Wednesday, October 19, 2016

ZKSoftware ZEM500 Authentication Bypass - Update

A Brief Update To The Original Post on ZKSoftware ZEM500 Authentication Bypass

First things first, I am now on a sabbatical, pursuing alternate avenues for pleasure, not profit... I am semi-retired from security on my own terms... ;)

Username & Password for the device was "root:solokey" in 2013...

I believe that in addition to getting root, you could play with firmware, packets and the device's OS (busybox) if you are inclined to explore every filetype including elf, bat and sh files for getting a better understanding. You could ALSO use tftp / ftp, ssh or telnet to upload and download files (for reverse engineering the elf files). Firmware for the device comes in gzip or tgz (tarred-gzip) format.

I am NOT very sure or updated on the vulnerability as such. It may have been reported and fixed by now (I saw THIS in 2013) - I could be wrong, too... Since some vendors don't fix the vulnerabilities quickly.

Good luck playing with the device!

Cheers,
Kish