Contents
- Dismantling and getting a serial port connection
- Exploiting the camera using the uboot shell
- Analyzing the console login script
- Getting the firmware update
- asd
#!/system/bin/sh # A simple "login" equivalent to replace the open serial console on production, # to slow-down reverse-engineering. # If you can read this, it didn't work. if [ -e /system/etc/netatmo-production.txt ]; then PRODFLAG=`cat /system/etc/netatmo-production.txt` if [ "$PRODFLAG" -eq 0 ]; then exec /system/bin/sh fi # prod=1 or file missing : ask for password fi DBLIBTOOL=/system/bin/dblibtool # md5 of the md5 of rsa BIGSECRET="4ca9f3a5ce53a81a12af0f6c22a5775d" while true; do MAC=`${DBLIBTOOL} -get 1` SECRET=`${DBLIBTOOL} -get 3` echo -n "Firmware version: " cat /system/etc/netatmo-version.txt VALIDSECRET=1 if [ -z "$MAC" -o -z "$SECRET" ]; then echo "NSC[] : dblib not configured yet" VALIDSECRET=0 fi if [ ${#SECRET} -lt 6 ]; then echo "NSC[$MAC] dblib secret invalid" VALIDSECRET=0 fi # Only need to type first 6 characters of SECRET SHORTSECRET=`echo -n "$SECRET" | /system/bin/busybox cut -c 1-6` echo -n "NSC[$MAC] password: "
#!/system/bin/sh # A simple "login" equivalent to replace the open serial console on production, # to slow-down reverse-engineering. # If you can read this, it didn't work. if [ -e /system/etc/netatmo-production.txt ]; then PRODFLAG=`cat /system/etc/netatmo-production.txt` if [ "$PRODFLAG" -eq 0 ]; then exec /system/bin/sh fi # prod=1 or file missing : ask for password fi DBLIBTOOL=/system/bin/dblibtool # md5 of the md5 of rsa BIGSECRET="4ca9f3a5ce53a81a12af0f6c22a5775d" while true; do MAC=`${DBLIBTOOL} -get 1` SECRET=`${DBLIBTOOL} -get 3` echo -n "Firmware version: " cat /system/etc/netatmo-version.txt VALIDSECRET=1 if [ -z "$MAC" -o -z "$SECRET" ]; then echo "NSC[] : dblib not configured yet" VALIDSECRET=0 fi if [ ${#SECRET} -lt 6 ]; then echo "NSC[$MAC] dblib secret invalid" VALIDSECRET=0 fi # Only need to type first 6 characters of SECRET SHORTSECRET=`echo -n "$SECRET" | /system/bin/busybox cut -c 1-6` echo -n "NSC[$MAC] password: "