Last active
October 10, 2021 07:39
-
-
Save djeraseit/f780760225a04602370acaa04028ad29 to your computer and use it in GitHub Desktop.
OpenWRT Integrity Checker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/bin/sh | |
| # Check integrity of all files | |
| SCRIPTNAME=$(basename $0) # name of this script | |
| PCKGLIST=/etc/config/opkg.installed # location to save package list | |
| KERNEL_VER=$(uname -r) | |
| # Define base firmware model | |
| MODEL=glinet_gl-mt300n-v2 | |
| SOC=mipsel_24kc | |
| #https://downloads.openwrt.org/releases/21.02.0/packages/$(SOC)/telephony/Packages.sig | |
| # Take a snapshot first | |
| # Make a list of executable files using find and run through sha256sum | |
| # Check for required software (i.e. sha256sum, wget, curl, etc) | |
| type sha256sum | |
| #type curl | |
| type gpg | |
| type wget # built in no need to install curl (takes up too much space) | |
| # Define kernel and sysupgrade binaries | |
| KERNEL=$(MODEL)-initramfs-kernel.bin | |
| SYSUPGRADE=$(MODEL)-squashfs-sysupgrade.bin | |
| # Check for internet connection | |
| ping -q -c 1 google.com | |
| if [ "$?" -eq 0 ]; then | |
| echo 1 > /sys/class/leds/green\:power/brightness #turn on LED | |
| echo 1 > /sys/class/leds/red:wlan/brightness | |
| else | |
| echo 0 > /sys/class/leds/green\:power/brightness #turn off LED | |
| echo 0 > /sys/class/leds/red:wlan/brightness | |
| fi | |
| # Update package lists | |
| opkg update | |
| CORE=/var/opkg-lists/openwrt_core | |
| BASE=/var/opkg-lists/openwrt_base | |
| LUCI=/var/opkg-lists/openwrt_luci | |
| PACKAGES=/var/opkg-lists/openwrt_packages | |
| ROUTING=/var/opkg-lists/openwrt_routing | |
| TELEPHONY=/var/opkg-lists/openwrt_telephony | |
| # Load values into environment variables | |
| while read line; do | |
| export "$line" | |
| done < /etc/os-release | |
| #echo $VERSION_ID | |
| # Get version info | |
| cat /proc/version | |
| # Get list of installed packages | |
| opkg list-installed > "$PCKGLIST" | |
| # Find all files | |
| for i in `find /sbin -type f`; do [ -x $i ] && echo "$i is executable"; done | |
| for i in `find /bin -type f`; do [ -x $i ] && echo "$i is executable"; done | |
| for i in `find /usr/bin -type f`; do [ -x $i ] && echo "$i is executable"; done | |
| for i in `find /usr/sbin -type f`; do [ -x $i ] && echo "$i is executable"; done | |
| # build our download url | |
| #https://downloads.openwrt.org/snapshots/targets/ramips/mt76x8/ | |
| BASE_URL=https://downloads.openwrt.org/snapshots/targets/$(OPENWRT_BOARD) | |
| # Files sha256sums, sha256sums.sig, sha256sums.asc | |
| curl $(BASE_URL)/sha256sums -s -f -O /tmp | |
| curl $(BASE_URL)/sha256sums.asc -s -f -O /tmp | |
| curl $(BASE_URL)/sha256sums.sig -s -f -O /tmp | |
| curl $(BASE_URL)/$(SYSUPGRADE) -s -f -O /tmp | |
| # check the integrity of the image file via sha256sums | |
| sha256sum -c /tmp/sha256sums 2> /dev/null | grep OK | |
| # the desired result is that the downloaded firmware filename is listed with "OK" afterwards | |
| gpg --verify /tmp/sha256sums.sig /tmp/sha256sums | |
| #################################################### | |
| # Initiate sysupgrade with your desired options | |
| # by default ( no -n ) settings are kept | |
| #################################################### | |
| sysupgrade -v /tmp/$(SYSUPGRADE) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
USB tethering / TTL modification
opkg install iptables-mod-physdev
opkg install iptables-mod-ipopt
Modify /etc/sysctl.d/11-br-netfilter.conf
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
Firewall rule /etc/firewall.user
Bridged
iptables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -j TTL --ttl-set 65
or
Standard Routed
iptables -t mangle -I POSTROUTING -o usb0 -j TTL --ttl-set 65