Cov kws tshawb fawb txog kev ruaj ntseg los ntawm Lyrebirds cov ntaub ntawv hais txog () hauv cable modems raws li Broadcom chips, tso cai rau kev tswj hwm tag nrho ntawm lub cuab yeej. Raws li cov kws tshawb fawb, kwv yees li 200 lab cov khoom siv hauv Tebchaws Europe, siv los ntawm cov neeg siv xov tooj sib txawv, raug cuam tshuam los ntawm qhov teeb meem. Npaj los xyuas koj lub modem , uas ntsuas kev ua haujlwm ntawm kev pabcuam teeb meem, nrog rau cov neeg ua haujlwm txhawm rau ua qhov kev tawm tsam thaum nplooj ntawv tsim tshwj xeeb tau qhib rau hauv tus neeg siv lub browser.
Qhov teeb meem yog tshwm sim los ntawm qhov tsis txaus nyob rau hauv ib qho kev pabcuam uas muab kev nkag mus rau spectrum analyzer cov ntaub ntawv, uas tso cai rau cov neeg ua haujlwm kuaj xyuas cov teeb meem thiab coj mus rau hauv tus lej ntawm kev cuam tshuam ntawm kev sib txuas cable. Cov kev pabcuam ua haujlwm thov ntawm jsonrpc thiab lees txais kev sib txuas nkaus xwb ntawm lub network sab hauv. Kev siv qhov tsis zoo ntawm qhov kev pabcuam tau ua tau vim yog ob yam - kev pabcuam tsis muaj kev tiv thaiv los ntawm kev siv thev naus laus zis ""vim yog siv tsis raug ntawm WebSocket thiab feem ntau muab kev nkag mus raws li tus password uas tau hais ua ntej engineering, feem ntau rau txhua yam khoom siv ntawm cov qauv series (cov spectrum analyzer yog ib qho kev pabcuam cais ntawm nws tus kheej lub network chaw nres nkoj (feem ntau 8080 lossis 6080) nrog nws tus kheej. engineering nkag password, uas tsis sib tshooj nrog tus password los ntawm tus thawj tswj lub vev xaib interface).
Cov txheej txheem "DNS rebinding" tso cai, thaum tus neeg siv qhib ib nplooj ntawv hauv qhov browser, tsim kom muaj WebSocket kev sib txuas nrog kev pabcuam hauv lub network ntawm lub network sab hauv uas tsis tuaj yeem nkag mus ncaj qha los ntawm Is Taws Nem. Txhawm rau hla kev tiv thaiv browser tawm tsam tawm ntawm thaj chaw tam sim no () kev hloov pauv ntawm lub npe tswv hauv DNS yog siv - tus neeg tawm tsam 'DNS server tau teeb tsa kom xa ob tus IP chaw nyob ib los ntawm ib qho: thawj qhov kev thov raug xa mus rau tus IP tiag tiag ntawm lub server nrog nplooj ntawv, thiab tom qab ntawd qhov chaw nyob sab hauv ntawm cov cuab yeej rov qab (piv txwv li, 192.168.10.1). Lub sijhawm nyob (TTL) rau thawj cov lus teb yog teem rau tus nqi tsawg kawg nkaus, yog li thaum qhib nplooj ntawv, tus browser txiav txim siab tus IP tiag tiag ntawm tus neeg tua neeg lub server thiab thauj cov ntsiab lus ntawm nplooj ntawv. Nplooj ntawv sau JavaScript code uas tos kom TTL tas sij hawm thiab xa daim ntawv thov thib ob, uas tam sim no txheeb xyuas tus tswv tsev li 192.168.10.1, uas tso cai rau JavaScript nkag mus rau cov kev pabcuam hauv lub network hauv zos, hla kev txwv kev hla tebchaws.
Thaum muaj peev xwm xa daim ntawv thov mus rau modem, tus neeg tawm tsam tuaj yeem siv qhov tsis txaus nyob rau hauv spectrum analyzer handler, uas tso cai rau cov cai ua tiav nrog cov cai hauv paus ntawm qib firmware. Tom qab qhov no, tus neeg tawm tsam tau txais kev tswj hwm tag nrho ntawm lub cuab yeej, tso cai rau nws hloov txhua qhov chaw (piv txwv li, hloov DNS cov lus teb ntawm DNS redirection rau nws lub server), lov tes taw firmware hloov tshiab, hloov lub firmware, redirect tsheb, lossis wedge rau hauv kev sib txuas network ( MiTM).
Qhov tsis zoo yog tam sim no nyob rau hauv tus qauv Broadcom processor, uas yog siv nyob rau hauv lub firmware ntawm cable modems los ntawm ntau manufacturers. Thaum parsing thov nyob rau hauv JSON hom ntawm WebSocket, vim yog cov ntaub ntawv tsis raug cai, tus Tsov tus tw ntawm cov tsis tau teev nyob rau hauv daim ntawv thov tuaj yeem sau mus rau thaj tsam sab nraud ntawm qhov tsis sib faib thiab sau ib feem ntawm pawg, suav nrog qhov chaw nyob xa rov qab thiab khaws cov nqi sau npe.
Tam sim no, qhov tsis zoo tau lees paub hauv cov khoom siv hauv qab no uas muaj rau kev kawm thaum lub sijhawm tshawb fawb:
- Sagemcom F@st 3890, 3686;
- NETGEAR CG3700EMR, C6250EMR, CM1000;
- Technicolor TC7230, TC4400;
- COMPAL 7284E, 7486E;
- Surfboard SB 8200.
Tau qhov twg los: opennet.ru
