Default Huawei e5776s-32 Custom firmware

Hi,

I am going to add notes relating to investigations into the possibility of customising the firmware on this MiFi device.

Observations:

As seen elsewhere there is a link to some firmware on the German Huawei site. By running the installer and then inspecting the contents of the temp dir (I did this under wine) one finds .wine/drive_c/users/dan/Temp/<random name>

Within a sub-folder in there is a 60ish Meg .exe named UpdateWizard.exe, within this lots if strings relating to the flashed firmware can be seen, including the html for the web admin page etc.

Both the firmware and nmap will show the kernel 2.6.35, and the firmware reveals its an android build, running on ARM.

So, any good company should be honouring the GPL, a quick search "huawei gpl source", sure enough turns up a link, though this forum wont let me post it


From here a .rar of the kernel drivers, (though wifi seems omitted ?), wpa_supplicant source etc. can be found.

As yet I am still looking for an easy "way in" to the device, it would be convenient if dropbear/telnetd could be launched if loaded onto an inserted microSD. Some exploit or hidden functions in the webserver binary would seem like an obvious place to start.

What does this AT command do?

AT^SDLOAD - looks like it may load factory defaults.

busybox was built with telnetd, it just needs starting somehow.