hardware for european market? #106
Comments
|
There is another problem with this device in Europe. In user manual it is written that it supports: In my country mobile operators are using LTE bands B3, B7, B8 and B20. So it seems that this device would not work in my country and also not in Europe in general... If that is correct, this needs to be clearly written on the first page. Also, we are in desperate need of alternatives. :) |
|
I have done some searching and this device seems interesting: Ruckus Wireless M510 Access Point. It seems that it supports European LTE bands, and also has Qualcomm MDM9207 chipset (the same as Orbic RC400L). Another interesting one is this: Sunhans OEM&ODM eSIM MiFi Router, it also seems that it supports European LTE bands, and also has Qualcomm MDM9207 chipset. What do you think? |
|
Also, I came across this device: SHM7520A 4G 5G WiFi Router, where (in user specification) is written that the frequency bands can be customized. Could be the same with Orbic RC400L? |
|
it would be nice if it worked with GL-AR300M https://www.gl-inet.com/products/gl-ar300m/#specs |
|
I don't think so. GL.iNet routers use Quectel chipsets for LTE (Qualcomm only for WiFi)... |
|
what about laptop with sim card and linux installed? |
|
I think the point is that software is written for a specific LTE chipset. |
|
in my opinion with little effort you can port the software to run on other hardware as well but a strict requirement is the ability to capture modem traffic. I don't know if this is widely expected by modems or if it is something niche. |
|
I have found another possible candidate: AceTel R705 4G LTE Cat4 MIFI Router |
As I remember (SnoopSnitch and AIMSICD project), you need a specific baseband chipset to be able to capture modem traffic. That is why we are looking for Qualcomm chipset. |
|
On some devices you can use AT commands, and there is one interesting command on Quectel devices: AT+QCFG="band" (see this explanation how to unlock additional bands). I can not find if you can run AT commands on Orbic RC400L, can someone help with this? |
|
This would be great if there would be an easily portable solution available for the European market aswell.
Perhaps there are already plans to 'expand' once the project grows, given that statement? I'm very interested in this project and will certainly keep an eye on it. If there would come an 'easily deployable' alternative on a router that support european bands, i will happily contribute data. |
|
i found this having the Qualcomm MDM9207: |
|
They are also on Ebay.de, so I guess it is not a problem for Germany. The main question is - doe Rayhunter work on this device? Can someone test it? |
|
TpLink M7650 with MDM9240 seems to work |
Allthough a little on the expensive side, availability wise globally, this would be a great option. |
|
Source? Have you tested it or you have someone to confirm it is working? |
|
Have it running. currently testing, but seems to work: https://paste.pics/f1737d2750d41d9c04d8f82af5afc7fb |
We'll know in about 7-12 days when my order arrives. 😅 |
|
@mrsec-dev - this is great news! Just a question - how did you install Rayhunter? Because instructions on the Github are not very clear. I guess, you need to connect device to your computer with USB cable, but then what? How do you put the device into development mode? (I guess this means that you enable ADB on the device). |
|
@MatejKovacic Thats very easy with this device... connect to wlan -> adb connect x.x.x.x -> adb shell -> rootshell ^^ |
|
Ah, so ADB is already enabled on this device and you just connect to it through web ADB? I wonder if it is the same with other devices (especially ZTE R219-z)...? |
|
Yes, already enabled and rootshell. I assume this is a TPLink thing. Got another one: TP-Link M7350 with MDM9225 which has adb and root enabled. Will try this one too if i find it on the weekend. |
Yeah, I already started reading the sources of this project and guess, that we can run it on the device. For rooting and adb, check out our research repository about that device. open.sh is the best way we implemented https://github.com/m0veax/tplink_m7350 Going to fork this repo and start implementing everything needed to port it to tplink-m7350. Feel free to join us, matrix is linked in the repo. |
|
Created a fork. Will work on this tomorrow:) |
rayhunter's |
|
@mrsec-dev @m0veax that's awesome, are you aware of any TPLink devices that are under $50 USD? it's be great to support a cheap device that's got adb/rootshell by default. |
a new tplink-m7350 is about 60€. You can find used ones for half the price |
|
need to downsize rayhunter-daemon because the tplink devices does not have as much space free UPDATE: found enough space on /dev/shm ... it's tmpfs but good enough for trying |
|
Good News!
|
|
@m0veax how much non-tmpfs space is there? for rayhunter to work well, it'll also need a reasonable amount of long-term storage for the QMDL files |
it's extendable by sd-card, but I never tried mounting one. Ordered a micro sd and will try to get it running on the device. It should be extendable up to 32gb (stating in the tplink manual). After mounting the SD, i will write a guide using the SD Card. Here are my notes: https://github.com/m0veax/rayhunter-tplink-m7350/blob/main/PoC.md I'm not a native speaker and it is late here, please ignore typos :) UPDATE: we found a way to mount an SD Card in our notes. Will publish them this weekend and modify the PoC Guide |
|
maybe using lto and some other optimization there is a way to reduce the binary in way that fit in the internal space |
|
Tl;tr: i shrunk the binary size from 11619420 bytes to 4614596 bytes, which is a 60% reduction. Following the recommendations of https://github.com/johnthagen/min-sized-rust i had following results in attempting to reduce the size of the binary: I can't test if the binary still works with all the optimizations enabled, as i don't have any hardware yet.
Ah.. how to apply? Just change the If applying all features do work I'll make a pull request. |
|
Maybe some one can test this on an Orbit? I guess it would be easier there |
|
I had this working briefly on a TPLINK M7650 by replacing the bash references in the init.d scripts for sh but it then got stuck in a boot loop after a reboot. I've since tried the recovery tool that seems to have got me out the bootloop but bricked the device - it now only reaches a tplink logo and the usb functionality for fastboot never enumerates on my laptop. Any thoughts on recovering from this? If bootloops are likely to be an issue then development could be an expensive business! If I do get another to try with or manage to recover this one then I'm wondering if there is a safer option to create this app as something that could run from the sd card so it could be updated more easily and also killed by removing a card if it goes wrong |
|
@tkerby see our notes here https://github.com/m0veax/tplink_m7350?tab=readme-ov-file#fastboot TL;DR remove the battery |
orbic rc400l is not easily available for purchase in europe, the only option is to have it shipped to you from ebay with higher shipping costs than the product itself and the risk of additional import customs fees.
The text was updated successfully, but these errors were encountered: