[Kern Meetup Blr] [CFP] : Talk Proposal - Unlocking the Black Box: Bootloader Manipulation, Flash Analysis, and Init System Hijacking
Dheeraj Reddy
Hi all,
Please find below my talk proposal for the upcoming Kernel meetup.
Title: Unlocking the Black Box: Bootloader Manipulation, Flash Analysis, and Init System Hijacking
Preferred Format: Regular talk (25 + 5 minutes)
Abstract:
ISP provided routers are often locked down, remotely managed devices that hide advanced configurations. This talk demonstrates reverse engineering and runtime exploitation of a Realtek router based on RTL9607C.
We will walk through the exploit chain, starting with the U-Boot environment to bypass the login prompt. The core of the talk focuses on analyzing the proprietary Realtek configuration system and will demonstrate how to dump the flash database to recover credentials including admin passwords and ISP backend infrastructure details.
Finally, by manipulating the internal Flash API and injecting hooks into the writable configuration partition, we can successfully disable the TR-069 remote management daemon and establish a persistent, unmanaged root shell that survives reboots, despite the read-only root filesystem.
Agenda:
- The Break-in: Manipulating U-Boot boot args to hijack the Linux boot process
- Forensics: Analyzing the Management Information Base (MIB) to recover hidden admin passwords and ISP infrastructure details.
- The Realtek Flash API: Understanding how the router stores state and using flash get/set to bypass restrictions.
- Going Dark: Permanently disabling the TR-069 (CWMP) daemon to stop the router from "phoning home" to the ISP.
- Persistence: Enabling the Telnet daemon via a config hook to replace hardware UART access.
- Q&A
Bio:
Dheeraj is a Senior flight software engineer at Pixxel Space India, where he works on the software powering earth observation satellites. His typical day involves low-level board bring-up of the On-Board Computers (OBCs), operating system customization, and developing mission-critical flight applications. Outside of flight software, he is also a budding Linux kernel enthusiast who has just started contributing fixes to the mainline kernel and the list of his contributions is at https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=Dheeraj+Reddy+Jonnalagadda
Thanks and Regards,
Kaiwan N Billimoria
--
You received this message because you are subscribed to the Google Groups "Kernel Meetup Bangalore" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kernel-meetup-ban...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAHci4dpp8yexa9s0vHNcLS9fjQ2kYPqkd7EXJ4jytoZJPtKLCA%40mail.gmail.com.
Tauqir Azam
Md Tauqir Azam Kausar
Contact No : 9508016232
To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/CAPDLWs-BywQdTrVraU98__bEpK%2BPPGWW2sDkDQqdOB6Ssezb5A%40mail.gmail.com.
Aditya Gupta
On 22/11/25 19:04, Dheeraj Reddy wrote:
>
> Hi all,
>
> Please find below my talk proposal for the upcoming Kernel meetup.
>
>
>
Suchit Karunakaran
--
You received this message because you are subscribed to the Google Groups "Kernel Meetup Bangalore" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kernel-meetup-ban...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/kernel-meetup-bangalore/ecc94bd1-5488-45b3-8e3c-bf70e86400b7%40gmail.com.