Skip to content

theodric/HooToo_HT-TM05-hacking-doubleplusgood

This branch is 58 commits ahead of cryptographrix/HooToo_HT-TM05-hacking:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

65 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

HooToo HT-TM05 hacking stuff and junk

theodric's edition

2022-12-22:

HooToo's website has been dead since August 2022, and it appears they have been consumed by another company. As such, the stock firmware is no longer available for download. I have added a number of unmodified, stock firmware files from my archive to this repo in an appropriately-named subdirectory. The later versions include exFAT support.


"Tootsie" firmware

Entware-ng mipsel k2.6

After I clean it up, I'll release my updated (by 2016 standards) firmware modification with SSH and auto-mount ext2-loopfs-on-vfat-USB Entware-ng integration. This allows you to slap in a USB stick formatted in FAT32 (or possibly exFAT if/once I migrate my mods to a more recent firmware than 064) and use Entware-ng from within a Linux loopfs file stored on the USB stick. This approach leaves the base functionality of the stock firmware unchanged, but adds the capacity for the firmware to "intelligently" detect if a stick with the loopfile is inserted on USB stick mount, and if so, mounts the loop file and provides access to the tools installed thereon from an SSH/telnet session.

Links that will be useful then:

Maurerr's repo no longer works because github.io is forcing SSL, which the opkg client doesn't support. I've mirrored it repo to a VPS @ http://phoenixfowlery.com/packages/


I have included in this repo an xz'd loopfile with a working Maurerr Entware-ng installation on it, preconfigured to use my mirror. You have to unxz it and put it on a vfat flashdrive to use it. If you don't trust me (THEN WHY ARE YOU HERE!?), you can create the file yourself with the following steps:

Loopfile creation:

  1. dd if=/dev/zero of=tootsie.ext bs=16m count=254
  2. losetup /dev/loop0 tootsie.ext
  3. mkfs.ext2 /dev/loop0
  4. mount /dev/loop0 /mnt/ext
  5. cd /mnt/ext
  6. mkdir opt root
  7. explode opkg binary into /opt (download ipkg, gunzip, untar, gunzip data.tar.gz, cd /opt, tar xpvf /path/to/data.tar)
  8. create opkg.conf as detailed immediately below
  9. opkg update
  10. opkg install bash

Your /opt/etc/opkg.conf should look like this to use my mirror:

src/gz entware-ng http://phoenixfowlery.com/packages

dest root /
lists_dir ext /opt/var/opkg-lists

Once done, do a proper reboot (hold down the power button to tell it to turn off, then turn it back on again). The next time you log in, you'll be greeted with this: screenshot


2016-05-25:

  • Updated Download-and-split script to grab the latest firmware file, and to use unrar rather than unzip since the archive type has changed. Also updated the relevant variable name to reflect. That's it.
  • Added checksum script "checksum_tool.sh"
  • Added mksquashfs script "squish.sh" for resquashing the unsquashfs'd rootfs file from initrdup/firmware/rootfs
  • Removed the HooToo firmware to avoid possibly drawing their ire. It's available elsewhere. No need for a mirror here.

I have successfully unpacked, modified, repacked, and reflashed a firmware image with this workflow:

  1. Run Linux, because OS X won't mount the initrdup ext2 image
  2. Install the squashfs tools package appropriate to your distribution
  3. Use Download-and-split.sh to grab and mount the latest firmware
  4. Use unsquashfs to unpack the firmware/rootfs file inside the initrdup somewhere outside the initrdup
  5. Make desired changes to the rootfs
  6. Use squish.sh to re-squashfs the rootfs file
  7. Replace the initrdup's firmware/rootfs file with your modified one
  8. sync and umount the initrdup
  9. gzip initrdup
  10. cat start_script.sh initrdup.gz > firmware_image_file
  11. checksum_tool.sh firmware_image.bin
  12. replace the CRCSUM value in start_script.sh with the one output by checksum_tool.sh
  13. once again, cat start_script.sh initrdup.gz > firmware_image_file
  14. flash the firmware_image_file onto your HT-TM05 using the regular web GUI
  15. hope that it doesn't brick it
  16. glhf

###TODO 20160530

  • figure out how much space I actually have to work with in each of the MTD partitions so I don't cause myself problems
  • implement automatic pull-in of optware or entware on either an ext2 USB flash drive or (better?) a loop-mounted ext2 fs image on a *FAT/NTFS-formatted disk
  • make an /etc/profile part of the default image, and have it source something useful to making the CLI environment more user-friendly.
  • no really totally actually make a /root directory that's at least somewhat writeable (tmpfs? symlink to /etc/root?)
  • various cleanups and assorted whatnots

#####I found a couple other interesting projects that are relevant to the OS running on the HT-TM05 https://github.com/wingspinner/Tripmate-HT-TM02-Telnet-Enabling

https://github.com/digidem/filehub-config/blob/master/README.md


FAQ

Wait, you called your firmware for a HooToo device "Tootsie?" Is that a Rwandan Genocide reference?

What?


Errata

  • If you're on the TM05's command line and issue a 'reboot' or 'shutdown' command, it will reboot, but it will also reset the device to stock config. Don't do this. My mod aliases the commands away for the login shell.
  • There is a command unique to this firmware which writes the contents of the ramdisk to NVRAM. This command is ____________.

What follows below is a portion of the original readme from cryptographrix's repo, where the Download-and-split.sh script came from. See: https://github.com/cryptographrix/HooToo_HT-TM05-hacking

cryptographrix/HooToo_HT-TM05-hacking

Summary

This repo contains a basic script that downloads the current firmware for the HooToo HT-TM05 portable router and lets you access and modify everything.

What this actually does

  1. Downloads the firmware zip file from the HooToo download site (ZIP)
  2. Unzips that into the actual update file, which is a stub of sh and initrdup.gz (UPDATE)
  3. Splits the UPDATE file into start_script.sh and initrdup.gz
  4. Gunzips initrdup.gz into initrdup
  5. Creates ./mount and...
  6. Mounts initrdup into ./mount

QnA


Who cares?

Anyone that bought one of these useful portable linux systems and wants to do more with - or customize - it.

What can you do from here?

Anything you want - eventually you'll need to reverse the process:

  1. sync and unmount initrdup
  2. gzip initrdup
  3. cat start-script.sh initrdup.gz > fw_...
  4. zip fw into HooToo....

See also:

Thread on the OpenWRT forum: https://forum.openwrt.org/viewtopic.php?id=61445

About

Hacking the HooToo HT-TM05

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%