Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
<HOME>/<PACKAGE>/wireless_client_files/
and execute:
./instrument-belkin-cfg.sh belkin_ewc.cfg <WIRELESS_CLIENT_IP_ADDRESS>
To get the WIRELESS_CLIENT_IP_ADDRESS execute "ipconfig /all". It will
likely be in the 192.168.2.xxx range. IMPORTANT: this address is the
wireless client's address, NOT the wireless router's IP address.
6. In the browser window, in the left menu bar, click the
"Restore Previous Settings" link.
7. Browse to <HOME>/<PACKAGE>/wireless_client_files/belkin_ewc.cfg,
click Open, and click Restore.
8. The browser will show a countdown page, but you can safely ignore this.
9. In the browser window, in the left menu bar, click the "Firmware Update"
link.
10. Click the "Check Firmware" button. This will begin the upgrade procedure.
11. A small "chkfw" browser window will appear which will report status.
If all goes well, the chkfw browser window will display "Success" in 60-70
seconds. The device will then reboot in 4-8 seconds.
If an error occurs during the upgrade process AND the wireless client has kept
continual wireless connection to the device, the error will display in the
chkfw box (see below for an explanation of error codes). If the wireless client
has not had continual wireless connection to the device, but does currently
have wireless connection to the device, the status can be checked using
dumbbellc. In either case, at this point, the user should have a dumbbell
shell (see the DUMBBELL NOTES section) available for diagnosis. If an error
occurs, the device will not automatically reboot.
The user can at any time during the upgrade (assuming wireless connection)
check status using dumbbellc:
- open a cygwin command window
- cd to <HOME>/<PACKAGE>/wireless_client_files
- execute:
./dumbbellc/dumbbellc <WIRELESS_ROUTER_IP_ADDRESS> "/bin/cat /tmp/var/sn"
If using dumbbellc to check status, the status is appended to
the serial number. Here is the decoder ring:
'-' means the upgrade has started (i.e., the bootstrap script is executing
on the device). Note that the bootstrap script is located in
<HOME>/<PACKAGE>/webserver_files/a.sh.
'-W1' means that an nvram value could not be set back to its original
value (relatively harmless).
'-W2' means that dumbbelld could not be retrieved from the webserver
(you will not have the dumbbell shell - see "DUMBBELL NOTES" below).
'-W3' means that dumbbelld could not be made executable with chmod +x.
'-E1' means that the mtd_w flash writing program could not be retrieved
from the webserver
'-E2' means that mtd_w could not be made executable with chmod +x.
'-E3' means that the firmware file sq.bin could not be retrieved from the
53