From cf254b66ffda1e36e5ea638ab3c7ee3faf2640ad Mon Sep 17 00:00:00 2001 From: Markus Unterwaditzer Date: Wed, 13 Aug 2025 23:49:43 +0200 Subject: [PATCH] Address review comments and update wingtech docs --- doc/moxee.md | 26 +++++++++++++++++++++++--- doc/wingtech-ct2mhs01.md | 2 +- installer/src/orbic_network.rs | 14 +++++++++++--- 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/doc/moxee.md b/doc/moxee.md index fb09c88..798d9c0 100644 --- a/doc/moxee.md +++ b/doc/moxee.md @@ -1,9 +1,29 @@ -# Moxee Hotspot +# KonnectONE Moxee Hotspot (K779HSDL) Supported in Rayhunter since version 0.6.0. -The [Moxee Hotspot](https://www.moxee.com/hotspot) is a device very similar to -the Orbic RC400L. It seems to be primarily for the US market. +The Moxee Hotspot is a device very similar to the Orbic RC400L. It seems to be +primarily for the US market. + +- [KonnectONE product page](https://www.konnectone.com/specs-hotspot) +- [Moxee product page](https://www.moxee.com/hotspot) + +## Supported bands + +According to [FCC ID 2APQU-K779HSDL](https://fcc.report/FCC-ID/2APQU-K779HSDL), the device supports the following LTE bands: + +| Band | Frequency | +|------|-------------------------| +| 2 | 1900 MHz (PCS) | +| 4 | 1700/2100 MHz (AWS-1) | +| 5 | 850 MHz (CLR) | +| 12 | 700 MHz (Lower SMH) | +| 13 | 700 MHz (Upper SMH) | +| 25 | 1900 MHz (Extended PCS) | +| 26 | 850 MHz (Extended) | +| 41 | 2500 MHz (TDD) | +| 66 | 1700/2100 MHz (E-AWS) | +| 71 | 600 MHz | ## Installation diff --git a/doc/wingtech-ct2mhs01.md b/doc/wingtech-ct2mhs01.md index 94be0c1..6828f7d 100644 --- a/doc/wingtech-ct2mhs01.md +++ b/doc/wingtech-ct2mhs01.md @@ -8,7 +8,7 @@ The Wingtech CT2MHS01 hotspot is a Qualcomm mdm9650-based device with a screen a There are likely variants of the device for all three ITU regions. -According to FCC ID 2APXW-CT2MHS01 Test Report No. [I20N02441-RF-LTE](https://apps.fcc.gov/eas/GetApplicationAttachment.html?id=4957451), the ITU Region 2 American version of the device supports the following LTE bands: +According to FCC ID 2APXW-CT2MHS01 Test Report No. [I20N02441-RF-LTE](https://fcc.report/FCC-ID/2APXW-CT2MHS01/4957451), the ITU Region 2 American version of the device supports the following LTE bands: | Band | Frequency | | ---- | ---------------- | diff --git a/installer/src/orbic_network.rs b/installer/src/orbic_network.rs index c7335ec..4c96766 100644 --- a/installer/src/orbic_network.rs +++ b/installer/src/orbic_network.rs @@ -30,7 +30,7 @@ struct ExploitResponse { pub async fn start_telnet(admin_ip: &str) -> Result<()> { println!("Waiting for login and trying exploit... "); login_and_exploit(admin_ip).await?; - println!("... done"); + println!("done"); Ok(()) } @@ -111,7 +111,7 @@ async fn login_and_exploit(admin_ip: &str) -> Result<()> { let mut last_error = None; while let Some(cookie_header) = rx.recv().await { - match try_exploit(&exploit_client, admin_ip, &cookie_header).await { + match start_reverse_shell(&exploit_client, admin_ip, &cookie_header).await { Ok(_) => { handle.abort(); return Ok(()); @@ -124,7 +124,7 @@ async fn login_and_exploit(admin_ip: &str) -> Result<()> { bail!("Failed to receive session cookie, last error: {last_error:?}") } -async fn try_exploit(client: &Client, admin_ip: &str, cookie_header: &str) -> Result<()> { +async fn start_reverse_shell(client: &Client, admin_ip: &str, cookie_header: &str) -> Result<()> { let response: ExploitResponse = client .post(format!("http://{}/action/SetRemoteAccessCfg", admin_ip)) .header("Content-Type", "application/json") @@ -146,11 +146,19 @@ async fn try_exploit(client: &Client, admin_ip: &str, cookie_header: &str) -> Re async fn wait_for_telnet(admin_ip: &str) -> Result<()> { let addr = SocketAddr::from_str(&format!("{}:23", admin_ip))?; + let timeout = Duration::from_secs(60); + let start_time = std::time::Instant::now(); while telnet_send_command(addr, "true", "exit code 0", false) .await .is_err() { + if start_time.elapsed() >= timeout { + bail!( + "Timeout waiting for telnet to become available after {:?}", + timeout + ); + } sleep(Duration::from_secs(1)).await; }