NVG510 Fixer -- An Android Application

New Application/Method

Someone by the moniker of Blend3r contacted me with a new method of rooting both the NVG510 and NVG589 modems. It does require downgrading the firmware, but it looks easy enough to execute. He provides a Java app, or a write up on how to do it manually. I did a cursory check through the Java code while writing this, but he can of course change it at anytime. I trust him enough to link to him, but if you're security paranoid it is best to do the DIY method instead of using his app.

Anyway, his website is http://nvg589.tk/

Do not contact me about problems with his tool/method unless you think it's a virus or something like that (so I can unlink it). I looked through it and it makes sense to me, but I by no means support any of these. Don't ask me for help on how to do it, etc etc.

(the rest is left here for archival/historical purposes)

App was pulled from Google Play. The app violated Google's ToS out right, so there's nothing I can really do to appeal it and get it listed again. So, I'm making it free for everyone to download and side-load on their android device.

Download the latest binary release here: http://earlz.net/static/com.earlz.nvg510fixer.v2.2.apk

Also, this application is now open source! (albeit very dirty source code) You can find the source code on github.

I was selling it for $3 on Google Play, so if this app helps you, consider donating. My paypal address is earlz -at- earlz dot net. My Bitcoin address is 178DgR2aZcHeYHhXZwtvcJ5RD13Y6YMQBf, or my Dogecoin address is DLY7Vh8oDYLRxQLFAg2PruA15zFMRqoXGu.

About NVG510 Fixer

I get a lot of people coming to this site every day for fixing problems with the AT&T U-Verse NVG510 modem. I found the information to fix the common problems and root it. However, the procedure for fixing this is a bit technical. So, I made the Android application NVG510 Fixer. An Android application makes it a lot easier for you, but I also get to make a tiny bit of money along the way (have I mentioned there is a baby on the way!?)

First off, make sure the IP address of your modem is correct. If you don't know what an "IP Address" is, don't worry about it. This should only be different if you explicitly set it differently (which there is no reason to do)

Second, you'll need to enter in the password to the device. This should be written on a sticker on the modem labeled "Device Access Code". It should be a 10 digit number. Type that in.

What these buttons do

Now, you have a few different options:

  1. Enable Telnet -- If you know what this is, you may be interested in it (It'll be on port 23)
  2. Disable Telnet -- Everything here will enable telnet. It shouldn't be terribly dangerous to turn on since it's password protected, but if you're paranoid about security, you can disable it afterwards
  3. Fix Redirect -- This is the infamous "Potential Connection Issue" or /cgi-bin/redirect.ha problem that hijacks other websites and is extremely annoying. Click this button and you'll never see that page again(note: you may have to restart your computer/browser if you are currently seeing it)
  4. Enable UPnP -- If you're a gamer, this option is useful to you. This enables Universal Plug And Play, which is a long way of saying that you can have an Open NAT type without having to do anything else
  5. Reboot -- Finally, you can restart the modem remotely if you're feeling lazy

Potential Problems

There are a few different issues that could happen with this. I'll try to point you in the right direction

  • I keep getting "login appears to have been unsuccessful" -- Make sure you're using the "device access code", not the "wireless network key". Also, make sure that when you go to http://192.168.1.254 in your browser that you get the AT&T modem page.
  • I get "no route to host" -- Make sure your devices's wifi is connected to your NVG510 access point
  • I get "operation timed out" -- You might have to try pushing that button once more
  • I get "connection refused" -- sometimes it takes a few seconds to enable telnet(which every other button relies on). Wait a few seconds and try again
  • Your application force closes! -- That's not good :( Send me an email at earlz -at- (this website name) or post below in the comments and I'll try and fix it

After Factory Reset

If you (or AT&T) does a factory reset of your modem, you will have to do this again. However, if your modem loses power and resets, you shouldn't have to run this again

It didn't work!

If you were seeing the "potential connection issue" page, and afterwards your browser gives an error like "server timed out" or "host not reachable", then you may actually not have internet. In that case, call AT&T and hope for the best :) This application will not solve issues with your phone line!

If it didn't do what you wanted, request a refund!

Where is a free version?

I know it's a bit tacky to charge for such a simple application, but I think it's justified in this case. I've spent plenty of time getting to know the NVG510 and helping other people with it, as well as preparing all of the information for publication here. So, I think it's fair. If you don't like it, I will always provide the slightly more technical version for free. See this blog post for details on how to do that.

What's next

I'm not sure. I want to add DNS server fixing, but I don't think I'll be able to fit it in. I'm using Xamarin Android Starter Edition. As such, I have limitations on how complex and big I can make my application. If you want to donate $300 for me to obtain a full license, I'd love you forever :)

Factory Reset

This will completely reset your modem as if AT&T just shipped it to you. It will undo all configuration settings

Bridge Mode

Check the other published info (stub)

Posted: 8/3/2013 8:06:41 PM

Introducing NetBounce

So, I've been working on a quick project called NetBounce. It's basically a nifty tool to test HTTP clients and dump the data they send somewhere, without actually running your own HTTP server. This also supports HTTPS, which means it supports clients which do not allow SSL certificate errors.

Anyway, my main points of making it was because, eventually I want to expand on it to include programmable responses and this is a very good start, and because it's a valuable tool for a project I work on at my job.... And because it's cool and I've always wanted a test project with HTTPS support

Posted: 6/30/2013 6:46:11 PM

My first program

This is the oldest code I can find which once did something.

https://gist.github.com/Earlz/5848045

It's quite amazing. I can remember some of my thoughts when I wrote it. I had this huge obsession with using as few resources as possible. I had a fairly good machine for the time (512Mb of memory), but was obsessed for no good reason. Windows Media Player 9 was my media player of choice, mainly because it came with Windows. However, I considered it very heavy in resources, so I set out to use my newly honed skills to write the best media player in the world.

I even remember a tiny amount of the implementation details. I remember the reason starty wasn't start. I originally didn't think it needed to show the menu's text... but then I realized I needed to show it as it scrolled off the screen. The rest of the labels (except for l) I'm 99% sure are complete gibberish. I'm quite amazed that the variable names actually make sense though, other than st. st I can only assume was shorthand for start which for some reason translated to command.

Believe it or not, I iterated onto this and tried to actually sell the thing! I had paypal buttons and everything on a website called simple-apps.

It's amazing how naive I once was..

Posted: 6/25/2013 2:30:25 AM

The great thing about mono and C#

So, it seems like a ton of programs I've been trying to use recently don't work with the latest version of their dependencies. For instance, Metasploit doesn't work with Ruby >= 2.0. I was using some other program that required Python 2.0 rather than 3. And we've all heard the horror stories about programs requiring specific versions of Java.

I never have this problem with C# though. In theory, it could happen.. but Microsoft really likes keeping things compatible, it's their business plan. And as an extension of that, Mono never seems to flat-out drop support for anything in their core software. I have never seen a program that requires a specific version of .Net or Mono.

This is awesome! The worst thing I have to do with Mono is compile it from git so that I get pre-release (good) support of portable class libraries. Now, let's break this down. Why exactly is it like this though?

  • C#/.Net uses compiled-to IL
    • This prevents that issue of deprecating or changing misleading language features. It's all IL after compilation, so it doesn't matter
  • There is a spec for .Net. In theory, if you abide by the ECMA spec, most things should work, logic-wise
  • It's easy to take my dependencies with me with .Net

Now let's step through why this isn't easy with Ruby/Python

  • The language is improving and getting better. This can cause old programs to break, but is unavoidable with scripting languages
  • There isn't a spec that the latest version will always implement. This is probably a good thing though
  • There is a huge emphasis on not taking your dependencies with you. This leads to breaking changes in gems and such breaking your program.

What about Java? Honestly, I have no idea why Java doesn't benefit more. In theory, they should be equally as capable as .Net.

Am I saying .Net is perfect? By all means, no. In fact, .Net has seen some breaking changes

  1. I've a JIT bug that only happens when using .Net 4.5's runtime, not .Net 2.0's
  2. In .Net 4.5, they changed marshaling to be more "strict", breaking at least one program I've seen (at my work)

And mono of course is (by design), not a complete copy of Microsoft's .Net. In fact, I've even seen a bug where .Net accepted a piece of IL, where Mono broke, due to Microsoft not being "strict" about the ECMA spec.

With all that being said though, this seems to be the major leg-up for compiled to bytecode languages. They'll probably work a very long time, despite the bytecode runner being updated.

This is also avoidable. I've seen some scripting language use a version number attribute, so that it can avoid this scenario. I'm sure there are other methods as well.

All I know is, I'm tired having python 2 and 3 installed on my system because not all my programs will run on just one or the other.

Posted: 6/3/2013 5:49:16 AM

Hacking the 2-Wire

So, I've been trying to find an exploit in the 2-wire modem I received. In my journeys, I found one guy who has already done a lot of work on it. His blog is here

Now, here is a quick summary:

  • It uses a TriMedia SoC with a proprietary instruction set
  • It uses some kind of *nix
  • It has an SSH server, but it ships disabled
  • It has an exposed JTAG connector, but it's very involved to try to get anything out of it.

He's ran arbitrary code on it, but he's failed at flashing it so that it uses it's standard firmware, but with sshd enabled.

So, I'm now refocusing my efforts on finding an external (black-box) exploit against the DNS and HTTP servers. I've been poking around the HTTP server, trying to find a simple command-injection type exploit, but even where it looks like it should work, it just doesn't. This seems quite hardened. The only significant thing I've forced it to do is to run out of memory (apparently the HTTP server doesn't have a maximum request size)

The DNS server, however, I've already found a bug with. It apparently doesn't clear the response memory properly... So, if I go to facebook.com and then I go to the DNS server and send an invalid commmand, it'll send back a garbled response with a mention to facebook.com. That's a pretty scary privacy flaw heh. It also has recursion disabled, so the DNS server seems quite weak, but I've never tried to exploit DNS

Happy hacking

Posted: 6/1/2013 8:42:45 PM

Command line SUMP logic analyzer client

So, I've been trying to poke around on this modem I received. One problem, I don't have an oscilloscope. I do however have an FPGA. And, FPGAs and be almost anything they wanted to be, so mine became a SUMP logic analyzer, thanks to the porting effort at gadget factory

Anyway, problem is the official Java client doesn't appear to work on Linux 3.x, or on 64-bit machines. I avoid having to do multilib (running 32bit programs on 64bit linux) like the plague, so I decided this will not do. On my quest I also found a half working python logic analyzer client. This one I got to work, but it's quite clunky and the code is GPL licensed. Where's the fun in that?

So, I wrote my own client, apparently in only a week. It's called monosump. It has zero external dependencies and as long as mono/.Net4 works, this client works. I've even tested it on the raspberry pi and it worked fine.

Here are the big features:

  • API-centric. The command line client is just a separate project consuming the easy to use API
  • Command line. Ever wanted to do some analysis with awk and friends? now you can
  • Plain text and JSON data output. Easy to consume.
  • BSD licensed. Have a commercial project in mind? Go ahead and use my code
  • Works everywhere there is a mono implementation(which is everywhere with the processing power to use this)
  • Simple (but limited) command line interface and powerful configuration file interface

Of course, this all being said. It sucks currently. I have a v1.0 release, but that's because I'm impatient. Next steps are getting analysis plugins, serial support at the command line, and maybe a simple web-app interface to take advantage of existing cross platform javascript libraries for graphing.

Posted: 5/29/2013 4:59:33 AM

Hacking Another Modem

So someone was nice enough to donate a 2-Wire 3801HGV to me. For what purpose? I don't have U-Verse! Why to root it of course! Apparently no one knows how to make a decent modem these days. So, my goals for this are to get as much info as possible, hopefully find a remote exploit like I did with the NVG510 and publish what's possible and what's not, as well as lay the groundwork for future hackers that probably know a lot more about this stuff than I do. My primary goal at this very second is to get a serial port working and get a root shell.

I'll publish more as I work through this

Posted: 5/21/2013 12:43:19 AM

Free Startup Idea: online yardsales

Go ahead and check out this page: Pittsburgh County Yard Sale

I'm not sure you'll be able to actually see the group without being in it or logged in on Facebook, so here is a summary:

yardsale

It's a group on Facebook with rules and you must be "accepted" to post to it. The moderator generally accepts anyone who asks though. There are over 10,000 people in this single group. This group targets a specific rural county in Oklahoma. According to the 2010 census, there are about 45,000 people in the county total. This means that roughly 1/4 of the county uses this group. ONE FOURTH of the county. That is HUGE!

How does it work? Basically, it's free-form. It has a few rules like "no business ads", but beyond that, it's just post stuff you want to buy or sell. So there are some posts with things like "selling Samsung Galaxy S $200 obo(or best offer)". Or there are people requesting to buy things "Looking for otter box defender camo for iPhone 4s".

People post these and then people who are interested comment. Usually it goes something like this:

  1. Bob: Looking to sell iPhone for $100
  2. Alice: I'll give $75. Call me at 555-1234
  3. Bob: Sold!

First thing you'll notice: Oh my god Facebook is horrible at managing such a thing!

Second thing you'll notice: How is this so freaking popular!?

Here's my analysis for why this Facebook group is so hugely popular(relatively):

  1. High signal to noise ratio (no spam, usually little pointless junk)
  2. It's easy. You're in Facebook and you can just click on it and click join group. Afterwards you have a simple topic sell stuff or offer to buy stuff.
  3. It's viral. All the time I see people posting stuff to this group, friends and otherwise.
  4. It's local. It's for southeastern Oklahoma in a rural county. You know there won't be anyone posting stuff you'll have to drive more than 30 miles for

Let's analyze this a bit more.

  1. The group is technically "closed" so that people can get kicked out. This moderation process weeds out the spam
  2. If you have a Facebook account, you can almost instantly join the group and sell or buy something
  3. There a huge amount of posts per day(you'll quickly lose where your post was after a few days). Facebook apparently has a loophole so that I end up seeing a good percentage of these
  4. Facebook is huge in that corner of Oklahoma. I didn't get a Twitter until moving to Cleveland, and I'm a programmer.

Why haven't other competing and arguably more suitable products win out? Frankly, there aren't any. The only semi good competitor is Craigslist. You can't post to Craigslist from within Facebook. Craigslist is (mostly) anonymous. On Facebook you can see the person's face your going to be meeting. This in itself instills a good amount of trust.

So, why shouldn't it just stay on Facebook's group thing?

  1. It's not possible to search the group AT ALL
  2. There is no way to monetize it for anyone other than Facebook
  3. Because it's so active it's extremely easy to "lose your post". This is when it gets to a point that you're scrolling several screens down but just can't find where your post is to check it's comments or comment on it
  4. There is no filter. If you're looking for electronics, the only thing you can do is skim through the feed manually

Free startup idea?

I've toyed with the idea of making a product to "fix" this and to let the idea easily expand to other counties (at first the plan was only Oklahoma). However, I can't stand developing against Facebook, because Facebook Integration is an absolute must. So, I give it to you, the community. If it sparks an idea and you go off to make a million dollars, awesome! (maybe you can send me a few thousand dollars as a gift :) )

Anyway, I wish this situation was better, but it's not. It sucks horribly. Hence this is why I'm putting the idea out there. Someone make the world suck less! Please!

Posted: 5/15/2013 4:35:45 AM

A preview of my next project

Not going to go into details just yet, but here is a teaser of what I've been working on recently

It's all HTML5/Canvas, including the way I actually created it (ie, I created it in a browser).

If you look at the code, notice it's in no way open source right now. It may be though at some later point.

Posted: 5/8/2013 7:15:28 AM

Marketplaces Enforce Master-of-None Mentality

Marketplaces are great. On my Android phone I have, at my fingertips, a huge amount of applications that just work. Marketplaces provide us with a sense of security. To uninstall the app, there is guaranteed to be exactly one thing you must do. To install an app, there is exactly one way to install it. It is self contained, there are no dependencies I have to install. Configuration is non-existent, if at all. Discovering how to launch your app is straight forward. It just works.

Let's contrast that with a typical Linux system. I use Arch Linux. So, when I go to install an application, I use pacman -S someapp. And I cross my fingers and pray that it works. Usually it does. Sometimes I have to manually download and install things that aren't in this blessed "marketplace" of sorts. It's never as seemless as "closed" markets though. A linux application can do anything. It could corrupt my system(if I give it sudo), it could trash my home directory, it could install spam that I could never figure out how to uninstall.

These are two sides of a coin. They are naturally at ends. There isn't really a good way of curing these problems with Linux. Most people would say they aren't problems, but rather design choices(myself included).

marketplace

Dependencies... how I miss thee

So, what's this all about? If you look on the Android Marketplace, iOS AppStore, or god forbid the Windows Store, you'll see a stark difference compared to Arch Linux's packages. And no, it's not the open source aspect.

If you want to search through a file in Linux, you'll probably use something like

cat somefile | grep 'something'

you'll use the cat utility to read the file in and pipe the contents to grep, where grep will search across the file for "something".

How do you do that on Android? Or Windows 8/RT?

Basically, you can't. At least, not in a good way. With Android, file managers is possible, and most of them include some basic searching capabilities, but you won't get the power of grep. You won't be able to do awesome shit like you can by combining the strengths of different applications.

If I wanted to write a file search utility for Android, I'd have to first build a sub-par file browser to navigate to the file, and then implement my actual search functionality.

Markets enforce master-of-none mentality

I once had a magnificent plan to port my scripting language to Android. How much work would that require?

  1. File browsing/saving/loading
  2. Text editor (syntax highlighting, searching, etc. More than just a text box)
  3. My programming language

And that's just the start. If I want to provide APIs in my language to search in files, I have to implement that. If I want network access, I have to provide that. There is no netcat, or grep that people could utilize instead of my sub-par APIs.

Why netcat doesn't exist in markets

If you wanted to implement a netcat utility in any marketplace, it'd be fairly pointless. The power of netcat comes from being able to pipe it to other places that the original authors never even dreamed of. What's that, you want to make a TCP/IP proxy?

nc -l -p 8080 | nc example.com 80

You want something that can encrypt a file and send it off somewhere?

openssl aes-256-cbc -salt -e < file-to-transfer | nc example.com 9999

How would you do this in a marketplace application? Sure, maybe you could cobble together some solution like finding a dedicated TCP proxy. And then finding a file encrypter and a TCP/IP program that can send files... but this requires that someone developed such an application beforehand.

You can't just create some general purpose utility. You must create some "multi" purpose utility where you came up with all of the interesting use cases you could and implement them. If you missed one, then there just isn't a solution to that problem. There is no way to combine your program and some other program to solve the problem. It's all or nothing.

It's not just markets

If you notice, desktop Windows does this to a certain extent as well. It's I/O redirection is downright terrible. (although I hear Powershell is nice) This is probably why you see all-in-one applications everywhere. Linux has a general "air" about it that encourages you to make things modular and enable the utilization of other tools where possible.

However, marketplaces is the only place where this is actually enforced. Windows 8 has extremely limited IPC functions. Oh, you gave me a (very limited) search API that works across every application, big whoop. Windows 8 especially enforces it. Did you know that you can't make a general purpose text editor in Windows 8? Impossible. There is no way to open every file with a single application. They enforce you to declare which file extensions you'll be allowed to edit (and no, * doesn't work).

Finally, the bugs

Have you ever encountered a bug in a walled-garden application? Of course you have. Would you say you encounter them more than on desktop application? Probably. Developers can't worry about only one thing because if they don't implement it, then their application can't do it. You get a feature request in your netcat-want-to-be for sending text on-demand instead of files. Now you have to implement some kind of text editor. Now some people want to be able to return an automated response that returns the current date and time. Yea, good luck with keeping up with the wishes of your users.

Developers can't just worry about the one thing they do good. They also have to worry about all the things people might want to combine to make your application more useful. This is why I believe that most market applications have more bugs than their counterparts in desktop operating systems.

For the picky

Yes, I know I probably have some false assumptions, but I'm not far off. I'm no pro in Android and such. It's probably possible to do some rudimentary IPC and maybe even some kind of dependency stuff... but it's not the norm, and I know it's probably not easy for you OR the end user.

Posted: 4/30/2013 4:22:51 AM