Carrier Unlock for the Arcadyan AW1000 (Telstra 5G Home Modem)

Large companies often have grandiose public initiatives like a commitment towards sustainability. Telstra is no different here in that regard. From Telstra's Bigger Picture Sustainability Report 2022. This report shows how fundamental the principles of sustainability are to Telstra and the way we operate. ... Our commitment and contribution takes many…

Hacking the Nokia Fastmile: Part 3

Since my last blog post, a few interesting things happened. The owner of a reverse logistics company who goes by @cookie reached out to me with an interesting problem. He owned close to 10,000 of these Fastmiles, and needed to update them to later firmware versions prior to sale…

Hacking the Nokia Fastmile: Part 2

Having had some time to off to mull over what to do next and attend to some other priorities I decided it was time to get back to looking at this.   But first, I had to address the issue of having to take my internet down every time I wanted…

Hacking the Nokia Fastmile: Part 1

UPDATE: https://eddiez.me/hacking-the-nokia-fastmile-pt2/ As a part of my 5G home internet offering, Optus bundles a 5G gateway called the Nokia Fastmile. The same device seems to be shipped by T-Mobile for their 5G offering and is passionately known as the 'trashcan' in r/tmobileisp. Nokia Fastmile Stock PhotoNaturally,…

Serving Web Services Behind CGNAT with Cloudflare Tunnel

With all the issues I was having with my old ISP, I decided to make the leap and move onto Optus 5G Home Internet. My experience so far has been pretty stellar and I'm currently paying the same amount as I was with my previous provider for quicker speeds. The…

Path Traversal in slowscript.httpfileserver

The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a Path Traversal vulnerability which permits arbitrary directory listing, file read, and file write. Versions below 1.4.1 are also probably impacted but I have not validated this. The application permits users to configure…

Analysing an Invasive App Used by ISPs

UPDATE: I contacted my ISP about this app. They noted that during the install process there's a 'BEGIN' button with text under it that says 'By tapping "begin" you accept our EULA. I don't think it sufficiently covers what they are doing still. The app's name is RouteThis. Beyond this,…

A Tour of My Homelab

Homelab [hom-læb](n): a laboratory of (usually slightly outdated) awesome in the domicile. - r/homelab Homelabbing is how I learn things I don't otherwise get to learn at work. In this post I share some of the hardware I settled on to build my lab. It all started with…