/Exploit-HS8545M-ONT-2

Exploit Huawei ONT device

Primary LanguageShell

Exploit-HS8545M-ONT

Please read this guide carefully and at your own risk

Usage

Find an exploit to load userdefined ko module

use kernel module .ko to run a shell script[/mnt/jffs2/hw/get.sh] on system reboot, but before you need find an exploit in /etc/rc.d/rc.start/1.sdk_init.sh

  1. logical exploit in line 200-206
  2. mkdir -p /mnt/jffs2/TranStar/
  3. cp -rf /lib/modules/hisi_sdk/* /mnt/jffs2/TranStar/
  4. in order to excute line 261-262, change obj.id = "0x00000001" ; obj.value = "4"; in /mnt/jffs2/hw_boardinfo
  5. cp getshell.ko to /mnt/jffs2/TranStar/hi_epon.ko

Open getshell.ko module, compiled by hongs

use linux 3.10.53, and change vermagic=3.10.53-HULK2 SMP mod_unload modversions ARMv7 when you compile it

Other

add by hongs. 2019/10/02

modify 2021/1/25

test for HS8545M, V3R017C10S105, 1007.A, SD5116 CPU.

test for HS8545M5, V5R019, SD5117 CPU.

Credits

hongs, 0nday and others (see source code for details).