From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from full.lackof.org (full.lackof.org [204.13.164.203]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id C82A23B2A4 for ; Wed, 17 Aug 2022 19:39:09 -0400 (EDT) Received: from [172.16.1.4] (97-126-49-157.tukw.qwest.net [97.126.49.157]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by full.lackof.org (Postfix) with ESMTPSA id 4M7PcD6rZxzyl1 for ; Wed, 17 Aug 2022 23:39:08 +0000 (UTC) Message-ID: <8b055a59-3e55-991e-c4bb-cd526a663acd@lackof.org> Date: Wed, 17 Aug 2022 16:39:08 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 From: Matt Taggart To: cerowrt-devel@lists.bufferbloat.net References: Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Cerowrt-devel] binary blobs struck again X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2022 23:39:09 -0000 On 8/17/22 14:07, Dave Taht via Cerowrt-devel wrote: > lack of trust in turtles all the way own. > > https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/ More justification for your mass-router-trade-in-refurb program :) Seriously, there should be a press release. eCos seems to just be the embedded O/S in these router devices, so presumably if you had linux/openwrt/etc on these devices you wouldn't be affected? Realtek's former website http://www.realtek.com.tw/ doesn't resolve, but they seem to have realtek.com too. Here are a couple related product pages https://www.realtek.com/en/products/communications-network-ics/item/rtl8196e https://www.realtek.com/en/products/communications-network-ics/item/rtl8197f Here's a good wiki page https://wikidevi.wi-cat.ru/Realtek/SoC http://en.techinfodepot.shoutwiki.com/wiki/Realtek/SoC (same page?) Seems to be AKA Lexra and never really got full OpenWRT support https://openwrt.org/docs/techref/hardware/soc/soc.realtek most of the people attempting things seemed to be working on it back in the Barrier Breaker days and there hasn't been anything since then. So we can't just advocate people install openwrt on them. Probably all the devices are 4mb flash and 32mb ram or worse, so at this point should just be recycled anyway https://openwrt.org/supported_devices/432_warning Searching on the openwrt table of hardware I found a few popular devices that received hardware revs to use it and never got support: D-Link DIR-615 Revs J1, M1, T1 https://openwrt.org/toh/d-link/dir-615#unsupported_versions NETGEAR WNR612 Rev v3 https://openwrt.org/toh/netgear/wnr612v2 Maybe someone will write a worm that just bricks them... (NOT ADVOCATING FOR SUCH A THING, THAT WOULD BE ILLEGAL) rtl819x seems to be the general name of the SoC but it's really just rtl8196/rtl8197 and there are other devices with rtl819* names, mostly wireless https://wireless.wiki.kernel.org/en/users/drivers/rtl819x https://wiki.debian.org/rtl819x https://openwrt.org/docs/techref/driver.wlan/rtl819x Also common rtl81* things: * RTL8111/8168/8411 pci-e gigabit NICs (r8169 driver) * RTL8153 usb gigabit NIC (r8152 driver) Many of these realtek devices can load firmware binary blobs and those are found at https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git (see rt*) and are available on Debian in the non-free firmware-realtek package. If anyone finds exploits in those then we're _really_ in trouble... -- Matt Taggart matt@lackof.org