decode router's config.bin
Posted 03 July 2009 - 11:17 PM
i'm a poor nubie...
i got this problem:
i have a D-Link DI-524 (firmware V2.04) router's config file, the file that contains settings backup.
it's a .BIN file almost surely compressed and encoded
so it's not readable unless you can tell what's the algorithm...
i foudn a couple of working solution (for other routers' config file) that achieved the goal by reverse engineering the firmware:
i can't do this...could anybody help me ?
Posted 10 July 2009 - 01:40 AM
is there anybody with ARM Disassembling skills?
here's the config i need to decode:
and the firmware:
hope on help!
Posted 10 July 2009 - 01:54 AM
Edited by tekio, 10 July 2009 - 01:57 AM.
Posted 12 July 2009 - 02:33 AM
- tekio likes this
Posted 12 July 2009 - 07:39 PM
I've played around a bit with disassembling router firmware though I haven't looked at config files. When it comes to firmware files sometimes you'll get lucky and they will use something simple, like the one I worked on. The firmware file was essentially a gzipped file where all the files where squished together. It wasn't a tarball unfortunately, but it wasn't too difficult to carve it apart. ARM is very well documented and not difficult to disassemble due to it's fixed length instructions. IDA Pro will do ARM binaries and if the file format is supported you can use something like qemu to load up an arm linux distro and disassemble it with objdump and gdb if you don't have access to IDA Pro.
thnaks for taking my post into consideration!
i admit i'm not good at disassembling...i'd need to ask for a little bit more help from you (i really hope you won't deny it)
i'm not 100% sure it's ARM, but i can say it's either ARM or MIPS
The config.bin (i linked) doen't seems gzipped...what encryption do you think it has?
are you able to read it somehow ?
(here's another download, in case reached d/l limit):
Edited by squicky, 12 July 2009 - 07:45 PM.
Posted 12 July 2009 - 10:10 PM
Posted 13 July 2009 - 02:19 AM
anyway, to be 100% sure here's a fresh one:
as far as the compression is concerned:
i thought myself there were too many repeated characters...but since i don't t know well ZLIB or LZMA or other compression algorithms, i wasn't completely ceratin.
i found another tool (for Zyxel, indeed) and doesn't seem to work unless i make some mistakes:
would you be able to find out, by reversing the firmware, what encryption works on the config.bin (how it saves, how it loads it).
The firmware is most likely written in C (older ones in Assembly) and compiled onto a MIPS or ARM processor...
i also found this opensource firmware version here:
BUT i'm not completely certain it is exactly the same as mine (V2.04, dated 28 april 2006) here:
Edited by squicky, 13 July 2009 - 02:23 AM.
BinRev is hosted by the great people at Lunarpages!