Título: ¿Sabeis que significa esto?
Publicado por: Hason en 19 Mayo 2016, 23:54 pm
Hola, no se donde poner el post, lo pongo aquí.
He desensamblado con IDA el firmware de mi router.
Si no me equivoco la parte que cambia el firmware con el del fabricante, lo más llamativo es esto:
ip nogateway 1
w dmt2 db tlb 32
ether driver etherppp on
w dmt2 set largeD 2
s cwmp setnovaluetype 1
ether portreverse on
sys cwmp recvtimeout 30
ip nat loopback on
wan dmt2 set pmonoff off
wan dmt eoc dyingasp off
sys dhcpprob no
w dmt2 set lpr off
rt mac2 ssid TP-LINK_
wan fakemac pvc run
wan ghs set multi_number 3 3
ip rip activate
ip rip merge on
ip icmp discovery enif0 off
ppp ipcp compress off
sys wdog sw on
sys quick enable
wan adsl rate off
Esto, en el firmware del fabricante no está, cambia mucho.
Por ejemplo en el firmware del fabricante aparece:
ATHE print help ATBA x change baudrate. 1:38.4k, 2:19.2k, 3:9.6k 4:57.6k 5:115.2k ATEN x,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator ATTI (h,m,s) change system time to hour:min:sec or show current time ATDA (y,m,d) change system date to year/month/day or show current date ATDS dump RAS stack ATDT dump Boot Module Common Area ATDU x,y dump memory contents from address x for length y ATWB x,y write address x with 8-bit value y ATWW x,y write address x with 16-bit value y ATWL x,y write address x with 32-bit value y ATRB x display the 8-bit value of address x ATRW x display the 16-bit value of address x ATRL x display the 32-bit value of address x ATGO (x) run program at addr x or boot router ATGR boot router ATGT run Hardware Test Program AT%T x Enable Hardware Test Program at boot up ATBT x block0 write enable (1=enable, other=disable) ATRT w,x,y(,z) RAM test level w, from address x to y (z iterations) ATWE a(,b,c,d) write MAC addr, Country code, EngDbgFlag, FeatureBit to flash ROM ATCU x write Country code to flash ROM ATCB copy from FLASH ROM to working buffer ATCL clear working buffer ATSB save working buffer to FLASH ROM ATBU dump manufacturer related data in working buffer ATSH dump manufacturer related data in ROM ATWM x set low 6 digits MAC address in working buffer ATMH x set hight 6 digits MAC address in working buffer ATBS show the bootbase seed of password generator ATLB x xmodem upload bootbase,x is password ATSM x set 6 digits MAC address in working buffer ATCO x set country code in working buffer ATFL x set EngDebugFlag in working buffer ATST x set ROMRAS address in working buffer ATSY x set system type in working buffer ATVD x set vendor name in working buffer ATPN x set product name in working buffer ATFE x,y,... set feature bits in working buffer ATMP check & dump memMapTab ATDO x,y download from address x for length y to PC via XMODEM ATTD download router configuration to PC via XMODEM ATUP x,y upload to RAM address x for length y from PC via XMODEM ATUR upload router firmware to flash ROM ATDC hardware version check disable during uploading firmware ATLC upload router configuration file to flash ROM ATUX x(,y) xmodem upload from flash block x to y ATER x,y erase flash rom from block x to y ATWF x,y,z copy data from addr x to flash addr y, length z ATXS x xmodem select: x=0: CRC mode(default); x=1: checksum mode ATLD Upload Configuration File and Default ROM File to Flash ATBR Reset to default Romfile ATCD Convert Running ROM File to Default ROM File into Flash )
, should:
DRAM Test Fail at address . (read: ������
OK
OK
Iteration %d: Filling, Comparing,
DRAM Test Fail at address %p. (read:%x, should:%x)
OK
DRAM Test level %d, from %p to %p, %d iterations.
Iteration %d: Testing: 0K ������%5dK $RAM $ROM checksum error! (cal=%04X, should=%04X)
< Press any key to Continue >
UNKNOWN €�‘8€�‘?€�‘F€�‘L€�‘S€�‘Z€�‘a€�‘h€�‘p€�‘t€�‘|€�‘„ROMIMG ROMRAS ROMIO ROMBIN ROMDIR ROM68K ROMMAP ROMISDN RAM RAMCODE RAMBOOT RAM68K SIG signature error!
(Compressed)
start: %p
unmatched objtype between memMapTab and image!
Length: %X, Checksum: %04X
Version: %s, Compressed Length: %X, Checksum: %04X
memMapTab Checksum Error! (cal=%04X, should=%04X)
memMapTab Checksum Error!
%s
%3d: %s(%s), start=%p, len=%X
%s Section:
memMapTab: %d entries, start = %p, checksum = %04X
$USER Section:
SIG signature error!
ROMIO image start at %p
code length: %X
code version: %s
code start: %p
Decompressed image Error!
Decompressed image Checksum Error! (cal=%04X, should=%04X)
ROM length(%X) > RAM length (%X)!
Can't find %s in $ROM section.
Can't find %s in $RAM section.
RasCode 9600 bps
%d bps
Console speed will be changed to DbgArea Decompressed image Error!
Decompressed image Checksum Error! (cal=%04X, should=%04X)
Decompress error = %d
Stream version is not supported!!
Too long file!!
Properties error!!
Esto y mucho más es lo que aparece en el firmware del fabricante, pero en el firmware modificado de mi router, no aparece, está recortado y casi no sale nada de lo que hay en el firmware del fabricante.
Nada, como la parte que he puesto al principio, parecen comandos, alomejor sabeis que hacen esos comandos, o bueno, como curiosidad.
Desde luego la parte que dice wan fakemac pvc run , no me gusta nada.
Y gracias a AlbertoBSD, que en un post a comentado lo del ensamblador y he podido hacer esto.
Un saludo.
Título: Re: ¿Sabeis que significa esto?
Publicado por: engel lex en 20 Mayo 2016, 00:49 am
si quieres saber de que va te toca aprender programacion o contratar a alguien... en el foro tampoco vamos a hacer de servicio tecnico altamente especializado de gratis para paranoias...
-.- cosas con nombre como "fake" son normales, mas que todo son mascaras para rellenar memoria temporalmente
cierro el tema
|