Today I’m going to show you how to get shell on Netgear router WNDR3400 v1 https://www.netgear.com/support/product/wndr3400v1/
This article is for educational purposes only. I am not responsible for what you do with it.
To get a shell we need to find UART port in the circuit
So the first step unscrewed the case.
Disconnect the button.
So there is the electric circuit of the router.
For the UART we need only 3 pin:
- GND
- RX
- TX
The TX pin is the sender, and the RX pin is the receiver. Let’s find the JP1 pin on the mother board.
With a multimeter, let’s check the pin to find GND and TX. TX send information so when the router start TX should have a current of either 5V or 3.3V
There is now we can check if it’s really TX and GND pin with connecting to the computer. Let’s connect the UART adapter to USB and execute this command in the terminal.
I use minicom but all other tools work too.
sudo minicom -D /dev/ttyUSB0 -b 115200
And we get lots of information.
At the end, there is "Hit enter to continue..." so he waits for an input, but we don't find the RX port yet.
But first, let's solder the TX and GND pins.
Now we can search for the RX pin; it’s simple with TX we have the return so let’s try all port with a wire.
By pressing enter, I got a response on this pin.
Let’s solder the pin.
Now we have shell on the router; no login or password needed.
The shell is sh and the firmware of the router is on busybox.
Now it’s finished for me.
Have fun