of commands supported. I typed 'sh' to get a unrestricted busybox shell -so that is same. Just like beetel modem this box's software bulid doesn't support 'ls' command so used 'echo *' to list the files. Software sports 2.6.8 kernel and gcc version 3.4.2, uClibc library. The software version of the box has 'bsnl' in it. It suggests me that code base for both BSNL and Beetel modems are same and separately built.
The Hardware is has got some more muscle
Wifi Chipset,
4 LAN ports
14MB RAM
3MB Flash
It makes sense as my office is using business class ADSL .
I have one more ADSL+everything kinda box with me. it is imported!! I am going to work on it and make it work with BSNL Line. Hope it works, Watch this space for updates.
Looks like the bcm96338 based modems are widely used by Indian ISPs not just Airtel.Little bit more google helped me break into the box. Thanks to http://www.cyberciti.biz/tips/hacking-beetel-220x-adsl-router-broadcom-bcm6338.html for the tips.
I found 2 major flaws in the ADSL-router software.
Hack#1: In web browser, key in http://192.168.1.1/main.html Bingo! It opens the web interface No Login/Password asked!! Must be a developer's page, overlooked during release!!
Hack#2: After logging in to telnet, type 'sh' it opens helplessly a Busybox shell coming out of the fixed menu, revealing entire system. so much for 'hardening'!!
Tip: there is no ls.use echo * instead.
In the last post I had mentioned that I am going to find our CPU and Linux Info. Once you got the entire shell these are the least of the info you can find.
Just for the record, The system has IPTables and ebtables, runs linux 2.6.8, gcc version 3.4.2. Looks like the vendor has not been spending $$ on software lately.
Syaonara.
I have been using Airtel's DSL connection for some time now. I always wanted to see what the are all the capabilities of my "Modem" sitting on my desktop. The Modem reads Beetel 110Bx1 ADSL2 + Router. Today finally I got down to the device and took a look at the beast.
It is a simple device is running (hardened) Linux.
Hardware
- 6MB RAM
- 1.4MB Flash (fully utilized)
- Broadcom chipset, revealed during telnet login.
BCM96338 ADSL Router
Login:
- Single core CPU
- one RJ45 for LAN and One RJ11 for ADSL input line.
Software
- Telnetd , Login:admin, pwd:password
- Httpd (microhttpd, which is very light weight) Login:admin, pwd:password
All config are possible thru web interface.
- No SSH
- Shell is hardened - exposes very limited set of commands.
- Linux contains bridge utilities(brctl is available) The device is actually 'Bridge'.
- Runs a NAT
- Runs simpler form of ACL on Firewall
- Being Linux, it has QoS which is marking of packets with DSCP Values for selected source/destination IP/Port combination.
- It Also has DMZ and D-NAT.
- DHCP and DynDNS client.
- My modem says it runs "3.12L.01.A2pB023k.d20k_rc2" version.
- NTP Client
- as i suspected it runs Busybox v1.0
- All these are packed in 21 processes! (plus my telnet process)
Considering the software functionality and corresponding hardware muscle, It means there's no flab in system. The developers have definitely done a good job. This box says, it is imported by Bharti Teletech Ltd. Too bad it doesn't show who is the original manufacturer even worse country of origin too.
Kudos, whoever developed this 'Router' which works just fine, doesn't use too much resources and still provides all needed s/w features.
What I do not know now is the CPU speed, make Linux version. Let me see if i can break in and find out this.
