Friday, June 21, 2013

Western Digital My Net N600 - telnet

For the people who Google brought them here don't want the long story here are the steps to get in:
1) Go in your router's address in your browser
2) Sign in
3) Navagate to http://192.168.1.xxx/telnet.php
   There is no link to this page in the settings so you do have to navigate there manually
4) Turn telnet on, save
5) Open a CLI window and run telnet 192.168.1.xxx
6) Username: Alphanetworks
7) Password: wrgnd16_wd_db600
8) (if the password is not wrgnd16_wd_db600, open the firmware in a hexeditor and use the "signature") 
------------------------------------------
I got a Western Digital's "My Net N600" router that I got for free thanks to Intel. One day I got bored and wanted to play around with it. A couple hours later I finally managed to get in.
Lots of routers support telnet so I tried the command:
~$ telnet 192.168.1.1
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Connection refused
I assumed I had to enable it. Nowhere in the router settings did it mention telnet. I almost gave up, but I found that Western Digital put the source up for everyone to see (they had to, it was GPL). Downloaded the source and found that there is a telnet.php in the base directory, it just looks half broken and no file links to it, but it still works.
~$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
login: root 
Login incorrect
login: admin
Login incorrect
login: telnet
Login incorrect for 3 times
Connection closed by foreign host.
~$ 
What could the username be? I continued to try wd, westerndigital, mynet600, and more. When those didn't work, I did a grep search for telnetd with errors suppressed:
~/Downloads/MyNetN600_GPL_v1.04.16$ grep -R -i -n 'telnetd' * 2>/dev/null
...
templates/aries/wd/pro/rc/init0.S80telnetd.sh:9: telnetd -l /usr/sbin/login -u Alphanetworks:$image_sign -i br0 &
...
~/Downloads/MyNetN600_GPL_v1.04.16$ 
Out of the 161 lines return, I found this command, which starts the telnetd server. I found my username! But it wasn't going to be easy for me. I noticed that the second half (the password) was $image_sign, a variable so I go and open that file to find that $image_sign was the contents of of file:
image_sign=`cat /etc/config/image_sign`
And that file didn't exists! When the firmware is made, the image_sign get generated, and I have no idea what the generated string would be. I consulted some people on some imageboards, one person suggested that "$image_sign should be in plaintext inside the firmware image." I grepped the file for image_sign, but it wasn't there. I couldn't give up because I was so close, so I opened up the firmware in a hex editor and this is what I first saw:
53A3A417 0000001C 00000000 7369676E ^...........sign
61747572 653D7772 676E6431 365F7764 ature=wrgnd16_wd
5F646236 30300000 5EA3A417 00000024 _db600..^......$
Ah ha! so it was saved as "signature", rather than image_sign! got the username password combo of Alphanetworks:wrgnd16_wd_db600, and we are good to go!
~$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
login: Alphanetworks
Password: wrgnd16_wd_db600

BusyBox v1.14.1 (2012-12-14 15:43:34 CST) built-in shell (msh)
Enter 'help' for a list of built-in commands.

# help

Built-in commands:
------------------
        . : break cd continue eval exec exit export help login newgrp
        read readonly set shift times trap umask wait

# uname -a
Linux MyNetN600 2.6.31--LSDK-9.2.0_U8.834-svn4367 #1 Fri Dec 14 15:43:09 CST 2012 mips GNU/Linux
# cat /proc/version
Linux version 2.6.31--LSDK-9.2.0_U8.834-svn4367 (bouble_hung@Zeus) (gcc version 4.3.3 (GCC) ) #1 Fri Dec 14 15:43:09 CST 2012
# exit
Connection closed by foreign host.
tachis@Tachis-LT:~$ 
Apparently a google search for wrgnd16_wd_db600 yields no results so I would have never found it if I didn't use the hex editor
I had fun, and hopefully someone else might be able to log into their router too.

Tuesday, March 12, 2013

Evil Experts-Exchange

Without doubt when I search for a computer related problem, Experts-Exchange pop up. Taunting me with the answer, but asking me to pay to view it.

But that's not evil right? They are providing a service for money. What is particularly evil about whatever website designer made this site is they have the answers display to the search engine bots, so that their pages are more relevant and come up higher in the results. Also the sample text Google provides will usually have almost the answer, trying to pull you in to pay.

There use to be a flaw in their plan. Whenever someone found their site, they would view the cached version by google, and were able to see the "hidden" answers. However, they have pulled the cached version, so that option is not available anymore. So what do we do?

Enter User Agent Switcher. When you visit a site, your browser tells the server which browser you are using to better help the server display it's contents. Well, experts-exchange decide that they are going to display their results to the Google Bot, and by using User Agent Switcher, you can pretend to be the Google Bot. After installing User Agent Switcher, go to tools -> default user agent -> Spiders -> Google Bot 2.1, and visit the site. Scroll down the the bottom the read the results for free. Just remember to switch it back to default when you are finished.

Sunday, July 22, 2012

Background Image Location

I was looking for the current background image's location.  It took me a while to find it.

Here it is:
%AppData%\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Friday, June 22, 2012

Tixati's Secret Command Line

For a long time I've be wishing for some command line options for Tixati.

One day I enabled Tixati to start with windows hidden in system tray, with a 1 minute delay.  Windows doesn't support these options, so they had to be program specific...

Curious I investigated how it's done and I found the startup entry listed as this:

"C:\Program Files\tixati\tixati.exe" -starthiddenintray -d1

So I found some secret Command line parameters not mentioned in any guide:
-closenow: exits any running program
-starthiddenintray: start hidden in tray (self explanatory)
-startminimized: start minimized (self explanatory)
-d# delay of how long Tixati should wait before working (It still has it's icon in the tray waiting.  you can click it beforehand to launch immediately)

I wonder if there were any other command line switches?

Edit: using procexp, I searched the strings and found "closenow" near the other two strings.   Tested to work so adding to the list

Monday, May 14, 2012

Getting notepad to obey

I always wanted notepad to be ran as admin.  I can't think of a case where I didn't want it to be.  So I browsed to notepad.exe and was going to turn on "always run as admin" but the option was blanked out.  I figured out how to bypass that though.  Do these three easy steps if you want always admin notepad
  1. open regedit.
  2. go to:
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  3. add a value (a string):
    Name: C:\Windows\system32\notepad.exe
    Value: RUNASADMIN
That's it!  I never see any privilege error messages again using notepad.  You can do this for any application, but be aware that it will always be ran with elevated privileges.

Saturday, May 12, 2012

Fix the windows OS Letter assignment

Hello!

I recently move a few partitions on my hard drive, and when I booted up windows... boot error.

That's somewhat expected so I tried to use startup repair, it worked... until I got stuck right after the loading screen.

I found that "C:" was missing, and "D:" was assigned to what "C:" should be. Here's how I fixed it:
  1. Before you shutdown, make a note of what letter is currently incorrectly assigned, in my case, it was "D"
  2. First of all, you need your windows disk, plop it in, and boot from it. When it finishes loading, do not click install. Instead, click repair.
  3. Lauch command prompt
  4. We can't just use regedit to fix the problem because we are in a windows pre-install enviroment, with it's own registry.  So we need to run a command:
    reg load HKLM\TempOS C:\windows\system32\config\system

    Now, "C" might be the wrong letter! windows preinstall enviroment automatically assigns letters to the drives and partitions of your computer.  You may need to use these commands
    cd /d [Letter]:
    dir

    the first Changes Directory.  /d means change to a different Drive, then you would type C: D: E:, etc.
    the second command lists the folders and files of the drive.  If you see "windows" and "program files" then congrats you found the drive/partition that you want to fix
  5. type regedit to open the registry editor
  6. browse to HKLM/TempOS/CurrentControlSet/MountedDevices
  7. find the value that has \DosDevice\C:
    rename that to any other untaken letter
  8. find the value that has \DosDevice\[the incorrect letter]:
    this should be the letter that you took note of in step 1.  rename that one to \DosDevice\C:
  9. Exit regedit, and run this command
    reg unload HKLM\TempOS
  10. Reboot and all should be well!
Hope that worked.  As always, comment if you have any questions or need help!

Thursday, April 5, 2012

Windows 8 and Intel graphics driver

Edit: I'm surprised that people are still look at this blog post.  It's a bit outdated (around 8 months 3 years). It seems people are still dealing with this... So I'm going to clean up this guide.
  • Next "Unknown" mentioned that there was no need to mod any files for his Intel 965 Express chipset. This probably dependent on the specific installers for each chipset.  Before modding the files, just try it!  Hopefully you'll get lucky.
  • Next "Testr" from the comments provide a link to some preedited drivers on windows eightforums.  These drivers are made by people much smarter than I and will most likely work the best for you.  If your chipset is not in that link I still suggest that you search the windows eightforums first.
If none of that worked for you, here is the old guide. Good luck!:
This guide is to install graphics drivers for the "Mobile Intel(R) 4 Series Express Chipset Family (GM45)," and perhaps other similar integrated Intel graphics drivers for windows 8 or 8.1

Intel did not come out with drivers for Windows 8 that supports OpenGL (for things like Minecraft). We are going to use Windows 7's drivers, but they won't just install on a mismatching version of Windows. Here is the result of my efforts to get this to work:
  1. Download the Windows 7 drivers (zip) for your architecture (x64 or x86) Here is the download page for those having the 4 Series like me:
    4 series (32-bit)
    4 series (x64)
    If you have a different series, go to Intel's download center and search for your chipset series­
  2. Unzip it, and open that folder. (Do not just double click the zip file or you could have problems opening, editing, saving, and running the installer!)
  3. Open the subfolder "Graphics/"
  4. Find igdlh64.inf.  32bit will probably be named similar.  It'll be the only .inf (setup information file) in that folder.  Open it with Notepad Find the line that says:
    [Manufacturer]
    %Intel%   = IntelGfx, NTamd64.5.1, NTamd64.6.0, NTamd64.6.2 
    
    [IntelGfx.NTamd64.5.1]
    ; no install on XP
    
    [IntelGfx.NTamd64.6.2]
    ; no install on Win8
    
    [IntelGfx.NTamd64.6.0]
    %iCNTG0% = iCNT0, PCI\VEN_8086&DEV_2A42

    Edit that to remove the OS checking. We will deleted everything in red. When you are done it should look something like this
    [Manufacturer]
    %Intel%   = IntelGfx, NTamd64
    
    [IntelGfx.NTamd64]
    %iCNTG0% = iCNT0, PCI\VEN_8086&DEV_2A42

    ---If you are running 32 bit windows, this should be the end of the guide for you. Run the installer and it should work--
  5. If you are running 64 bit windows, then you will encounter a signed driver problem, because we are trying to install drivers that weren't "signed" (they were not checked for compatibility, etc.) for windows 8. We are going to have to disable driver enforcement. To do that:
  6. Restart your computer by hold the shift key and push the restart button.
  7. Find disable driver enforcement, and boot up with that option.
  8. Finally Go back to the Intel folder and run setup.exe.  When the red box of doom pops up saying it's unsigned, accept it (you can trust Intel).

    ---If your setup was like mine, this might be the end of the guide for you.  If it works without any more complication, reboot and enjoy.  If you are having more problems, continue---
  9. Still having Problems?  This part didn't apply to me, but joshmertz had some other problems. Specifically: Setup.exe is not looking in the right spot for MediaSDK.
  10. First thing you want to do is go to C:/intel/logs/IntelGFX.log.  This shows what went wrong during installation.  Scroll down to the bottom.
  11. IF you see this:
    [Install]
    Looking for MediaSDK configuration at
    C:\Users\Username\Downloads\Win7Vista_64_151718\Graphics\MediaSDK\config.ini
    * config.ini not found
    Reading action file 
    C:\Users\Username\Downloads\Win7Vista_64_151718\Graphics\setup.if2
    ! Error loading action file
    Then we are having problems with Intel's setup looking in the wrong spot. I'm not sure why, but this can be solved by copying setup.if2, setup2.if2 files, and the MediaSDK folder, then pasting them inside the Graphics Folder. Try to install again.
  12. If this doesn't work, post your log in the comments and we'll see if we can fix it!
Congrats. if nothing went wrong, you now have new video drivers.  If something isn't working (or heaven forbid you computer explodes) write me a comment, and I'll see what I can do to help.