Welcome to TIL

The Problem I spent an embarrassingly long time trying to connect my Samsung washer to SmartThings. The device would attempt to connect, fail, and present nothing but a generic error message. No helpful diagnostics, no specific error codes - just the digital equivalent of a shrug. After checking WiFi credentials, network connectivity, and even resetting the washer multiple times, I was ready to blame Samsung’s IoT implementation. Turns out, the problem was much closer to home. ...

Introduction After exploiting the D-Link DIR-868L and gathering hardware information via root shell, I wanted to analyze the firmware offline. This would let me search for vulnerabilities, understand the system architecture, and prepare for OpenWrt installation without relying on the live device. D-Link uses a proprietary firmware format called SEAMA (SEAttle iMAge) to package their firmware. Understanding this format is crucial for firmware analysis, modification, and reverse engineering. The Firmware Binary First, I downloaded the official firmware from D-Link’s website: ...

Introduction After exploiting the CVE-2018-19988 vulnerability on my D-Link DIR-868L and gaining root shell access via telnet, I wanted to gather detailed hardware information to prepare for OpenWrt installation. With root access, I could explore the entire system, read kernel logs, dump configuration, and map out the hardware. This reconnaissance phase is critical before attempting any firmware modifications - you need to know exactly what hardware you’re dealing with. Access Method Using the telnet backdoor from the exploit: ...

Introduction I’m working on porting OpenWrt to my old D-Link DIR-868L Rev B router. Before diving into the OpenWrt build process, I wanted to understand the device better by analyzing its firmware and security posture. What I discovered was both fascinating and concerning - this router is critically vulnerable to a well-known command injection exploit. ⚠️ Disclaimer: This research was conducted on my own device for educational purposes and as part of preparing for OpenWrt installation. All security testing shown here was authorized. Never test vulnerabilities on devices you don’t own. ...