Re: [Cerowrt-devel] binary blobs struck again

[Matt Taggart <matt@lackof.org>]

On 8/17/22 14:07, Dave Taht via Cerowrt-devel wrote:
> lack of trust in turtles all the way own.
> 
> https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/

More justification for your mass-router-trade-in-refurb program :)
Seriously, there should be a press release.

eCos seems to just be the embedded O/S in these router devices, so 
presumably if you had linux/openwrt/etc on these devices you wouldn't be 
affected?

Realtek's former website http://www.realtek.com.tw/ doesn't resolve, but 
they seem to have realtek.com too. Here are a couple related product pages

https://www.realtek.com/en/products/communications-network-ics/item/rtl8196e
https://www.realtek.com/en/products/communications-network-ics/item/rtl8197f

Here's a good wiki page
https://wikidevi.wi-cat.ru/Realtek/SoC
http://en.techinfodepot.shoutwiki.com/wiki/Realtek/SoC (same page?)

Seems to be AKA Lexra and never really got full OpenWRT support

https://openwrt.org/docs/techref/hardware/soc/soc.realtek

most of the people attempting things seemed to be working on it back in 
the Barrier Breaker days and there hasn't been anything since then.

So we can't just advocate people install openwrt on them.
Probably all the devices are 4mb flash and 32mb ram or worse, so at this 
point should just be recycled anyway

https://openwrt.org/supported_devices/432_warning

Searching on the openwrt table of hardware I found a few popular devices 
that received hardware revs to use it and never got support:

D-Link DIR-615 Revs J1, M1, T1
https://openwrt.org/toh/d-link/dir-615#unsupported_versions

NETGEAR WNR612 Rev v3
https://openwrt.org/toh/netgear/wnr612v2

Maybe someone will write a worm that just bricks them... (NOT ADVOCATING 
FOR SUCH A THING, THAT WOULD BE ILLEGAL)

rtl819x seems to be the general name of the SoC but it's really just 
rtl8196/rtl8197 and there are other devices with rtl819* names, mostly 
wireless

https://wireless.wiki.kernel.org/en/users/drivers/rtl819x
https://wiki.debian.org/rtl819x
https://openwrt.org/docs/techref/driver.wlan/rtl819x

Also common rtl81* things:

* RTL8111/8168/8411 pci-e gigabit NICs (r8169 driver)
* RTL8153 usb gigabit NIC (r8152 driver)

Many of these realtek devices can load firmware binary blobs and those 
are found at

https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git

(see rt*) and are available on Debian in the non-free firmware-realtek 
package. If anyone finds exploits in those then we're _really_ in trouble...

-- 
Matt Taggart
matt@lackof.org