bufferoverflow

Alpha Networks Inc. Want to Backdoor Your Router

Posted on Updated on

In recent news posted on the Dev ttyS0 blog that a spin-off company of D-Link called Alpha Networks Inc. has embedded a backdoor to various D-Link and Planex firmware.

The blog post titled “Reverse-Engineering a D-Link Backdoor” really does a great job showing the step-by-step process the author took find the back door. There are nice visual diagrams and code fragments too.

In a nut shell, the genius programmers at Alpha Networks Inc. wrote some programs or services that needed to change the routers settings remotely. Knowing that the HTTP server on the device could do this, they thought to re-use its functionality. Yeah, 1 step forward, but it needs a password to log in so they though to add a routine to by-pass the authentication check based on a static user-agent, 2 steps backwards or rather 100 steps backwards into a pit of stupidity.

It’s bad enough they got one or more programmers who thought of doing this, it is even worse when you see what the user-agent string is; here have a look:

xmlset_roodkcableoj28840ybtide

Now for the grand moment of where genius meets idiot, spell that backwards!

editby04882joelbackdoor_teslmx

Yeah, Thanks “Joel” and I bet 04882 must be your employee ID code or something else that might be personally or professionally related to you. Thanks for backdooring D-Link firmware. This was already found by Russian hackers in 2010, so who know how long this might have been exploited for.

*** Update ***
Posted buffer overflow exploit proof of concept code on devttys0.com check it out here