Syndicate content

Hacking my NVG510 device

Earlz found a way to hack the NVG510 device and wrote a page about it: Rooting The NVG510 from the WebUI

He also offers a page that one can use to allow telnet connections to the NVG510 (by default it is locked up.) From there you can allow ssh and tftp connections too.

Note that this means if you are logged in your NVG510 and you click on a link on a bad server, you could actually allow remote connections from anyone! So that's a dangerous back door, although if you are not logged in the Web interface, then it is fine (assuming you do not then log in without thinking!?)

Just in case Earlz pages were to disappear, I wanted to have my own here.

First there is an IFRAME with the form used to enable the telnet on your NVG510. You first will need to log in your NVG510 and then enter the nonce value in the field as shown below:

Once you enabled telnet, you can start hacking the device with the following:

prompt$ telnet 192.168.1.254
Trying 192.168.1.254...
Connected to 192.168.1.254.
Escape character is '^]'.

login: admin
password: <same as website password>

Once in, you can use the help command to see all the available commands. This at least gives you access to most everything you need to tweak your device. However, there is more! When you first log in (in the root shell) you can enter the magic word:

NOS/12345678> magic

This gives you access to a new shell that is viewed as a debug shell. That debug shell can be used to tweak things just the same as the normal shell, although it has a different interface. To see all the values you can modify, try the different dump functions.

However, there is more! From inside the magic land, you can enter the nsh shell. That's yet another router like shell, although it allows you to see things in a different way, yet again!?

NOS/12345678/DEBUG/MAGIC> nsh

I do not think that this one gives you much more than the previous level, although that is the one the original author talks about.

Now what? Well! There is even more! To enter shell commands, you often use the bang character. It works in the nsh shell! So you just type bang, and bing! you're in a Unix shell logged in as root.

NOS/12345678/DEBUG/MAGIC> (nsh) !

#        <- Look!!! Unix root prompt!

Here you can see things that are not otherwise accessible. For example, I checked the iptables. That helped me a lot because I was really wondering how my routing tables, iptables, and Ethernet setup was working on my end. Now I know, most people do not need to go that far, but if you like Linux, you'll be in your environment!

The iptables were quite interesting too. Stronger than my previous router that would not do that much. So kudos to the designers (programmers from Motorola, maybe contractors like me, though!)

I found two PDF manuals that I'm (probably illegally, although I did not temper with them!) attaching to this page so it's easy for your (and especially I) to find them again. It is likely that they will disappear from the source where I found them, so it will come handy one day, I'm sure. 8-)

What all the router values do are quite simple to understand, to my pointer of view. What is really obscure should not be modified anyway. Note that you can setup the router to also accept ssh connections. I did not try yet, but it should be possible to setup an ssh key and login without password. If that's true, then I'll be able to better shape the upload transfers by taking the current speed in account. At this time I have 766kbps, but I'd bet that it will vary with time. I was doing that with telnet on the old router. Not practical! (rsh did not want to work right.)

As a side note, if the ssh key does not work, then there is sshpass!

apt-get install sshpass

Earlz was showing how to setup the SSH/telnet from the shell:

set mgmt.shell.ssh-port 22
set mgmt.shell.telnet-port 23
validate
apply
save

Set the port to zero to lock the port and whatever other valid port to enable the ssh/telnet feature.

AttachmentSize
nvg510-admin-handbook-v9.0.1.pdf2.03 MB
nvg510-manual.pdf7.82 MB

Re: Hacking my NVG510 device

Hi Brian,

It looks like they upgraded our modems under our nose! That could explain why I had some problems in the last couple of days.

My telnet connection still works, but the nsh is forbidden. I get the same error:

Unrecognized command. Try "help".

So I suppose that's that with this hack...

The former author also mentions that it fails on newer firmware.

Thank you.
Alexis

Re: Hacking my NVG510 device

I was able to do these commands before but now I get Unrecognized command. Try "help". after using !
NVG510 software version 9.0.6h2d30
I telnet to the router and enter admin and access code and i get:
NOS/137162757700208>
after magic, i get:
NOS/137162757700208/DEBUG/MAGIC>
after ! i get the error

What did I do wrong?
Thanks,

Syndicate content

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • Drake
  • grave
  • hard drive

    A hard drive is a device that save a large quantity of data for later recollection.

    Most hard drives today use a magnetic system to save the data. However, those do get really hot and tend to break easily because they use a mechanical head (after 4 to 5 years.) Yet, they have an incredible capacity with drives that can hold as much as 2Tb.

    New modern drives use flash technology. This is like your USB thumb drive. It does not get hot, it is silent, it has much faster read access (no head to move.) It has two drawback: (1) it has a rather slow write and (2) the capacity is still quite small (at time of writing we are starting to get 128Gb drives...) The price is also much higher, but if you consider that these drives will probably last you twice as long as the magnetic drives and you won't need extraneous cooling systems, overall, it probably still worth it.

  • HTML
  • wireless