Thursday, March 21, 2019

Hacking Huawei HG8245Q / HG8245Q2 ONT (from Batelco) to get Administrator access

Only low privilege access using default username password. Superuser access credential unknown...

Aim: To get superuser access.


Superuser Access 

Superuser password hash (Cracked to get full access)

Read more!

Wednesday, February 13, 2019

Hacking Infinova V1772N-T series PTZ camera (for remote restart)

Hacking Infinova V1772N-T series PTZ camera to solve irritating hanging issue, where web interface becomes unresponsive.

Issue: Camera web interface becomes unresponsive after running for few days. Can't access the camera through web browser even though port 80 is open. Telnet daemon port 23 open but username & password are unknown. Contacted Infinova support several times but no solution.

The only solution to get the camera up and running is to physically power off / cut the power to camera and then power up.

Dumped the passwd/shadow file and cracked the root DES encrypted password.


Login via telnet using root credential and reboot the camera remotely or restart webs service.

After getting root:

[email protected] # cat /proc/mtd
dev: size erasesize name
mtd0: 000c0000 00020000 "mboot1"
mtd1: 00320000 00020000 "kernel1"
mtd2: 00320000 00020000 "kernel2"
mtd3: 00220000 00020000 "initrd1"
mtd4: 00220000 00020000 "initrd2"
mtd5: 04680000 00020000 "rootfs"
mtd6: 0ae40000 00020000 "data"

Read more!

Sunday, January 3, 2016

Zain Wimax Routers Collection

Zain Wimax Routers
(Huawei BM635 & BM636e)
Bypassed security measures to get free internet!

Read more!

Tuesday, July 21, 2015

Hacking G-Share2 (Satellite Card Sharing Client) Subscription

Expiry date: 2017-03-18

Expiry date: 2016-06-27

Expiry date: 2016-08-20

Changing SPI flash programmed with working OTP memory area

Read more!

Friday, November 28, 2014

Magnetic Stripe card reading/writing (Cloning)

Magnetic Stripe Encoder 

Magic Island card data
Adhari Park card data
Read more!

Testing: Firetide Mesh Node HotPort 7100

Firetide HotPort 7100 (inside)


Read more!

Monday, November 10, 2014

Zain Broadband 2.0 (Security flaws): Free Internet/VoIP calls with Huawei Echolife BM635

Screenshot (Telnet Session)
  • Login to Huawei Echolife BM635 via telnet.
  • Enter username / password and then press ENTER
    username: huawei
    password: Adt26BnE
  • At ATP prompt
    type setallmacaddr XX:XX:XX:XX:XX:XX & then press ENTER (where XX:XX:XX:XX:XX:XX is a valid WAN MAC address)
    e.g. ATP> setallmacaddr 4C:54:99:12:12:12
  • Type restoredef & press ENTER
  • Huawei BM635 will restart with new MAC address and default configuration.
  • If done correctly then you will be connected to the Internet (with  subscriber IP address)

Free VoIP Calls (Untraceable calls)
Security threat

Screenshot (VoIP)
  • Point your browser to
  • Login using admin:2gzVL6MT
  • Click on Basic > VoIP > SIP User
  • Enter SIP Super Password (link)
    then enter a valid VoIP number in SIP ID & Username fields
    Note: SIP ID & Username are same i.e.
    SIP ID: 13644272
    Username: 13644272
    Password: [email protected]#$%^&*()_
  • Click on Apply then on Register

You can check the status of VOIP registration under STATUS > VoIP

Note: This will only work if you are using Zain WiMAX
  • If done correctly then you can call for free (using subscriber call credit)

Read more!

Monday, November 3, 2014

Zain Broadband 2.0 (Wimax): NEW Admin Password

Zain Broadband 2.0 Updated

(Admin Password of Zain Broadband Device with updated firmware)

Huawei Echolife BM635

Get Full Access to your device (OWN IT)

WebGUI Login Detail
Username: admin
Password: 2gzVL6MT

Telnet Login Detail
Username: huawei
Password: Adt26BnE

SIP Super Password
 Password: Reverse WAN MAC + R3bKaA

Wimax Super Password
 Password: Reverse WAN MAC + hUm2A786

 For Example
If WAN MAC is 84:A2:5F:3D:CD:2E 
then Reverse WAN MAC will be E2DCD3F52A48


Read more!

Sunday, January 5, 2014

Wireless radio development

in progress....

Read more!

Monday, February 25, 2013

Motorola PTP 400 wireless link

Panel Antenna used for Motorola PTP 400

Main Board


Web interface

Read more!

Wednesday, October 3, 2012

Bahrain: Re-Hacking Zain Broadband 2.0 admin password

Zain Broadband 2.0

Login Screen (of new firmware with admin password changed)

 Super Password (to hack!) - DONE! <check below>

Telnet Access (hacked!)

And the last piece of puzzle "Super Password" 

here we go .....


Read more!

Tuesday, June 19, 2012

GPS Tracking & WiFi hacking

WiFi Location

SSID: Signal Temp
WPA key: N0Sm0king 

Read more!

Tuesday, November 8, 2011

Zain WiMAX Bahrain: Admin passwords

ADMIN Passwords of various ZAIN WiMAX Devices

Zain WiMAX aka Zain Broadband 2.0

Get Full Access to your device (OWN IT)

Huawei Echolife BM635
Username: admin
Password: [email protected]

Username: admin
Password: [email protected]

Username: zain
Password: [email protected]

Read more!