Belkin Wemo​

From Exploitee.rs
Revision as of 16:52, 3 January 2017 by Martiniturbide (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

BelkinWemo.png

This page will be dedicated to a general overview, descriptions, and information related to the Belkin Wemo​.

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the Belkin Wemo at Amazon

UART Pinout

Exploitation

The Wemo has been the subject of many exploits, and below is another one that was believed closed by the community:

While booting the Wemo in Recovery mode, a root console is accessible for under 1 second via UART. Within this time a command can be run to terminate the reset process, leaving us with a root shell and full device access.

Start by connecting a UART adapter, as outlined in the above section, console speed 57600,8N1. Hold the recovery button while powering on the Wemo, and keep it held for 10 seconds.

When seeing output regarding flash erasing, paste the command below and hit enter. Repeat until you get a root shell!

kill -9 $(ps | grep 'reboot'|sed -r -e 's/^ ([0-9]+) [0-9]+/\1/')


A second bug allows you to boot a new kernel or execute bootloader commands by holding down buttons 0-4 when powering on. This will let you boot a new kernel, or drop to a U-Boot shell and enter your own commands.

Root Demo