Mirror/rayhunter
1
0
Fork 0
mirror of https://github.com/EFForg/rayhunter.git synced 2026-04-26 07:29:59 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
d03debe67c53083ab9c0fd4e0953eba40a98e048
rayhunter/doc/wingtech-ct2mhs01.md
Markus Unterwaditzer 3889c89b5a Fix autolinks
2025-06-29 00:51:01 +02:00

2.4 KiB
Raw Blame History

Wingtech CT2MHS01

Supported in Rayhunter since version 0.4.0.

The Wingtech CT2MHS01 hotspot is a Qualcomm mdm9650-based device with a screen available for US$15-35. This device is often used as a base platform for white labeled versions like the T-Mobile TMOHS1. AT&T branded versions of the hotspot seem to be the most abundant.

Hardware

Wingtechs are abundant on ebay and can also be found on Amazon:

Rayhunter has been tested on

WT_INNER_VERSION=SW_Q89323AA1_V057_M10_CRICKET_USR_MP
WT_PRODUCTION_VERSION=CT2MHS01_0.04.55
WT_HARDWARE_VERSION=89323_1_20

Please consider sharing the contents of your device's /etc/wt_version file here.

Supported bands

There are likely variants of the device for all three ITU regions.

According to FCC ID 2APXW-CT2MHS01 Test Report No. I20N02441-RF-LTE, the ITU Region 2 American version of the device supports the following LTE bands:

Band Frequency
2 1900 MHz (PCS)
5 850 MHz (CLR)
12 700 MHz (LSMH)
14 700 MHz (USMH)
30 2300 MHz (WCS)
66 1700 MHz (E-AWS)

Note that Band 5 (850 MHz, CLR) is suitable for roaming in ITU regions 2 and 3.

Installing

Connect to the Wingtech's network over wifi or usb tethering, then run the installer:

./installer wingtech --admin-password 12345678  # replace with your own password

Obtaining a shell

Even when rayhunter is running, for security reasons the Wingtech will not have telnet or adb enabled during normal operation.

Use either command below to enable telnet or adb access:

./installer util wingtech-start-telnet --admin-password 12345678
telnet 192.168.1.1

./installer util wingtech-start-adb --admin-password 12345678
adb shell

Developing

The device has a framebuffer-driven screen at /dev/fb0 that behaves similarly to the Orbic RC400L, although the userspace program displaygui refreshes the screen significantly more often than on the Orbic. This causes the green line on the screen to subtly flicker and only be displayed during some frames. Subsequent work to fully control the display without removing the OEM interface is desired.

Reference in New Issue View Git Blame Copy Permalink