It seems that the HH3.0 B is quite a secure router then in comparison to typical routers such as netgear, which boosts my confidence on using the HH3.0 B
Agreed. Though it does carry on quite a bit of business with the mothership, the details of which aren't visible to the user.
I do however wish to add another task to the process.
Is it possible to get into the Router in order to add a blocklist for example if i wanted to block Chinese IP addresses at the router, - I will check to see if this is possible at the modem, but basically to have this feature on a router i feel is essential. and my FTP servers been getting a lot of attention lately from Chinese IP's.
That shouldn't be a problem, once we have interactive shell access (as root). However, one of my minor successes (which I was initially very excited about) is that I have been able to decrypt and re-encrypt/re-sign the device's configuration backup file. I can make changes to the configuration and upload the modified backup file via the web interface's configuration restore facility. Unfortunately, as far as I can tell, there aren't any settings that can be modified in the backup file that aren't already exposed via the web interface. :-( I was hoping there would be hidden settings that could be tweaked. Sadly, I don't see any way to block IPs or IP ranges by modifying and uploading the config file or through the web interface.
You can see for yourself by running strings on the configuration management library, and grepping for "BackupFile":
strings bthh3.0b-rootfs/lib/libcfmapi.so | grep BackupFile
This reveals the XML tags in the encrypted backup file that get transformed to and from the device's running XML configuration.
I do have some of the device's code running in QEMU and am debugging it in IDA Pro's debugger. Hopefully this analysis will expose additional attack vectors.
I'll keep you posted as I know more.
Cheers.
