Hi rizvanrp,

I don't know why are you keep on exposing this hack or whatever "hole" to the public.
If you know there's a "hole", can't you just post to the public saying that please close this and that so that no one won't be able to hack/get into the router? From what I can see is you're teaching people in the public step by step on how to hack other people's unifi router. Do you think every Unifi subscriber will read your post/guide on how to secure their router? Even since Streamyx era many people dont know that other people can get into thier modem/router given by TM.

If you're trying to help others, please post on what to do, not what they shouldn't do.
Even if one of the reader don't bother about this before reading your post, I'm pretty sure most of them will start doing what you've posted here on other people's router.

He got a thread regarding the issue. Try bumping the old thread.

EDIT:

Dear rexio,

You know what.. I posted a long ass reply but I decided to remove it. This is probably going to be the last post from me for a while. I've been here from v1 and like others who already have their network setup nicely (radius, moogle, etc.), there's no real need to post here anymore. There's nothing for me to gain or lose and that was always the case. I've spent countless hours working on this in my free time, never got anything except personal satisfaction out of it and I honestly do not care what people think about me. If you can read and utilize my unifi.athena.my guides to secure your network then turn on me when I talk about the reason those guides exist, there's nothing I can say that will convince you that I mean no harm.

So cya.

This post has been edited by rizvanrp: Oct 22 2010, 09:09 PM

wow expensive somemore most of the channels not HD
hahahaha, joke la iptv..total fail

Dear rizvanrp,

I'm doing this because it's not a new security problem. It's been around since April and TM has not done anything about it except blindly trust their own firmware. It's like having a huge, well known Windows RPC exploit and Microsoft not doing anything for half a year. When it came out in the newspapers, what did TM do? They said they would 'fix' it. All they ended up doing was changing the password to something more complex, ignoring the possibility that their firmware itself could be vulnerable to attacks. If they had only listened and practiced some basic security measures, we would not have any of these problems. If they had been open about how their system works from the beginning and not try to lock us down into their shitty hardware, this Unifi thread would be about 2 maybe 3 topics long with only people talking about service coverage. I would not even have to run a website on how to basically break into the hardware you own because your ISP has decided to lock you out.

I'm fully agree with the bolded sentence.


We're talking about Malaysia's next generation, billion ringgit broadband network here and it's plagued by the most basic security problems. There's a huge difference between TMs stock Streamyx routers with their 512kbps uplinks and a Linux router which manages 10-40x that amount of bandwidth. I'm not even getting started on the security of their BTUs.. but imagine a single user being able to take out our IPTV, VOIP and Internet infrastructure with a single click in the future because your ISP decided not to change the default password.

Do you think that other ISP in other countries didn't do the same thing for the modem/router password?
What are you expecting? Expecting each of thier internet service installer/technician to have the same attitude(think about customer's security?) and change the password for each of the customer? From what I can see in this forum, most of the subscriber prefer the technician/installer to install the unifi as soon as possible, do you think the technician/installer even bother to help you change the username/password for each of the unifi's subscriver's house, it'll take longer time isn't it? Please do a simple google about other country's ISP(for consumer) default username/password for thier modem/router before you start bashing TM about this.

I'm fully agree with you regarding the ssh, but without the ssh, I still be able to turn on/off/reset your modem/router with just the username/password right?



I didn't give ANYONE a step by step guide on how to break into the router remotely. Infact, a LYN user was the one who cracked the newer 7.05b firmware operator password before me because he had the software to decompress the config.bin files and full access to a physical 7.05b unit. A person with basic computing skills would be able to piece things together and realize that if :

1) You have a method to grab a config.bin without authentication
2) You have a method to decode said config.bin

.. there's obviously a major security exploit here. And can you imagine, they want companies to associate this piece of junk with their identity? That's batshit insane.

Please check you previous PM message box, is the "LYN user" refers to me? If its not me, I'm wondering how come on the same day I PMed you about 7.05B firmware's operator password, then suddenly you post it to the public about 7.05B's password?
Did you give any credit to anyone that've helped you on this?

I'm saying this because I felt a bit pissed off when I saw your post without crediting anybody like you're the one who "SUCCESSFULLY" cracked the password without crediting anybody. I've found Router Pass View software with a simple google before I PM you that I've successfully cracked 7.05B password.

Do you think that a good company won't have thier own hardware firewall? Please ask around which big company don't have thier own firewall. Only "junk" company don't have thier own firewall and fully rely on TM's hardware for thier P&C company's documents and informations.



What you quoted was written as a joke by me and isn't in any way a technical guide on how to pull off the attack. The people who have the knowledge and intention to do these things would have done it back in April when this exploit was out. I was actually contacted by some of them and told not to release the information because they wanted to use it to harvest information once the network was more mature. I made a difficult decision to notify everyone that TMs hardware implementation was flawed.

Joke? How about Streamyx? Don't you think you're actually encouraging people to become "people who have the knowledge and intention to do these" when you post about the exploit(download config file, crack using Router Pass view?) to the public? How about improving your guide, no need to download the config file and just go to the router's WAN setup page and click "View Source" on your IE/Firefox menu? Isn't that easier? Ah! Seems like you've found a better solution to crack other people's password and successfully posted it here!


I could release a guide on how to uncap your line, watch IPTV channels you're not subscribed to, break into BTUs, etc. but I haven't. I've only hinted that this is possible and I'm expecting TM to fix this shit on their own. I cannot however, ignore such a stupid decision on TMs part to open up your router to the entire web while forcing you to use it.

If I'm not wrong its a common practice by most of ISP out there, don't talk about enterprise package(for sure the service is excellent, but how much did they need to pay?) by other ISP.


So do you think its better I keep quiet about all the exploits I find, wait till the Unifi user base grows to 6 digits+ and let every individual and corporation be raped in single click.. or force TM to stop pulling these kind of stunts while we're at the 15,000 user mark? Your decision.


http://forum.lowyat.net/index.php?showtopic=1439287&hl=


Even linux noob know's about "wget" command right?

No, I'm not asking you to keep quiet about this, please read my previous post about "If you're trying to help others, please post on what to do, not what they shouldn't do.".

Don't you think that you're actually promoting more problem and complains to this thread and forum by posting the guide/tutorial/how-to/how hacker hack your unifi router to the public? Let's say I'm a layman/non-technical person, after reading your post, I'll be like "Wah! Can hack other people's router lah! There, just follow what he said/google a bit what's the step to do port scan or just tembak any unifi IP range on port 80.!" Then after he get the username/password, if he's on VIP5, don't you think he'll try to find a VIP20's username/password, disconnect other people's connection and try thier luck on the username/password that they get? After that, the poor subscriber(the one who've been hacked) will call and complain to TM, complain here, TM sux suddenly disconnect but cannot connect back(because only 1 session is allowed at a time for 1 username, unless TM reset the session).

This exploit, I mean default modem's or router's login/password has been like this since long time ago, since Streamyx era.

Think wisely bro.

Cheers

---

Added on October 22, 2010, 9:54 pmWhy did you delete/fully edit the original post?

Cya.

This post has been edited by rexio: Oct 22 2010, 09:54 PM

WTF, why my IPTV, UniFi home line and internet is not working??

I can't even receive or call people with the damn shit home line!

Network unreachable what that's mean? This error show on my IPTV.

AND

My computer show up the the message when i dianogstic the network problem ' LAN and something line is broken ' something like that!!

All the things related to UniFi can't use! Anyone have the same problem with me? Or anyone knows the solution? Sorry for my bad English~

Ahh rivzanrp, some people will never appreciate what you've done for this community, and your noble intentions... I support your endaevours 100% man, you should know most of us in the forum do too... with your hub and other goodies that you've brought for us out of the kindness of your own heart....

They'd rather we all be kept in blissful ignorance and not no anything we ought to know...

Heck, i don't even have Unifi and i learnt loads by going to your athena site...

Bunch of ungrateful #^$%^$^%$

rizvanrp...dude...dont leave...i need ya...

Dear rexio,

Dude, just wtf is your problem? Are you from TM? rizvanrp has done more for the community than it deserves. How can you blame rizvanrp over TM's mistakes or other people's criminal behavior? Is he somehow suddenly responsible for the actions of blackhats and skiddies, or are you just pissed that he didn't credit you? Did you even stop to consider that you might not be the only one to find it out and PM him? Or perhaps he was protecting you (or whoever that LYN user was) from TM's evil eye?

Get a brain bro.

Cheers.

Riz, just dont need to bother about that guy and keep on contribute and helping us... Thanks

this topic really gave me information about unifi before I decided to apply it.

shut the f*** up rexio..
if u like it, u stay and read,
if not, just f*** off silently

Rexio,

I deleted the post because I wanted to avoid a flame war with you.

No, other ISPs give you a router with a single admin account and allow you to change the password at any given time. They do not create a secondary admin account on the router and lock you out of it. They also do not force you to enable remote management from the WAN side or supply you with routers where the firmware itself is not secure. And finally, they do not push PPPoE traffic over a bloody tagged VLAN to basically narrow down your hardware choices to their own custom router.

I'm sorry about this. I actually totally forgot it was you who PMed me about it because I get tons of PMs per day about Unifi. That's right everybody, rexio was the first to crack the password. He used RouterPassView. That's right guys, he dragged his config.bin into the program and it told him the operator password.

He has mad skills. I could not possibly beat him, even if I disassembled RouterPassView in ollydbg and reverse engineered the decompression routine.



Nope, rexio is best rexio and deserves all the credit.

You want to know another reason I didn't credit you? It's because I didn't get the bloody password from you. I sent you a second PM 20 minutes before you replied to me and told you NEVERMIND BECAUSE I ALREADY FOUND IT MYSELF. You had a 7.05b sitting in front of your lap, I had to port scan the bloody network, ID a firmware 7.05b unit, extract the config.bin and figure out how to decompress it.



I was kind enough to say thank you even though you did not even send me a reply or do anything except inhale oxygen.





You want to know the biggest joke of all rexio?

You're bloody spoonfed. Every single technical thing you knew about the service when you applied for Unifi was because of the effort I put in since March. You come in here, you ask me why I didn't credit you for shit (I honestly forgot it was you), you talk big about Google-ing a bloody program. You tell me not to write guides that assist people in breaking into routers and counter me by saying default combo's are well known since Streamyx days. It's standard for exploit disclosure that you describe why the exploit occurs and provide a proof of concept.

Everyone has been able to break into Unifi routers since I wrote the guide on how to secure it. If you secured your router using my guide, you would know that other router are still accessible using the 'telekom' password so what the f**k do you want from me really?

And you're asking me.. which company doesn't have a firewall? I've done over 10 Unifibiz 10/20mbps installs, how many have you done rexio? What knowledge do you have regarding corporate firewall integration with Unifi from a previous system?

You want credit? Where's my credit for letting you know about the existence of a secondary account in the first place?

Please read what I've posted before you start bashing me dude.
I'm just saying the fact. Don't you even use your brain and bother reading what I'm trying to say before you start saying bad words towards me?
I'm not bashing him, I'm just saying from the fact/truth. Read and understand it.


Dear rizvanrp,

If I'm wrong about the bloody password, then fine. I think its better if I just become a reader and don't bother sharing/posting anything with the community/try to voice out what's my own opinion on what other people thought/said.

Then fine, sorry guys, enjoy your unifi.

Cheers

This post has been edited by rexio: Oct 23 2010, 12:42 AM

Rexio, you obviously cannot use your own brain. You want me to write guides to help people secure their router. I tell them the operator password is 'telekom' or whatever, to log in and untick this and that. You honestly think that the 'bad guys' wont use the same login on other peoples routers? You tell me about Linux noobs.. this is like logic failure if they can't make that connection.

I was angry at you because you want me to practice security through obscurity. Keeping quiet == keeping it safe. That's bloody stupid and is basically what TM is doing. And now I'm just plain pissed because you're demanding credit for something you didn't do. Something you could not have done without my help in the first place. Seriously la, use your head.

Ya bro, you're the only one that knows about networking.
Other people don't and they really need you and only you can help them.
Thanks for every effort that you've put for all unifi users.

I'm sorry to cause so much trouble in this thread and I wont be posting anymore. Thanks and sorry.

typical sore loser

There are many people on this forum who are more knowledgeable than me + I respect. If you scroll back a few threads I had an interesting discussion with someone regarding Unifi VDSL latency vs Unifi FTTH, he's one of them That's why I like coming to LYN forums because you have knowledgeable people in almost every field.

I've said it from day one, I'm just here to help people. I pay the server rent for the Unifi dc++ hub so that we have a local p2p network to fall back onto in the event there's some international b/w cap, I write the guides to assist people in getting the best out of the service. I earn RM0/mth from all this and I don't expect people to pay me anyway. I'm a uni student and all of this comes from my allowance and free time.

However, what I cannot stand are assholes. I understand that I've talked about this exploit a lot and my purpose is merely to educate new Unifi users about it so they don't fall prey to other assholes on the Internet. You suddenly decided to confront me like a jerk and accuse me of doing a lot of things, so I treated you likewise. I've never once bragged about what I've accomplished because it's just part of the learning process for me.. but you were just asking for it tonight.

Moral of the story? Don't be a d*ck.

This post has been edited by rizvanrp: Oct 23 2010, 01:02 AM

rizvanrp keep up the good work.

Wow .....


I haven't really been posting in this thread much since i have little to no complaints regarding my internet performance.

Sure the cap thing is uncertain, but i will probably only complain once it's enforced. Until then i am quite satisfied.

Anyway i am saddened why people would try and find fault with Rizzy after all his contributions given.

I can understand why some people may think that exposing weaknesses for tmnuts internet practices may not be a good idea. However i feel it greatly outweighs any bad, because it forces tmnut to act and fix up their problems. Knowing and acting on problems rather than remain in ignorance is my philosophy.

I feel it is a shame that Rizzy has to be driven away by people who feel it is more important to satisfy their own egos by trolling rather than be thankful to all the help Rizzy has done for the lowyat community. If it weren't for Rizzy, most of us would be stuck using the shitty DIR-615 router which sucks for torrenting.



To be frank, i am not too clear what the full story is, but looks to me as if rexio you have been taking shots at Rizzy himself and made him feel unwelcomed. I strongly suggest you put your ego aside and have a chat with Rizzy to make up. He is a good guy if you have a chat with him.

We aren't saying you aren't allowed to give your opinions, however you should avoid taking shots at Rizzy, unless you want to be an outcast here on lowyat. You won't win this cause Rizzy is a well respected member of this community. So make your peace now with him , or it's your funeral, just a piece of friendly advise.

I don't enjoy ganging up on anyone on the forum, so i won't, but this won't stop others if you persist in flaming rizzy.


Thats my 5 cents worth.

This post has been edited by Moogle Stiltzkin: Oct 23 2010, 02:39 AM

Hi all,

Just got unifi installed few days ago. My house is in a mess, so many wires.

I am thinking of Aztech homeplug solution. I see a few models. The cheapest is Aztech Homeplug Lan 106E (85mbps). Will this work? Is there going to be difference to the 200mbps model?

My condo is a single phase powerline.

Thanks... thinking of stopping by digital mall later.

Either a homeplug or an extended LAN cable...