Reaver Pro – Part II

If we have succesfull flashed the OpenWRT on the routers board, we can continue to flash the Reaver Pro Firmware. The setup is almost the same like in Part 1.

IMG_0406I did set the IP Address of the device to 192.168.1.1 and my Computer IP address to 192.168.1.254.

The zip file contains 3 files. ReaverPro-14.0.49.bin, staging-firmware.bin and latest.bin. We will start with ReaverPro-14.0.49.bin. We need the staging-firmware.bin as a step between that we can successfull upgrade to the newest version.

Please choose the operation:
   1: Entr boot command line interface.
   2: Load system code then write to Flash via TFTP.
   3: Boot system code via Flash (default).

You choosed 1

 0

ar7240> setenv serverip 192.168.1.254; setenv ipaddr 192.168.1.1
ar7240> ping 192.168.1.254
ar7240> tftp 0xa0800000 ReaverPro-14.049-beta.bin
ar7240> erase 0x9f050000 +0xf60000
ar7240> erase 0x9f050000 +0xf60000
ar7240> cp.b 0xa0800000 0x9f050000 0xf60000

Reboot Device and we should see something like this:

[   19.150000] device eth0 entered promiscuous mode
[   19.160000] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[   19.170000] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   22.070000] eth1: link up (100Mbps/Full duplex)
[   22.070000] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   33.910000] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[   33.910000] jffs2_build_filesystem(): unlocking the mtd device... done.
[   33.920000] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
[   75.900000] jffs2: notice: (974) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
procd: - init complete -



BusyBox v1.19.4 (2014-02-18 14:26:37 EST) built-in shell (ash)
Enter 'help' for a list of built-in commands.



 (                                 (
 )\ )                              )\ )
(()/(   (     )   )      (   (    (()/( (
 /(_)) ))\ ( /(  /((    ))\  )(    /(_)))(    (
(_))  /((_))(_))(_))\  /((_)(()\  (_)) (()\   )\
| _ \(_)) ((_)_ _)((_)(_))   ((_) | _ \ ((_) ((_)
|   // -_)/ _` |\ V / / -_) | '_| |  _/| '_|/ _ \
|_|_\\___|\__,_| \_/  \___| |_|   |_|  |_|  \___/


              reaversystems.com

root@OpenWrt:/#

Now we can connect over Ethernet to the PoE Port. Open a Browser and go to http://10.9.8.1

default login: raever / foo

reaver1

The attack webinterface has a green/black design. Under configure we can upload the staging-firmware.bin which is needed that we can go over to the newest firmware (otherwise it won’t work). This step took some patience. After reboot we can go back and upload the newest firmware latest.bin.

If everything works we see the attacker interface in a new look:

REaverPro1

 

Ersten Kommentar schreiben

Antworten

Deine E-Mail-Adresse wird nicht veröffentlicht.


*