MDM2. Validation killed the cat

When plugging the modem into a USB socket it’ll first boot into it’s bootloader mode (reports itself to the PC as “ZTE Bootloader”) and after a couple of seconds it’ll boot into the main firmware. In the main firmware it’ll report itself as an RNDIS modem. Works without issues in Linux.

lsusb output in bootloader stage

lsusb output in modem stage

After logging in using the administrative password provided on the enclosure we’re greeted by the full functionality of the interface. It allows the doing the expected (boring!) things, such as configuring WiFi, DHCP, users, changing PIN codes and performing system updates. It does allow you to access the phonebook stored on the SIM card and read and send text messages. Nothing to write home about, so I’ll skip documenting these features.

The administrative interface is slow as molasses under Firefox, as it keeps polling for status updates from the modem.

A feature of note (for reasons which you’ll soon see) is the functionality to perform traceroutes and ping network devices.

After I ran a traceroute to my desktop computer I noticed that the output provided in the textbox looks rather familiar. It looks exactly like the output of the command traceroute on my desktop computer.

)

I wonder what would happen if I ran a traceroute for 192.168.0.100 && cat /etc/passwd…

Damn! They’ve thought of everything! We’ll have to see about it in the next part :).