BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//hack-lu-2025//talk//BDUTYD BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-hack-lu-2025-BDUTYD@pretalx.com DTSTART;TZID=CET:20251021T154500 DTEND;TZID=CET:20251021T161500 DESCRIPTION:The operating systems of many proprietary consumer- and enterpr ise-grade\nnetworking devices do not allow for easy customization. Even wh en SSH access is\navailable\, it often supports only a limited set of tigh tly controlled commands\,\noffering no way to install new binaries — or to understand what the existing\nones actually do.\n\nThe Internet is full of guides on “jailbreaking” proprietary routers — an\nunfortunate n ecessity for users who want deeper control over the hardware\nthey've paid for.\n\nIn contrast\, open-source router OSes like OpenWrt provide full S SH access. This\nseemingly simple feature sends a clear message: “This d evice is truly yours\, and\nyou're welcome to inspect or improve it — ev en find security bugs\, if you're so\ninclined.”\n\nBut what happens whe n a proprietary OS is built on top of an open one like\nOpenWrt?\n\nIn thi s talk\, we’ll take you on a journey through reverse engineering OS\nbin aries based on OpenWrt\, used by a major vendor [REDACTED]. We were surpri sed\nto discover that they had patched the Lua compiler for the sole purpo se of\nhindering static analysis.\n\nWe'll demonstrate several techniques for “owning” a line of devices from this\nvendor — from rediscoverin g a "patched" backdoor in the restricted SSH service\,\nto identifying an authenticated OS command injection vulnerability buried deep\nin a custom Lua module.\n\nThese findings could enable full remote takeover of the dev ices — so it’s no\nwonder the vendor didn’t allow SSH access in the first place... DTSTAMP:20260413T105618Z LOCATION:Europe SUMMARY:No way to enable SSH access to your new router? The vendor might ha ve something to hide - Stanislav Dashevskyi\, Francesco La Spina URL:https://pretalx.com/hack-lu-2025/talk/BDUTYD/ END:VEVENT END:VCALENDAR