Category Archives: Guide

Netgear GS110TP Hidden CLI

This was a quick video, I just really wanted to show everyone what i had learned about the Netgear GS110TP and how you could get to the command-line interface (CLI) even though its an unadvertised or hidden feature. As I say in the video I stumbled upon the port while conducting a routine port scan of my network and wanted to learn more. I found a blog post that gave me all the info I needed to access the CLI so I decided to make this quick video to show the steps involved. Enjoy!

Creating a Ubuntu 20.04 Virtual Machine in Windows

This guide comes off the back of the Xiaomi OpenWrt Guide, a few people asked me to create a Windows version of that guide and I tried, I tried for about 4 hours to get the exploit to work on windows and when I finally managed to get it to work I had no idea how many steps would be needed to reproduce what I’d done, either way, it’s still a lot simpler to do on Linux (Ubuntu in this case). So I decided instead of dragging people through a 4-hour video that I’m not confident in, why not make a quick simple guide to setting up a VM (Virtual Machine) in Windows to give users all the advantages of Linux without having to deal with dual booting and the slightly more complicated side of Linux (By the way, all these things have got a lot easier in the last few years!)

I wrote the Guide for the latest LTS (Long term support) of Ubuntu 20.04, however, you could follow this guide for almost any Linux flavour (except Arch, but if you were using Arch you would have told us already!)

Sorry I can’t resist an Arch Meme

I use Virtual box in this example, works perfectly well for what most people need and best of all it’s free! All we need then is a Ubuntu image which is also free to download. A lot of different Linux flavours provide VM images that you can just import into Virtual Box, however, I looked quickly and couldn’t find one for Ubuntu, and even if I did I normally install for myself in the process outlined, that way you have all your own usernames and passwords out of the box, the main disadvantage is they sometimes come with additional software installed that allows for a little bit more compatibility, for instance being able to share a clipboard between Windows and Linux. To overcome this you simply need to click the Devices tab > Insert Guest Additions CD Image… > And follow the instructions to install the additional software.

If you find after the initial install and reboot you find yourself back in the Ubuntu installer you may need to remove the virtual disc by right-clicking the CD icon in the lower corner and deselecting Ubuntu.iso.

In most of our other guides, you will see us use the terminal, you can search for this using the boxes icon in the lower-left corner and then type “terminal” or a quicker way is to press Ctrl + Alt + T. Some other beginner tips, If you need to run a command as Administrator you start the command with sudo, (short for superuser do) you will need to type your password to do this and it catches a lot of people out but your password isn’t displayed when typed in the terminal (for obvious reasons!).

Some simple commands to get you started on linux are:

sudo apt update

sudo apt upgrade

These two commands will install the latest updates for your OS.

Although I’ve mentioned the terminal, most people could use Ubuntu without ever needing to open the terminal, my wife for instance has been using it for 10 years and never needed it once!

Installing OpenWrt on the Xiaomi 4A, 4C, 3Gv2, 4Q, miWifi 3C and debrick method

I bought the Xiaomi 4A router a while back because it’s quite cheap when considering the specifications of the router, it really is good value for money. Though the performance of the stock firmware was ok, I personally had a few concerns about how it runs, for instance checking my PiHole you could see the 4A polls home to a Xiaomi address every few seconds, in fact, it was one of the highest traffic devices on my network with this polling alone. Also, although having an App that I could change setting from anywhere is good but triggers my internal security worries, if I can access this and make changes anywhere so could someone else if hacked or leaked, I prefer something I can fully trust and fully configure… Enter OpenWrt, open-source firmware for any router that will take it.

I had originally ordered a CH341A to install OpenWrt but found that while waiting for it to be delivered another method had been found named “OpenWrtInvasion” a clever little exploit that works by uploading a backup file that can be tricked to be placed in any directory, with that it changes a speed test script with its own that removes the root password and starts a telnet server allowing us to login and upload our own firmware and flash it. OpenWrtInvasion doesn’t only work for the 4A, it also works for the 4C, 3Gv2, 4Q, miWifi 3C and no doubt other Xiaomi routers.

In the video, I run the exploit from a Ubuntu VM, personally I find Linux more stable for these of things but I will do a Win version eventually. It’s important to note the STOK code is generated for whatever machine is connected, so for me, if I was to login to the router with my windows PC (running the VM) take the code and try to run the exploit in the Ubuntu VM it wouldn’t work, I have to login via Ubuntu and have it generate its own code for this to work. I noticed this when people were SSH’ing to RPI’s remotely and failing to run the exploit, also if you reboot the router a new STOK will need to be generated.

Some firmware images are better than others, unfortunately at the time of writing the most current version of OpenWrt isn’t working but if you search the OpenWrt forum there are plenty of builds that are working well, currently, I’m using is version by byte that works perfectly as far as I can tell, some tweaking of the WiFi settings can be needed to make it as almost as good the stock firmware these are my current settings for both 2.4 and 5GHz:

As part of the guide we also added a quick and easy way to debrick the router, with testing of lots of new firmware images, comes the risk of bricking the router, thankfully its trivial (TFTP pun!) to repair the router. If the router is booted with the reset button pushed it starts in safe mode which looks for a firmware image named “test.bin”, if it finds it it will install it and overwrite any other firmware on the device, unfortunately, we can’t use this to install OpenWrt (because the header of the file is checked) but we can reinstall the stock firmware and then reattempt the OpenWrt install. We have made a download page for debrick tools that you can find here, it’s a preconfigured TFTP server and DHCP server and has the 4A Gigabyte firmware (and other routers) already in the file (named test.bin) if you are using one of the other routers supported by this method make sure you have the correct stock firmware image, other images can be found here (google translate is your friend!) and have put it in the folder and renamed it to test.bin before attempting to repair the router.

Assuming you’ve managed to install OpenWrt, It’s best to update it after a fresh install. To do so you can login via SSH:

ssh [email protected]

#Change the IP if you’ve changed it from the default

Now we need to get the latest infomation on our installed software:

opkg update

If you have any issues with the previous step ensure you have an internet connection and that it’s not being firewalled. Next, we issue the upgrade command to install the newer versions:

opkg upgrade

This may take a few minutes to complete, once done it’s not completely necessary but its good practice to reboot:

reboot

Your router is now up to date!

The opkg tool used above and be really useful, although you can achieve this in luci from the software tab, you can use opkg to install software as well, it’s very much like apt for ubuntu. To install a software package:

opkg install package-name

#Where package name is the name of the software you wish to install, don’t forget pressing tab can help to auto-complete the name if you don’t know the full name of the package.

Let me know how you get on in the comments here or on youtube!

Setting up DHCP to debrick the Xiaomi 4A router (OpenWrt)

I’ve left this guide here but it is outdated, for a much easier guide check out this video and debrick tools available here.

This guide shows how to quickly set up a DHCP server and TFTP server to allow us to upload the stock firmware to the Xiaomi 4A router and debrick it. I made the guide quickly due to a request on the OpenWrt forums, someone had asked how I had set up the server, essentially we use the DHCP and TFTP server found here and the 4A firmware found here to repair the 4A router.

This guide inspired our next video, a much larger how-to on the installation of OpenWrt and a much easier method for unbricking the router, you can find that here.

Installing OpenWrt on the HooToo TripMate HT-TM05 via TFTP

The HooToo Tripmate HT-TM05 is another great travel router, like the Ravpower but just without an SD slot. Once again we can use the TFTP method to upload the firmware as I have spoken about in detail here. The installation of OpenWrt is painless and adds a lot of functionality to the HooToo router. My favourite thing to do is have it set up to connect to my VPN then I know wherever I go I have a secure connection. You can also install a USB cellular stick for internet connection on the go!

In the video, I suggest the version from the OpenWrt official page, but in fact, newer versions such as the gl-mt300n found here have been confirmed to work too so keep that in mind. With any version of OpenWrt, it’s best to update it after a fresh install. To do so you can login via SSH:

ssh [email protected]

#Change the IP if you’ve changed it from the default

Now we need to get the latest infomation on our installed software:

opkg update

If you have any issues with the previous step ensure you have an internet connection and that it’s not being firewalled. Next, we issue the upgrade command to install the newer versions:

opkg upgrade

This may take a few minutes to complete, once done it’s not completely necessary but its good practice to reboot:

reboot

Your router is now up to date!

The opkg tool used above and be really useful, although you can achieve this in luci from the software tab, you can use opkg to install software as well, it’s very much like apt for ubuntu. To install a software package:

opkg install package-name

#Where package name is the name of the software you wish to install, don’t forget pressing tab can help to auto-complete the name if you don’t know the full name of the package.

Installing RTX Voice on a Non-RTX GPU

RTX Voice is an amazing piece of software that I’ve been regularly using on some of my newer videos, it cleverly removes all those background noises you don’t want to hear like computer fans and keyboard and mouse clicks. By design, it’s only supposed to work on the latest Nvidia graphics cards but people soon figured out this was purely a installer limitation no that the software couldn’t run on older hardware, in fact it runs really well, even on GPU’s that are a few generations old, like my own GTX970!

In this video we show you how to install V0.5.12.6 of RTX Voice and modify it not to check your GPU to see if its “compatible”, the result is we can install and use the software!

TFTP setup and install OpenWrt on RAVPower FileHub RP-WD03 Portable Router

The RavPower RP-WD03 is a fantastic little device incorporating a Wireless AP, File server, SD, USB charger and even has an ethernet port! But for me it could be so much more, to unlock its full potential we look to OpenWrt. OpenWrt is an open-source firmware designed for just about any router that will accept it and there are ofton different methods for installing OpenWrt to routers, some can be very invasive but this video is about the TFTP method which is very easy to do.

TFTP stands for Trivial File Transfer Protocol, and sending our firmware file to this little router shall be trivial, by default our router has an inbuilt repair system, no matter what happens (within reason) if you boot the router and hold the reset pin it will always look for a TFTP server and then download a file called “kernel” if it finds this file it will always install it over its system.

This safety feature is designed to be used with the stock firmware to repair it if has become corrupted or any other fault but we use this to our advantage! Instead of the “kernel” file being stock we use the OpenWrt firmware image and rename it, when the RavPower boots it downloads and installs the firmware like its own! Viola a perfect running OpenWrt router!

The disadvantage to OpenWrt on the RavPower RP-WD03 is the memory onboard, with the firmware installed we are left with very little space for any extra software. However, we can overcome this quite easily with an SD card. With an SD installed we can mount it and use it as our main flash, we are planning to make a video in the future on how to do this so make sure you subscribe and leave us a comment if you’re interested!