-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey folks, I have just received this new piece of hardware and I wanted to share some preliminary info about it. As far as I noticed, the picocell was used by Orange UK some years ago. As you will see from the photos below the board has different populated pins, which one of them seems a 14-pin JTAG connector. (I apologise for the low quality of the images, but at the moment is the best I can do) At the moment I am unable to fully test it cause logic analyzer, jtag and uart connectors are physically not with me. In the meanwhile I will get them, I was wondering if someone of you guys already had the opportunity to play with it. Or have more info/specs/etc. about it. - ------------------------------------- IC PRIXPH425BT (Intel): - ------------------------------------- http://media.digikey.com/pdf/Data%20Sheets/Intel%20PDFs/IXP42X,%20IXC1100.p… http://media.digikey.com/pdf/Data%20Sheets/Intel%20PDFs/IXP42X,%20IXC1100%2… - ------------------------------------- PHOTOS - ------------------------------------- http://imageshack.us/a/img856/5395/d0xt.jpg http://imageshack.us/a/img266/8011/x64h.jpg http://imageshack.us/a/img801/9504/0zir.jpg http://imageshack.us/a/img839/4488/sq4r.jpg - ------------------------------------- NMAP SCAN - ------------------------------------- These are the ports available on the LAN side: PORT STATE SERVICE VERSION 22/tcp open ssh Dropbear sshd 0.47 (protocol 2.0) 23/tcp open telnet NASLite-SMB/Sveasoft Alchemy firmware telnetd 53/tcp open domain dnsmasq 2.31 80/tcp open http Boa HTTPd 0.93.15 443/tcp open ssl/http Boa HTTPd 0.93.15 I have already tried a known vuln for Boa HTTPd 0.93.15 to bypass auth, but since the webapp is customized, that flaw is no longer available. At the moment I am trying to bruteforce ssh/telnet, but I guess it would not get any result. Overall, while continuing to disassemble and test it, If someone have some hints or material to share, is welcome. Cheers, Luca