Thursday, March 21, 2019

Hacking Huawei HG8245Q / HG8245Q2 ONT (from Batelco) to get Administrator access

Only low privilege access using default username password. Superuser access credential unknown...

Aim: To get superuser access.


Superuser Access 

Superuser password hash (Cracked to get full access)

Read more!

Wednesday, February 13, 2019

Hacking Infinova V1772N-T series PTZ camera (for remote restart)

Hacking Infinova V1772N-T series PTZ camera to solve irritating hanging issue, where web interface becomes unresponsive.

Issue: Camera web interface becomes unresponsive after running for few days. Can't access the camera through web browser even though port 80 is open. Telnet daemon port 23 open but username & password are unknown. Contacted Infinova support several times but no solution.

The only solution to get the camera up and running is to physically power off / cut the power to camera and then power up.

Dumped the passwd/shadow file and cracked the root DES encrypted password.


Login via telnet using root credential and reboot the camera remotely or restart webs service.

After getting root:

root@INFINOVA # cat /proc/mtd
dev: size erasesize name
mtd0: 000c0000 00020000 "mboot1"
mtd1: 00320000 00020000 "kernel1"
mtd2: 00320000 00020000 "kernel2"
mtd3: 00220000 00020000 "initrd1"
mtd4: 00220000 00020000 "initrd2"
mtd5: 04680000 00020000 "rootfs"
mtd6: 0ae40000 00020000 "data"

Read more!

Sunday, January 3, 2016

Zain Wimax Routers Collection

Zain Wimax Routers
(Huawei BM635 & BM636e)
Bypassed security measures to get free internet!

Read more!

Tuesday, July 21, 2015

Hacking G-Share2 (Satellite Card Sharing Client) Subscription

Expiry date: 2017-03-18

Expiry date: 2016-06-27

Expiry date: 2016-08-20

Changing SPI flash programmed with working OTP memory area

Read more!

Friday, November 28, 2014

Magnetic Stripe card reading/writing (Cloning)

Magnetic Stripe Encoder 

Magic Island card data
Adhari Park card data
Read more!