Difference between revisions of "Belkin Wemo​"

From Exploitee.rs
Jump to navigationJump to search
m (1 revision: Moving from DC22 to main site.)
m
 
(2 intermediate revisions by 2 users not shown)
Line 7: Line 7:
== Purchase ==
== Purchase ==
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device.
[http://www.amazon.com/gp/product/B00BB2MMNE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00BB2MMNE&linkCode=as2&tag=gtvcom-20&linkId=AKX4PJGS77XSRG57 Purchase the Belkin Wemo at Amazon]
[http://www.amazon.com/gp/product/B00BB2MMNE/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=B00BB2MMNE&linkCode=as2&tag=exploiteers-20&linkId=AKX4PJGS77XSRG57 Purchase the Belkin Wemo at Amazon]


== UART Pinout ==
== UART Pinout ==
Line 29: Line 29:


A second bug allows you to boot a new kernel or execute bootloader commands by holding down buttons 0-4 when powering on. This will let you boot a new kernel, or drop to a U-Boot shell and enter your own commands.
A second bug allows you to boot a new kernel or execute bootloader commands by holding down buttons 0-4 when powering on. This will let you boot a new kernel, or drop to a U-Boot shell and enter your own commands.
==Root Demo==
{{#ev:youtube|VQ-DMW-b9rM}}
[[Category:Belkin]]

Latest revision as of 16:52, 3 January 2017

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

BelkinWemo.png

This page will be dedicated to a general overview, descriptions, and information related to the Belkin Wemo​.

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the Belkin Wemo at Amazon

UART Pinout

Exploitation

The Wemo has been the subject of many exploits, and below is another one that was believed closed by the community:

While booting the Wemo in Recovery mode, a root console is accessible for under 1 second via UART. Within this time a command can be run to terminate the reset process, leaving us with a root shell and full device access.

Start by connecting a UART adapter, as outlined in the above section, console speed 57600,8N1. Hold the recovery button while powering on the Wemo, and keep it held for 10 seconds.

When seeing output regarding flash erasing, paste the command below and hit enter. Repeat until you get a root shell!

kill -9 $(ps | grep 'reboot'|sed -r -e 's/^ ([0-9]+) [0-9]+/\1/')


A second bug allows you to boot a new kernel or execute bootloader commands by holding down buttons 0-4 when powering on. This will let you boot a new kernel, or drop to a U-Boot shell and enter your own commands.

Root Demo