Tag Archives: embedded hacking
Rooting the Sphairon Speedlink 5501
Last week I was asked if I knew how to enable SSH access on a Sphairon (ZyXEL) Speedlink 5501. My previous technique for the HomeBox 3232 (also manufactured by Sphairon) did not work as the expected magic bytes in the … Continue reading →
Rooting and Looting of the o2 HomeBox 3232
In November 2012 I published a tool which decrypts configuration backup files of Sphairon-based routers. This tool was mainly used by o2 customers who wanted to extract their VoIP login data so they could use any router they prefer – … Continue reading →
AVM FRITZ!Box remote command injection vuln
Today I am featured in an article on heise.de. Have fun reading and do not forget to update your FRITZ!Box 😉
Arcadyan IAD Decrypter v0.05 released
Today I would like to announce a major update to the Arcadyan IAD Decrypter which you might know from the IP-Phone-Forum or from my previous blog post. It is now capable of decrypting the new “OBC6” configuration backup file format … Continue reading →
Extract VoIP login data from o2 Box 4421 and o2 Box 6431
Please note, that the information presented in this post may be outdated. An updated technique has been posted here. The German ISP o2 (which has acquired the brand “Alice” from HanseNet in 2010) tries to prevent its customers from installing … Continue reading →
Extract VoIP login data from an Alice IAD 3232 backup file
Please note, that the information presented in this post may be outdated. An updated technique has been posted here. The German ISP o2 Alice Hansenet enforces their customers to use the router that is distributed to them along with the … Continue reading →