How secure is the router

I am sure the answer might be stored somewhere here on this forum but I thought I should ask the question anyway. Just to help people better understand the limits of the hardware.

Imagine I work för big and powerful and evil corp ™ and I have got my hands on a router, that is not mine ( and hence I do not posses the password witch is very long and complex ). I know that there is a file in the flash that is called /root/verysecret that I would like to read. What would be the most convenient way for me to access it?

Mount the flash and grab the file, the default file system isn’t encrypted.
Attach JTAG and boot in single user mode.

Probably other ways. I’ll leave them as exercises for the reader.

How, can you access the flash from “Mode 4”?

Do you mean re-flashing the router? It’s documented in the manual:

Re-flash router

This operation erases all settings and all data stored in the router.

4 LEDs

When the Turris Omnia router operating system is broken beyond repair, please use the following method for restoring the operating system image.

Download the latest version of Turris Omnia image form Save the file omnia-medkit-last.tar.gz to USB flash to the root directory and put the USB flash to the front panel USB connector of the Turris Omnia router. The Turris Omnia router supports following filesystems: ext2/3/4, BtrFS, XFS and FAT. After that use reset button to select mode 4 (4 LEDs).

The Turris Omnia router will write the system image from the USB flash to the internal eMMC storage.

Process of rewriting the internal storage takes considerably longer time than snapshot rollback in the previous cases. However, indiaction of the process progress is the same as in case of rollback to the lastest snapshot (mode 2).

When the process has completed the taks you may remove the USB flash.

It depends on your preferences. Probably the most straightforward way is to open the box and attach a serial cable to the console port. There you have root shell without password, so you can do whatever you want.

If you use Mode 4, you will actually erase all the data so the valuable file would be lost. But you can use Mode 3 AKA Factory reset, which just reverts to factory snapshot but keep all the data in place. You can reinitialize the router with your own password, and once you get to the console, you can mount the snapshot of the filesystem before factory reset. This way is little more lengthy, but you don’t need screwdriver or serial cable.