Pepijn Bruienne
Hey #FirmwareHacking fediverse, does anyone know of any other resources related to the #Arcadyan #KVD21 home internet gateway that #TMobile ships? Found some early exploratory work here https://github.com/chainofexecution/Arcadyan-KVD21 but am wondering what else is out there 🤔🛜
GitHub - chainofexecution/Arcadyan-KVD21: Hardware Hacking diary for the T-Mobile 5G Home Internet Gateway (The KVD21 from Arcadyan, not the FastMile from Nokia)

Hardware Hacking diary for the T-Mobile 5G Home Internet Gateway (The KVD21 from Arcadyan, not the FastMile from Nokia) - GitHub - chainofexecution/Arcadyan-KVD21: Hardware Hacking diary for the T-...

GitHub
Nov 13, 2023 at 11:00pmWeb
Show threadPepijn BruienneNov 14, 2023

What, you thought I wasn't going to self-nerdsnipe? So according to TMo's datasheet[1] the gateway contains a #Fibocom #FG360NA 5G module which itself is built on the #Mediatek #T750 SoC, which (yes it's turtles all the way down) contains a number other MT ICs including an #MT6890 quad-core ARM AP. That processor apparently is running a "driver" designated as “Kernel 4.19 #OpenWRT 19.07 (?)” but according to the previous research it boots Android? Weird stuff.

Wish me luck while I decide whether to attempt soldering headers onto the alleged UART connection of the 5G gateway I am supposed to return unharmed to its rightful owner, eventually 🧯

[1] https://www.t-mobile.com/content/dam/tfb/pdf/tfb-iot/FIBOCOM%20FG360-NA-03%20Datasheet_V1.6.pdf

Show threadPepijn BruienneNov 14, 2023
Also handy, a (redacted but mostly for competitive/pricing reasons) breakdown of the T750 platform: https://medias.yolegroup.com/uploads/2021/09/SPR21634_MediaTek-T750-5G-Sub-6-platform-for-CPE-devices_Sample.pdf The marked up layout of the package is useful.
Show threadPepijn BruienneNov 14, 2023
Moreover, it appears that TMo are using the #Fibocom FG360-NA-03 specifically as seen in aforementioned datasheet. The difference with the FG360-NA-00 and FG360-NA-05 versions is that their datasheet lists "driver" as “Linux 4.1” instead of OpenWRT for the -03 spec. Main difference between all of them seems to be supported wireless bands as they apply to the carrier. The -03 variety for TMo appears to support a bunch more bands (TMo + Sprint) as a result. The #MT6890 AP is a #CortexA55, for completeness sake.
Show threadNoIQNov 14, 2023

@bruienne requiring you to return 'unharmed' seems to be an unreasonable restriction and it is your duty re "due diligence" to pursue any line of inquiry that is justified in the name of 'cybersecurity'.

Just sayin'

Show threadPepijn BruienneNov 14, 2023
@noiq My thoughts exactly. If the outside remains looking mostly unscathed whatever's going on inside is of no equipment return depot employee’s concern. *Plugs in soldering iron*