PwnSSHH

A Python wrapper for the MR3040.

Usage

Setting Up Device

Instructions heavily based on the minipwner.

Have a TP-Link MR3040, USB flash drive, Wi-Fi internet connection, and an Ethernet cable.
Partition the USB flash drive with a tool like Partition Wizard or gparted
to have about 96% ext4 and the rest as Linux swap.
Download the OpenWrt image builder
and uncompress (tar xvzf {filename}).
make image PROFILE=TLMR3040 PACKAGES="blkid block-mount kmod-fs-ext4 kmod-usb2 kmod-usb-uhci kmod-usb-ohci kmod-usb-storage"
Rename the created image file bin/ar71xx/openwrt-15.05.1-ar71xx-generic-tl-mr3040-v2-squashfs-factory.bin to openwrt.bin
Put the switch on 3G/4G, connect it to your computer with an Ethernet cord, and power on the device.
Navigate to the TP-Link control panel at http://192.168.0.1, then go to System tools -> Firmware Upgrade and upload the openwrt.bin image file.
telnet 192.168.1.1 23 and set the password passwd to enable ssh (no longer need telnet).
ssh [email protected]
Edit the fstab config vi /etc/config/fstab where partitions can be sda1 or sda2

config 'global'
        option  anon_swap       '0'
        option  anon_mount      '0'
        option  auto_swap       '1'
        option  auto_mount      '1'
        option  delay_root      '0'
        option  check_fs        '0'

config 'swap'
        option device '/dev/{swap partition}'
        option enabled '1'

config 'mount'
        option target '/overlay'
        option device '/dev/{ext4 partition}'
        option fstype 'ext4'
        option options 'rw,sync'
        option enabled '1'
        option enabled_fsck '0'

Pivot the root onto the USB drive with the following commands:

mkdir -p /tmp/cproot
mount -o bind / /tmp/cproot
mkdir /mnt/{ext4 partition}
mount /dev/{ext4 partition} /mnt/{ext4 partition}
tar -C /tmp/cproot -cvf - . | tar -C /mnt/{ext4 partition} -xf -
umount /tmp/cproot

Change the mount target in /etc/config/fstab from '/overlay' to '/'
reboot

Setting Up PwnSSHH

On main computer, git clone https://github.com/sshh12/PwnSSHH.git
Copy files to device scp -r /path/to/PwnSSHH [email protected]:/root/PwnSSHH
python /root/PwnSSHH/setup.py (This will override config files, banners, etc...)
reboot

Using

PwnSSHH with automatically start on boot and will cycle the leds to indicate startup.
The program can be started manually with python /root/PwnSSHH/main.py.

API

If you want to write your own code, the pwnsshh lib will allow you to interface (read switch state, control leds, init configs, etc...) with the router.

For example:

from pwnsshh.switch import get_switch_id
from pwnsshh.leds import all_off, leds

import time

all_off() # Turn off all leds

last_pos = 0

while True: # Poll switch state

    switch = get_switch_id() # Index of the switch position {0, 1, 2}

    if switch != last_pos:

        leds[last_pos].on = False
        leds[switch].on = True # Light corresponding led

        last_pos = switch

    time.sleep(1) # Commands can get buggy if not enough delay

Related Projects

Raspberry-Pi-Photo-Frame

A photo frame for Raspberry Pi that automatically downloads photos from Flickr and displays them ...

08 Dec 2013 72

ac2100-openwrt-guide

Install OpenWrt on the AC2100 (black cylinder)

23 May 2020 114

raspberry_pwn

A Raspberry Pi pentesting suite by Pwnie Express

12 Jun 2012 1,026

ConsolePi

Raspberry Pi Based Serial Console Server, with PushBullet Notification of IP changes, Automatic V...

31 Dec 2018 164

micropython-sonoff-webswitch

MicroPython project to free the Sonoff WiFi Smart Socket from the cloud by run a webserver on the...

08 Nov 2019 19

TP-Link-Archer-C50-API

HTTP based python script for API access and router management of the TP-Link Archer C50

18 Sep 2020 37

esp_rpi_flasher

ESP32 batch programming tool

13 Feb 2019 21

DasDeployer

Raspberry Pi powered manual release approval gate for Azure Pipelines. Mit viele blinkenlighten

16 Apr 2019 94