Category: Security

Manipulate your wireless router using Python

Here below I just give a thread about how to manipulate your wireless router by refresh/read/delete logs. I think you could do more things than this. As the theory is the same.
This scipt can be used for monitoring who else is using the network doing what now if you find your WoW is lagged so much 🙂

There is a wireless router I connected is a NetGear WGR614v7. After accessing the adminstation page, we can find that it is a very simple web page. so we could use the common webpage crawling way to deal with it.

Actually the script I pasted below is a guide for how to deal with the Basic Authentication of HTTP and some use of lxml and re:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @author: Sean Wang, fclef.wordpress.com/about
# target router type: NetGear, WGR614v7
from __future__ import unicode_literals
import urllib2
import re
import lxml.html as lh

rooturl='http://192.168.1.1' # admin url of the router
username = 'admin'
password = 'password'

# create a urllib2 opener for basic authentication
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, rooturl, username, password)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)

#get self ip
devhandle= urllib2.urlopen(rooturl+'/DEV_device.htm')
devcontent=devhandle.read()
devdoc= lh.document_fromstring(devcontent)
devhandle.close()
devs=[i.text_content() for i in devdoc.xpath("//span")]
devs=zip(*[devs[i::4] for i in xrange(1,4)])
myips=[]
othernames={}
for i in devs[1:]:
    if 'fclef' in i[1].lower(): # fclef is my computer name
        myips.append(i[0])
    else:
        othernames[i[0]]=i[1]

#refresh log, a post method
urllib2.urlopen(rooturl+'/fwLog.cgi','log_detail=&action_Refresh=%CB%A2%D0%C2&email_on=0&log_refresh=1&log_send=0&log_clear=0')

#get log
pagehandle = urllib2.urlopen(rooturl+'/fwLog.cgi')
content=pagehandle.read()
pagehandle.close()
doc=lh.document_fromstring(content)
logs=doc.xpath("//textarea")[0].text_content()
ptn=re.compile('^\[(.+): (.+)\] Source: ([0-9\.]{11,15})')
for i in [i for i in logs.split('\r\n') if i]:
    loginfo=re.search(ptn,i).groups()
    if loginfo[2] not in myips:
        print '{0[2]}({1}) {0[0]} {0[1]}'.format(loginfo,othernames.get(loginfo[2]))

#clear log
urllib2.urlopen(rooturl+'/fwLog.cgi','log_detail=&action_Clear=%C7%E5%BF%D5%C8%D5%D6%BE&email_on=0&log_refresh=0&log_send=0&log_clear=1')

Remove CarrierIQ from rooted Android device

First of all, Thanks TrevE , the author of  Logging Test App. All I done in this article is just following what he did in his app.

These days, Carrier IQ brought an big earthquake in almost all popular mobile platforms including Android, iOS, Blackberry

How to check if your device is CIQed or not:

Update: just got in mind that no need to use PC side tools, just install and launchTerminal Emulator and run below commands one by one and check command output like adb method:

am start -n com.htc.android.iqagent/.test.MainActivity
am start -n com.carrieriq.iqagent.service/.ui.DebugSettings

( not requiring root, but android adb tool needed)

1. Make sure you have installed adb driver of your device; make sure you have got adb on your PC (download Android SDK and find it in platform-tools)
2. Execute following two commands:

</del>
<del>adb shell am start -n com.htc.android.iqagent/.test.MainActivity</del>
<del>adb shell am start -n com.carrieriq.iqagent.service/.ui.DebugSettings</del>
<del>




If both commands give you output like:


Error: Activity class {…} does not exist.


Congrats, your device has not been infected.


If no error output displayed, then you are infected. See below guides to remove


How to remove CarrierIQ:

( need root privilege in your device, root your device firstly and then install superuser app )


Caution: Do below at your own risk. I will not be responsible for any damage


1. If you are not familiar with shell commands, just use RootExplorer to do it instead:


    

  • click “Mount R/W” to remount a directory as read and write
    • 

  • Long press on an entry and select ‘Delete’ from the popup list to delete
    • 



2. commands below ( explanation starts with ‘#’)


#enter adb shell
adb shell
# got root privilege. make sure you have rooted your device and install Superuser.
#If you did not see a change from '$' to '#' after the command without any error, you do not root your device
su
#remount your /system with read&write privilege. every device got different arguments.
#Below is a Nexus S example, just an example, Nexus S does not include CIQ
#To get the correct argument, you could firstly use command 'mount' in the shell, then find the line contains '/system'

# e.g. I found "/dev/block/platform/s3c-sdhci.0/by-name/system /system ext4 ro,relatime,barrier=1,data=ordered 0 0"
#split them by white spaces. then see the command below, you will know how to remount your system

mount -o rw,remount -t ext4 /dev/block/platform/s3c-sdhci.0/by-name/system /system
# remove below files and folders
rm /system/bin/htcipcd
rm -r /app-cache/ciq/*
rm -r /app-cache/iqserver/*
rm -r /data/misc/agent_htc/*
rm -r /data/data/com.htc.android.iqagent/*
rm -r /data/data/com.htc.android.iqrd/*
#remount /system as Read Only again.
mount -o ro,remount -t ext4 /dev/block/platform/s3c-sdhci.0/by-name/system /system
#exit root
exit



That’s what I get from the application. Do not know if it works.

So plz tell me the check result after your did the remove part to see if the remove part works.