New features to curcfg_tool [Failure]
Sunday, October 19. 2014
The original post about curcfg_tool.
So I decided to add couple of new features to my tool. However, neither of of them work. 
Asiantuntijakaveri-blog introduced hack to run commands on boot: Persistent customizations to Huawei B593u with stock firmware. I added a feature to do that:
./curcfg_tool -rc "update-westerneurope.huaweidevice.com ; /upgflash/init.d/rc.local" -w
The flaw is in the httpupg-command startup. It takes the server address from curcfg.xml, but it doesn't escape it properly. This makes it possible to piggy-back any command on it. The thing is, that in my B593, the automatic firmware upgrade does not run automatically. I can go trigger it manually. At that point it runs my script I created at /upgflash/init.d/rc.local. My hope was, that system would run it automatically on bootup, but it doesn't.
Another thing I added was NTP-server change. I don't know where the list comes from, in my case it is completely ridiculous. However, the source for information is not from curcfg.xml. For example:
./curcfg_tool -ntp1 ntp.dnainternet.fi -ntp2 fi.pool.ntp.org -w
... doesn't change anything. The new servers don't appear at the list in GUI, nor the system doesn't update time from them.
Crap! Both attempts failed miserably. Please drop me a comment if you have anything to add to those ones.
bob on :
Is that possible to use on b593s-22 with a default admin/admin on access on gui. Unit is from Huawei_B593s-22 http://192.168.1.1 default password admin. Thank you.
bob
Jari Turkia on :
The thing is, I've promised a couple of times to go borrow an s-22 which seems to be the currently sold mode here. I'm sure, there are couple of cracks in that one too, to be hacked.
bob on :
Thank you..
bob
JR L on :
Jari Turkia on :
Erwin on :
http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=36365
http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=36363
http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=17924
Jari Turkia on :
Can you please explain me what can I do with Huawei distributing BusyBox source code? If I'd need them I'd go to http://www.busybox.net/ and get it.
Huawei's "GPL" is a discgrace. They're not distributing every GPLed part they're using in the firmware and what they are distributing is absolutely worthless to anybody.
Anas Hamada on :
I'm new to hacks on these devices & have curious question.
So I have an LTE subscription package on my smartphone & I took the sim card out to use it in B593s-22 modem.
It did seem to work as all LEDs on devices were indicating (signal, mode, internet, devices) but actually no device connected to B593 modem could have established internet connection.
I called my Carrier support and explained that, they said that they are on purpose preventing the use of their sim cards on Modems, they only allow smartphones.
So the question is, is there some sort of hack to get around this? I'm not sure how do they detect me as modem user to block connection, but I'm guessing through IMEI? is it possible to spoof that? or is there any solution?
Jari Turkia on :
It is possible to program a ISO/IEC 7810 smart card to do pretty much anything, including device detection.
A quote from book Smart Card Programming by Ugo Chirico: "A microprocessor-based smart card is very trustworty and hard to hack and it can process and store information with high reliability while preserving its safety."
SIMs are one example of well designed smart cards. I don't think they ever had any security flaws.
Valtteri Holopainen on :
I bought newer model E5186 (Speedbox III) with T-mobile firmware inside.
There is no upnp setting page in this firmware, but I've found that it is possible to set.
If I go to http://192.168.8.1/html/upnp.html it redirects to homepage.
http://192.168.8.1/js/upnp.js looks like this:
http://pastebin.com/ZRaMZ1BM
http://192.168.8.1/api/security/upnp is 0
How can I send command to upnp.js to set upnp to 1?
Thanks!
Jari Turkia on :
This is one article about that piece-of-crap protocol nobody should have or use.
http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/
Pasi on :
This is "general" comment or question... I have a plan to buy this one for a 4G router but it seems there is no bridge mode?
It seems that you have a lot of information about B593 and that's why I am asking it. Reason for that is I want my pfsense firewall is doing all things conserning dhcp/nat/fw things...