Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking the D-Link DPH-128MS VOIP Phone

Posted by Unknown on from the but-does-it-run-netbsd dept.

An anonymous reader writes "I've been working on reverse engineering the D-Link DPH-128MS VOIP phone. It's an end of life product for D-Link but a neat little desktop phone that runs Linux. I've figured out a way to exploit the tftp server running on it to get root access. I'm at the point now of trying to figure out how to update the phone with more files. Check out the writeups I have and the scripts on the link above."

26 comments

  1. Sweet by Nyder · · Score: 4, Insightful

    This belongs more on Hack a day, or somewhere, but nice job.

    --
    Be seeing you...
    1. Re:Sweet by Anonymous Coward · · Score: 3, Funny

      What is this crazy 'tech stuff' doing on this site?!

    2. Re:Sweet by Anonymous Coward · · Score: 0

      Came for the phone stuff, left disappointed there wasn't railing against Crapple iSheep becuase it doesn't have SD cards for storing pirated animes.

    3. Re:Sweet by pla · · Score: 4, Funny

      What is this crazy 'tech stuff' doing on this site?

      Meh, y'know... Slow day for lawsuits, politics, and Apple press releases. Gotta fill the front page with something.

    4. Re:Sweet by aaaaaaargh! · · Score: 3

      On the contrary, I'd like to see more stories like that. 'Cos the constant flow of recent iPhone and web-monkey stories on /. is definitely not news for nerds...

    5. Re:Sweet by Anonymous Coward · · Score: 0

      whoosh

    6. Re:Sweet by p0p0 · · Score: 1

      Parent is right in the fact that there are so many neat hacks out there that HackADay can cover more and is dedicated while /. has to pick and choose and be more broad in what they feature, otherwise everything else will just get drowned out.

  2. Mikko by jones_supa · · Score: 1

    When he runs strings against full.img and finds "/home/mikko/release_p125/kernel/linux-2.4.17_mvl21/include/linux/dcache.h", Mikko is a popular Finnish men's name. So possibly some Finn was involved in creation of the phone.

    1. Re:Mikko by pla · · Score: 1

      Ya think?

      Like, maybe Linus Torvalds, born December 28, 1969 in Helsinki, Finland? ;)

    2. Re:Mikko by mkkohls · · Score: 1

      Like, maybe Linus Torvalds, born December 28, 1969 in Helsinki, Finland? ;)

      So he changed his name to mikko just to make this phone. That's one dedicated Finn.

    3. Re:Mikko by Anonymous Coward · · Score: 0

      You memorized his date of birth, didn't you?

  3. what exactly does he want out of the phone? by wierd_w · · Score: 0

    I mean, there *is* pure enjoyment from digging into the inner workings of the beast, I'll grant that, but ultimarely, what is his major goal with hacking this voip phone?

    It surely doesn't have very much NVRAM, or other permanent storage, so using it as a cleverly disguised file server is out of the question... it probably has a purpose built SoC processor, so using it for some processor intensive function is a whimiscally silly idea...

    Short of unlocking it for use with arbitrary voip systems, or as a spybug for cubicle drones, I don't see the utility in hacking a voip phone... even as a passive network sniffer, the lack of large internal storage makes it less than useful.

    He might shred it apart to see if there is a gpio serial header that he could attach an sdcard to (bitbash mode), which would make it a little more interesting, since it does internet radio, so this would let it have an internal cache of mp3 files to play, as well as enable weak function for some of the other possible uses I mentioned..

    But really, this seems like a lot of work, over an end of life phone...

    1. Re:what exactly does he want out of the phone? by ThatsMyNick · · Score: 2

      Add new protocols (get it to support the Opus codec). Get it to record calls. There are lots of things you can do.

    2. Re:what exactly does he want out of the phone? by Anonymous Coward · · Score: 0

      Short of unlocking it for use with arbitrary voip systems

      Yep, that sounds like the obvious reason...

      He might shred it apart to see if there is a gpio serial header that he could attach an sdcard to (bitbash mode), which would make it a little more interesting, since it does internet radio, so this would let it have an internal cache of mp3 files to play, as well as enable weak function for some of the other possible uses I mentioned..

      Being an IP phone, and thus generally connected to a network, I imagine you could use a network filesystem. Not for the spy-gadget scenarios, of course, but frankly that's the least interesting application unless you can find a remote exploit to subvert an installed phone.

    3. Re:what exactly does he want out of the phone? by wierd_w · · Score: 1

      Recording calls requires either permanent storage, or sacrifice of a fair chunk of its very minimal ram compliment for a block device, unless you want to set it up to save calls to an SMB share or something.

      That's why I was asking.

    4. Re:what exactly does he want out of the phone? by ThatsMyNick · · Score: 1

      I would happy if I can occasionally record calls, even for a very short time.
       
      And you clearly are using you imagination if you dont see much purpose in hacking the device. One can set it up as an XMPP client (which can inturn be used for Google Chat/Talk), one can possibly set it up a skype client, one can add plenty of protocols that are not supported.

    5. Re:what exactly does he want out of the phone? by Anonymous Coward · · Score: 0

      Recording calls requires either permanent storage, or sacrifice of a fair chunk of its very minimal ram compliment for a block device, unless you want to set it up to save calls to an SMB share or something.

      If you're making a phone call with a voipphone, you've got a network connection, so exactly that. Although I'd say set up your own asterisk voip server and handle the call recording there, if the recording is all you want.

    6. Re:what exactly does he want out of the phone? by Anonymous Coward · · Score: 0

      I mean, there *is* pure enjoyment from digging into the inner workings of the beast, I'll grant that, but ultimarely, what is his major goal with hacking this voip phone?

      He could turn it into a robocaller :)

    7. Re:what exactly does he want out of the phone? by Dishevel · · Score: 1

      unless you can find a remote exploit to subvert an installed phone.

      Like, ummmm, I don't know .... tftp or something????

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
  4. use a redirect by Anonymous Coward · · Score: 0

    your code doesn't interpret anything as is so you should be able to echo >/tmp/foo '[CTRL+M]
    ';chmod 755 /tmp/foo;/tmp/foo

    if not it's quite possible busybox can open sockets or you can just tftp the binary

    1. Re:use a redirect by Anonymous Coward · · Score: 0

      you have to paste the BI-MIPS elf between after the CTRL+M and don't newline before the ending '

  5. Nice work by WinstonWolfIT · · Score: 1

    Usually breaking into a device comes with a simple "hi y'all, my l33t". An actual breakdown of getting in was a very refreshing read, even if the author wasn't quite "l33t"

  6. Put Asterisk on it.. by RightSaidFred99 · · Score: 1

    Then it can be its own VOIP server as well. Hawt.

  7. Modifying the filesystem by Anonymous Coward · · Score: 0

    It may be a less graceful approach than he's looking for, but a good soldering iron and a cheap Chinese EEPROM burner does wonders for all of my cable modems and hacked up NES games. The same approach would probably work here as well.

    1. Re:Modifying the filesystem by plover · · Score: 1

      He's trying for a "hack once, 'sploit everywhere" solution, which is a lot more valuable than a simple hardware mod.

      --
      John