MikroTik

From the HackIT Conference:

Discussion: https://www.reddit.com/r/mikrotik/comme ... _released/

Presentation: http://kirils.org/slides/2018-10-10_HackIt-MT_pub.pdf

Exploit: https://github.com/0ki/mikrotik-tools/t ... it-defconf

ooooo..why?

If i'm understanding this right, it requires physical access to the box and the hack is via USB? Which means its also only possible on certain device types (and x86)?

plenty of devices now have USB. It requires:
- USB
- admin access (username+password)

so it is not really "vulnerability", just jailbreak (you own the device, you should be able to do whatever you want with it without limitations)

You can't misuse it if you don't have admin access. (gonna try it once i get some old spare RB951 back)

There is a big difference between Jailbreak and Vulnerability.
Jailbreak is not explicitly forbidden by MikroTik. It is simply another method to get into the linux sub system to run your own custom tools on the device.

Like explained above, it requires phyical access, username and password. This can only be done by the owner and administrator. There is no risk. It is just a tool for people who want to look inside the linux filesystem below RouterOS interface.

Gaining more access on your own device is these days called jailbreak/rooting. To be able to do this you need a opening/vulnerability in your device. A important criteria is the the manufacturer does not sell the device with this option default active.

Apple is playing catch up all the time and Google Android makes it even more difficult in the future what also improves the security in general.

Actually this is quite handy to repurpose old routerboards to run things like usb device sharing server and not losing all mikrotik features in the process (like when you install LEDE instead, wiping everything).
There will always be a way to do this if you have hardware access to the device - netboot custom kernel, use JTAG, ... And there is nothing wrong with this either... you bought the hardware, it's yours to play with.

I wish there were an official way to do this rather than relying on tools that potentially cause issues or stop working in the future. Installing wireguard for example or proper openvpn with UDP support would be so useful.

I wish there were an official way to do this rather than relying on tools that potentially cause issues or stop working in the future. Installing wireguard for example or proper openvpn with UDP support would be so useful.

Agreed!
Give us root!

I am against giving giving root access. If you want to experiment thrn you have to get a other product.

If you want a more open router then have a look at Turris. I like their approach of a modular router that you can click together with the modules you need.

It doesn't have to be necessarily root, even a limited account could be enough for many things (and some traditionally root-only features like ability to bind to lower ports can be handled using Linux capabilities without compromising whole system). You can use the same argument against that too. And of course there are other systems that are much more open. But (to take a shortcut) none of them has WinBox. I always liked Linux, but at the same time, something was missing. First time I got to RouterOS, I immediately knew what it was.

Truth is, I'm not even completely sure if I want the ability to run own stuff. What I really want from MikroTik is just few small additions/fixes here and there and I'd be happy as a clam. But as we all know, waiting for MikroTik to implement some features could take forever. So the ability to have some level of DYI possibilities could perhaps be the best solution after all.

I think silently allowing jailbreak is the best solution. People who do that will be clearly aware they are doing some non-standard stuff which may or may not work. On the other hand, if we ask mikrotik to support "root", they would have to spend significant amount of resources to make it fool-proof and safe. Personally, I would prefer them to focus on making RouterOS great again.

It would be neat to run custom executable code on the MikroTik hardware, just to augment what is already there, not replace RouterOS.

making RouterOS great again.

RouterOS first!

focus on making RouterOS great again.

And for supporting fresh Hardware you need fresh Kernel, this is what ROS need

Finally had some time to play around with this. It works very well and there is almost zero risk of bricking your device. Can't wait to start experimenting with custom software on my router at last!

Ok, so the "magic" USB is filesystem with simple symlink to root, and it goes from there, right? That's neat trick. But there's probably also some simple way how MikroTik can block it. And even if they don't, you're completely on your own, any upgrade can ruin what you build there, etc. So yeah, it's nice, but...

You can easily "jail break" using openwrt initramfs for your model, you can get full shell access and can even do RW to MTD parititions or force downgrades this has been possible for a few years making the old methods obsolete.