Getting root on the Belkin Home Base

After we found the TX pin in previous blog post and can have a look at the console messages, we can continue to look for the RX pin.
The RX pin is still unknown, but we couldn’t test for it, as serial logins are prohibited on the Home Base.
Luckily the Home Base firmware files are released under GPL, this allows me to have a peek around in the code and look for the protection.
After that I could compile a custom firmware without the protection. Compiling of the firmware is beyond the subject of this blog post, but it’s not that complicated if you follow Belkin’s guidelines.

Please note that flashing custom firmware’s can wreck your device! I am pretty confident of doing this, I have done it several times in the past with other devices. Another reason which makes me just do it, is that I have serial console access. So, there must be some way to unbrick this device.

After looking around in the firmware structure I found a startup file (in preinstall/etc/rc.d/rc.S) with the following content:

# serial login
DEBUGMODE=`sxromconf -c GET_DEBUG`
if [ "${DEBUGMODE}" = "on" ]; then
  /sbin/getty -L ttyS0 115200 vt100 &
else
  echo "Serial login always is disabled by DEBUGMODE setting!"
fi

Aha! Now that looks familiar, it’s the code preventing us to login to the console.
I changed the code to the following:

/sbin/getty -L ttyS0 115200 vt100 &

After that I compiled the new firmware, and restarted the device. Does it work?


Belkin Home Base serial login

Success! Now we can continue to find the RX pin, just connect a test wire to the USB-BUB TX pin and randomly test the pins. After a few attempts I found out that pin 3 is the RX pin.
Now let’s try to login, and check our privileges:


Belkin Home Base root privileges

So there you have it! Full root access on the Belkin Home Base. Time to celebrate, cheers!