Lorenzo Santina BigNerd95

## belkin_enable_telnetd.py
#!/usr/bin/env python3

# Belkin Router Persistent Remote Command Execution (0day)
# Tested models: F7D4401, F7D4301
# Tested firmware: 1.00.46 (latest firmware)
# You bust be loggedin to run this exploit (you can use belkin_login_bypass.py exploit)
# Author BigNerd95

import sys, requests, re

## base64encode.sh
#/bin/bash

base64encode(){
    local base64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
    local res=""

    for i in $(seq 0 3 $((${#1}-1)))
    do
        local n1=$(printf '%d' "'${1:i+0:1}")
        local n2=$(printf '%d' "'${1:i+1:1}")

## Tecnoalarm.py
#!/usr/bin/env python3

from Crypto.Cipher import AES

class TACipher():
    def __init__(self, key, iv):
        self._key = key # bytes
        self._iv = iv   # bytes
        self._tail = bytes()
        self._padding = 0

## WiIvrea_login.sh
##### WiIvrea Authentication for OpenWRT ####

is_authenticated(){
    local res=$(wget -q -O - http://172.172.172.1/login | grep "You are logged in" | wc -l)
    if [ $res = "1" ]
    then
        return 0 # true
    else
        return 1 # false
    fi

## ar9003_eeprom_diff.c
// Add these lines after the Copyright
#include <linux/fs.h>
#include <asm/uaccess.h>
#include <asm/segment.h>
#include <linux/buffer_head.h>

// Copy these functions before ar9300_eeprom_restore_flash function
struct file *file_open(const char *path, int flags, int rights)
{
    struct file *filp = NULL;

## regd_diff.c
char *user_country_name = "";                              // [MOD]
module_param_named(cn, user_country_name, charp, S_IRUGO); // [MOD]
MODULE_PARM_DESC(cn, "Country Name");                      // [MOD]

static int __ath_regd_init(struct ath_regulatory *reg)
{
	struct country_code_to_enum_rd *country = NULL;
	u16 regdmn;

	if (!reg)

## 800-ath9k-bypass-eeprom-power.patch
--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
@@ -5142,6 +5142,11 @@ static void ar9003_hw_set_power_per_rate
 	scaledPower = ath9k_hw_get_scaled_power(ah, powerLimit,
 						antenna_reduction);

+	minCtlPower = (u8) min(MAX_RATE_POWER, scaledPower);
+	for (i = 0; i < ar9300RateSize; i++)
+		pPwrArray[i] = (u8) minCtlPower;
+	return;

## glddnsupdater.sh
#!/bin/sh

# OpenWRT support libs
. /lib/functions.sh
. /lib/functions/network.sh
. /usr/share/libubox/jshn.sh

ip_regex="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
ddns=
code=

## recv_fw.sh
#!/bin/sh

# run this script on ROUTER

ipaddr=$1

# recv checksum
check=$(nc $ipaddr 1235)
echo "Received checksum: $check"

## tethering_enabler.txt

echo "Android Nougat Tethering enabler by BigNerd95"
echo

echo "Backingup build.prop in /sdcard/build.prop.backup"
cp /system/build.prop /sdcard/build.prop.backup
cp /system/build.prop /sdcard/build.prop

echo "Editing build.prop"
echo net.tethering.noprovisioning=true >> /sdcard/build.prop
	#!/usr/bin/env python3

	# Belkin Router Persistent Remote Command Execution (0day)
	# Tested models: F7D4401, F7D4301
	# Tested firmware: 1.00.46 (latest firmware)
	# You bust be loggedin to run this exploit (you can use belkin_login_bypass.py exploit)
	# Author BigNerd95

	import sys, requests, re
	#/bin/bash

	base64encode(){
	local base64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
	local res=""

	for i in $(seq 0 3 $((${#1}-1)))
	do
	local n1=$(printf '%d' "'${1:i+0:1}")
	local n2=$(printf '%d' "'${1:i+1:1}")
	#!/usr/bin/env python3

	from Crypto.Cipher import AES

	class TACipher():
	def __init__(self, key, iv):
	self._key = key # bytes
	self._iv = iv # bytes
	self._tail = bytes()
	self._padding = 0
	##### WiIvrea Authentication for OpenWRT ####

	is_authenticated(){
	local res=$(wget -q -O - http://172.172.172.1/login \| grep "You are logged in" \| wc -l)
	if [ $res = "1" ]
	then
	return 0 # true
	else
	return 1 # false
	fi
	// Add these lines after the Copyright
	#include <linux/fs.h>
	#include <asm/uaccess.h>
	#include <asm/segment.h>
	#include <linux/buffer_head.h>

	// Copy these functions before ar9300_eeprom_restore_flash function
	struct file file_open(const char path, int flags, int rights)
	{
	struct file *filp = NULL;
	char *user_country_name = ""; // [MOD]
	module_param_named(cn, user_country_name, charp, S_IRUGO); // [MOD]
	MODULE_PARM_DESC(cn, "Country Name"); // [MOD]

	static int __ath_regd_init(struct ath_regulatory *reg)
	{
	struct country_code_to_enum_rd *country = NULL;
	u16 regdmn;

	if (!reg)
	--- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
	+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
	@@ -5142,6 +5142,11 @@ static void ar9003_hw_set_power_per_rate
	scaledPower = ath9k_hw_get_scaled_power(ah, powerLimit,
	antenna_reduction);

	+ minCtlPower = (u8) min(MAX_RATE_POWER, scaledPower);
	+ for (i = 0; i < ar9300RateSize; i++)
	+ pPwrArray[i] = (u8) minCtlPower;
	+ return;
	#!/bin/sh

	# OpenWRT support libs
	. /lib/functions.sh
	. /lib/functions/network.sh
	. /usr/share/libubox/jshn.sh

	ip_regex="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
	ddns=
	code=
	#!/bin/sh

	# run this script on ROUTER

	ipaddr=$1

	# recv checksum
	check=$(nc $ipaddr 1235)
	echo "Received checksum: $check"

	echo "Android Nougat Tethering enabler by BigNerd95"
	echo

	echo "Backingup build.prop in /sdcard/build.prop.backup"
	cp /system/build.prop /sdcard/build.prop.backup
	cp /system/build.prop /sdcard/build.prop

	echo "Editing build.prop"
	echo net.tethering.noprovisioning=true >> /sdcard/build.prop