Superbox Hacks V2 - Rewrite and finalize

November 14, 2020

This is the second and final version of the learn-while-hacking styled review for my router. I thought there would be more of it in the beginning but pricing policy of my ISP and existing reverse engineering attempts on similar hardware made it less interesting for me to tinker with it further. And it will be less interesting and shorter compared to the first version.

It’s been a while and I do not even remember why did I choose shell scripting in the first place. So I decided to prefer something more powerful and easier to use. Both of these are subjective, of course. My previous attempts to web scrap some easy-to-parse services before, using Requests and BeautifulSoup also helped a little bit. I used Python to rewrite the old bash script.

Second iteration of the script is called Superbox Helper. It is basically a lame REST API parse and request tool which I think is easy to read so I will not try to explain it. Call it with a -h switch for the context.

I just want to note some of the new things I’ve learned about during this short journey.

Authentication

Authentication mechanism is similar to the digest authentication. Just a wild guess, AD may be the authentication digest and even wilder guess, RD may be the realm digest. Judging from authentication digest nomenclature.

Similarities to digest authentication: Some concatenated nonce-like parameters are hashed using MD5. That’s all. Not nonce, because final digest is not valid for one-time use. It can be used during a session. I still do not know if this session is limited for a period of time or amount of requests. Digest can be used multiple times with GET requests but only once for POST requests. It may be because I’m doing something wrong, but it seems rather strange.

By the way, if you login to the web interface and then call the script with the same credentials you’ve used while logging in to the web interface, you are logged out of the web interface. I think that’s reasonable.

Unrelated findings

SMS page became unusable after I got an SMS from a government agency. I could not understand if it was a bug on router code or actually sent faulty. While searching for some keywords, found a really cool post. This has both helped me to fix the issue and caused to lose my interest in the tinkering with the router. And there were more.

Device logs survive both factory reset using web interface and hard reset which is activated by holding the reset button on the device. I did not want to let them stay there because I will return the device. But, whatever.

Final words

Next time I will try to find a topic that’s less discovered to keep the series longer. Maybe I can learn more this way. Anyway, that was fun.