Netgear Hides Router Backdoor Instead of Fixing It
A very recent firmware analysis from the reverse engineer Eloi Vanderbeken shows that NETGEAR didn't fix the backdoor on port 32764 but instead implemented a knocking feature that is now required to unlock the service.Summary from the slides: The knocking feature is initiated when a "packet type == 0x201" arrived at "ft_tool" that listens to the Ethernet packets. It only works with EtherType 0x8888 and the payload has to be "45d1bb339b07a6618b2114dbc0d7783e" which is the MD5-hash of the model number DGN1000. If such a packet arrives, the backdoor service /usr/bin/scfgmgr f- is launched.
Ars Technica reports :
The nature of the change, which leverages the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. "It's DELIBERATE," Vanderbecken asserted in his presentation.
(Cross posted on Soylentnews)
IMO the biggest omission is the lack of a roadmap or clear declaration of intent here. Is development even still ongoing? (assumably it is, but too invisible for my taste) When will we be able to contribute? What's the 10k+ users support plan? What further features are planned?
We know that there will be likely no merging between pipedot and SN, but what's the outlook? I understand if Bryan has other priorities (job, family, ...), and it's perfectly fine if things go slowly, but to me all of this seems to be hanging in limbo too much...
Apart from that, yeah, it's a technically excellent site, some details are still improvable (for example this response I'm typing right now, would be nice if it were inline/ajaxed like on Slashdot), but from a users perspective (potentially) superior to slashcode and it would be my first-go-to place if there were more submissions (I'll bring the comments).