This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course.

http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html

Student ID: IoTE-728

 

I decided to apply what I had learned during the Offensive IoT Exploitation course and connected to the serial port of my Netgear WNR1000 v4 router with an FT232BL Serial-USB converter.

Connecting to a serial port of a device consists of the following steps:

  1. Search for the physical port
  2. If necessary, solder a connector on it for better maintenance
  3. Identify the layout of the pins
  4. Connect the other device to this serial port
  5. Identify the speed of the communication

 

After removing the cover plate, I searched for the serial port. This is usually 4 pin next to each other in one line. For easier maintenance I soldered a connector on them. This picture shows the position of the soldered connector on the DLink router motherboard:

dlink_wnr1000v4_1

In the next step I identified the ports. On the other side of the motherboard I found a pin which was different than the others. This pin was connected to the LED diodes. (Blue arrow on the picture)

dlink_wnr1000v4_2

I thought this pin was the GND. I switched on the router, waited until it booted and checked the voltage between this identified pin and the other three unidentified pins. The multimeter showed that the voltage is constantly -3.3V between this pin and another pin. (The black cable of the multimeter was connected to the supposed GND pin.)

multimeter

My first supposition was wrong. The first identified pin was not the GND, but the VCC and the latter was actually the GND. So far so good, I identified two of the four pins. Next I rebooted the router and checked the voltage between the GND and the two remaining pins. I noticed that the voltage was changing between GND and one of the two pins while the device was booting. This pin should be the Tx and the other one is the Rx. Here is the identified Serial port.

dlink_wnr1000v4_3

I connected the Serial-USB converter to the Serial port. The connections:

  • GND – GND
  • Rx – Tx
  • Tx – Rx

connection

I booted the device. The flashing red LED on the Serial-USB converter showed that the connections is probably correct and we receive some data. I connected the USB to my Windows machine. I searched for the COM ports. I found it as COM7.

serial1

Then I opened Putty and tried different baud rates. I found one which worked well (56k).

serial3

I rebooted the device and the boot messages appeared on the Putty terminal. After the device booted, I was able to issue shell commands.

serial2