How have you gotten on with Full Flavour, as suggested previously?

not talked to them yet. Probably will do that when we get back from Alaska. Preparing for that trip right now.

ThatPrettyFreya:

 

These SIMs are TAC locked. We continue to wait for bridge mode on the x80, whenever the hell that's supposed to be slowing up.

 

I don't think you will be seeing a bridge mode in the deco x80 it defeats the purpose of the device to sell mesh nodes to everyone stemming from their ISP supplied device that gives them leverage.

People are not going to think mesh is so great soon as there is a massive hole in security at the moment most of the affected have not applied patches a year after they were notified:

seclab-ucr/CCS24Mesh (github.com)

The rules are in the rural broadband government docs that they state connections are required to use TAG locked sims last time I saw, and this is understandable, but this is not so with 5g and 4g town services this is an ISP thing I believe.

As I understand it RBI requires a TAG locked sim government requirement, and I don't know how ISP's get around this.

Any device with a Quectel or Sierra wireless modem can reflash the IMEI number to that of authorized hardware and it will work it is Prity common in Australia they chat about on forums. it is not deemed Illegal in NZ to tamper with IMEI numbers there is no specific law around it and it has not been tested in court.

A single simple AT command with a Quectel modem and you can use any hardware as long as you have terminal access.

on the x80 theme we will have to wait for the mesh exploit to drop our, exploit primitive is not enough to pop a shell to run commands.

ON the arm/aarch64 arch the return address on the stack we can overwrite with our buffer overflow exploit is from the parent function's frame not the current one, so by the time we control the flow the stupid parent function has already un-map'd the memory we need to point to to run a shell.

There is no good ROP gadget in the binary to use. so until we can find another exploit primitive, we're out of luck but the mesh exploit hopefully will be what we need to pop a shell.

yeah, we just ended up putting a UDR in front of it. Now the only time we have to remember that it exists is when we have to go reboot it because we've pulled 4.29TB of data and One NZ decides "oi, get off our network, what do you think this is, the US? You can't just use mobile data, the country will run out! Mobile data is a scarce resource, dontcha know, is why we have to charge $45 for 5GiB of it on mobile!"

Have you had your trip to Alaska yet? If so, have you talked to Full Flavour?

not yet. Heading to AK in 2 weeks

Wait - 4.29TB a month? 😮 Yikes. I have a house of 4 people (on fibre) with 1 almost permanently WFH and we struggle to use 500GB each month...that's some pretty heavy usage you're doing there, especially for mobile data - I can see why Vodafone/One would get a bit unhappy about it.

CBD area and TBs/month over wireless isn't going to fly long-term.