WinkelCode/tplinkcfgutil.sh

## tplinkcfgutil.sh
#!/usr/bin/env bash
set -e

file=$2
if [ ! -f "$file" ]; then
	echo "File '$file' not found"
	exit 1
fi

secret="2EB38F7EC41D4B8E1422805BCD5F740BC3B95BE163E39D67579EB344427F7836"
init_vector="360028C9064242F81074F4C127D299F6"
openssl_cmd="openssl aes-256-cbc -K $secret -iv $init_vector"
model_checksum="e5572c6206c59ea734a63be72179cd2c" # RE700X

# Basic Explanation:
# config.bin is encrypted and zlib compressed
# within that, the first 16 bytes are a checksum of the device model
# the rest is again encrypted and zlib compressed
# finally, within that is the actual config.xml file
#
# Thanks to: https://www.lisenet.com/2023/gaining-ssh-access-to-tp-link-re200-wi-fi-range-extender/ for figuring it all out.
# Secret and init_vector seem to be the same for various TP-Link devices.
#
# !!! To properly re-encode the config.xml, set the model_checksum variable based on your device !!! - Grab it easily using the 'n' option of this script.
#
# !!! !!! Before making any changes, do a de-/encode without changing the config.xml, the files should be byte-identical !!! !!!
#
# Note: This script was written for use with Alpine Linux, 'zlib-flate' comes from the 'qpdf' package.

encode() {
	echo "Encoding $file to ${file}_mod.bin"
	model_checksum_binary=$(echo -n $model_checksum | xxd -r -p)
	(echo -n $model_checksum_binary; zlib-flate -compress <"$file" | $openssl_cmd) | zlib-flate -compress | $openssl_cmd >"${file}_mod.bin"
}

decode() {
	echo "Decoding $file to $file.xml"
	$openssl_cmd -d -in $file | zlib-flate -uncompress | tail -c +17 | $openssl_cmd -d | zlib-flate -uncompress >"$file.xml"
}

get_device_model_checksum() {
	echo "Getting device name from $file (use for model_checksum variable in script)"
	echo -n "Device model checksum: "
	$openssl_cmd -d -in $file | zlib-flate -uncompress | head -c 16 | xxd -p
}

if [ "$1" == "e" ]; then
	encode
elif [ "$1" == "d" ]; then
	decode
elif [ "$1" == "n" ]; then
	get_device_model_checksum
else
	echo "Usage: $0 [e|d|n] <config.bin|config.xml>"
	echo "e: encode config.xml to config.bin"
	echo "d: decode config.bin to config.xml"
	echo "n: get device model checksum from config.bin (use for model_checksum variable in script)"
	exit 1
fi

echo "Done."
exit 0
	#!/usr/bin/env bash
	set -e

	file=$2
	if [ ! -f "$file" ]; then
	echo "File '$file' not found"
	exit 1
	fi

	secret="2EB38F7EC41D4B8E1422805BCD5F740BC3B95BE163E39D67579EB344427F7836"
	init_vector="360028C9064242F81074F4C127D299F6"
	openssl_cmd="openssl aes-256-cbc -K $secret -iv $init_vector"
	model_checksum="e5572c6206c59ea734a63be72179cd2c" # RE700X

	# Basic Explanation:
	# config.bin is encrypted and zlib compressed
	# within that, the first 16 bytes are a checksum of the device model
	# the rest is again encrypted and zlib compressed
	# finally, within that is the actual config.xml file
	#
	# Thanks to: https://www.lisenet.com/2023/gaining-ssh-access-to-tp-link-re200-wi-fi-range-extender/ for figuring it all out.
	# Secret and init_vector seem to be the same for various TP-Link devices.
	#
	# !!! To properly re-encode the config.xml, set the model_checksum variable based on your device !!! - Grab it easily using the 'n' option of this script.
	#
	# !!! !!! Before making any changes, do a de-/encode without changing the config.xml, the files should be byte-identical !!! !!!
	#
	# Note: This script was written for use with Alpine Linux, 'zlib-flate' comes from the 'qpdf' package.

	encode() {
	echo "Encoding $file to ${file}_mod.bin"
	model_checksum_binary=$(echo -n $model_checksum \| xxd -r -p)
	(echo -n $model_checksum_binary; zlib-flate -compress <"$file" \| $openssl_cmd) \| zlib-flate -compress \| $openssl_cmd >"${file}_mod.bin"
	}

	decode() {
	echo "Decoding $file to $file.xml"
	$openssl_cmd -d -in $file \| zlib-flate -uncompress \| tail -c +17 \| $openssl_cmd -d \| zlib-flate -uncompress >"$file.xml"
	}

	get_device_model_checksum() {
	echo "Getting device name from $file (use for model_checksum variable in script)"
	echo -n "Device model checksum: "
	$openssl_cmd -d -in $file \| zlib-flate -uncompress \| head -c 16 \| xxd -p
	}

	if [ "$1" == "e" ]; then
	encode
	elif [ "$1" == "d" ]; then
	decode
	elif [ "$1" == "n" ]; then
	get_device_model_checksum
	else
	echo "Usage: $0 [e\|d\|n] <config.bin\|config.xml>"
	echo "e: encode config.xml to config.bin"
	echo "d: decode config.bin to config.xml"
	echo "n: get device model checksum from config.bin (use for model_checksum variable in script)"
	exit 1
	fi

	echo "Done."
	exit 0