Part 1 : Talk to me…

So, I’ve been fiddling with this old device from 2013ish. it’s a WiFi repeater from an unknown brand.

On the bright side, I managed to crack it open and find out the potential UART port (without pins obviously), and the chip inside seems to be a genuine Realtek RTL8196E, which has been successfully flashed with OpenWRT. I hope to be able to do the same.

First step that I tried, was to use my multimeter to identify the Tx/Rx pins but the results were inconclusive. I had to find another solution. The good news is that I’ve managed to find out, with the datasheet of the RTL8196E that the 2 pins I want for Rx and Tx for UART (which are my candidate pins and would make sense) are pins 125 and 126.

so next logical step to figure out which pins are what is to trace the board! lucky for you, I just did that.

Ultimately, I managed to figure out my UART pins on the missing header.

After soldering the headers on the board, I plugged in my trustworthy CP2102 board on a rPi, booted GTKTerm and proceeded to try to connect. Spoiler alert, the baud rate is not 115200 (I know, shocking!), instead it’s 38400. Nothing too complicated to figure out but, my luck ran short very quickly… I was finally able to get the UART to connect and display and be responsive… then I got greeted by a login prompt.

This will be a good stopping point for now. I need to research on how to either extract the root password, or find it online, or even extract the firmware and look for the password in there.

To be continued…