viewsnanax.blogg.se - march 2022

Installing scapy on openwrt serial#

Scrambling the opcodes and adding a couple duplicate opcodes (Probably the most annoying of all, but not hard to bypass since you can run the Lua binary you have extracted from the firmware image in QEMU and do comparisons to figure out the opcodes.)Īnd then I notice this security advisory on the forum one day, with the accompanied text….

Changing the internal type numbers (They just added 3 to all of them).

Obfuscating the strings with a xor loop (Everyone loves these).

Mixing up the order of some of the fields in the header.

Changing the Lua magic to ‘Fate/Z\1B’ (Perhaps they were watching Fate/Zero while coding this obfuscation.).Nope! They’ve compiled it all to Lua bytecode and attempted to complicate analysis by doing a number of things: Okay, so we extract the firmware image and look for some new ones yes? No obvious command injection vulnerabilities in the interface jumped out at me from old dumps of the lua running behind the scenes, and the existing ones (such as these two) appeared to have been fixed.

Installing scapy on openwrt serial#

(There is an almost identical in specifications unit being sold by the same manufacturer here, which through some sort of horrible coincidence has the exact same memory layout and ROP gadget addresses)Īt a glance, while the CPU and 802.11ac radio seem very good for the price (~60 AUD delivered for a MT7621 and a 4×4 802.11ac radio), the manufacturer has locked down the bootloader, disabled serial rx and no longer allows you to flash unsigned firmware images. I picked one of these, as the specifications seemed quite decent in comparison to the price that was being asked. Some are cleaning, some are baking, and some of us order cheap routers off of AliExpress to flash and replace their old hardware with. So it’s late February 2020 and we’re all starting to realise that we’re going to be sitting at home for a while.