| #!/bin/bash | |
| # sudo apt install iw curl jq | |
| ALIVE="$1" | |
| check_public_ip() { | |
| INTERFACE="$1" | |
| PUBLIC_IP=$(curl -s https://httpbin.org/ip | jq -r .origin) | |
| if ! [[ -z $PUBLIC_IP ]]; then | |
| echo "[+] Found Public IP $PUBLIC_IP for $INTERFACE" | |
| fi |
| // | |
| // Run this javascript file like so | |
| // | |
| // node generate-nested-json.js "a" 1024 64 | |
| // Where: | |
| // | |
| // "a" is the nested property to create | |
| // 1024 is the initial max recursion | |
| // 64 is the amount of times to multiple the initial max recursion. | |
| // |
| linux-firmware-20231111/rtl_bt/rtl8851bu_fw.bin full(0xc260) None chunk(0x400;2) MIPS16 | |
| linux-firmware-20231111/rtl_bt/rtl8822cs_fw.bin full(0xf474) None chunk(0x200;2) MIPS16 | |
| linux-firmware-20231111/rtl_bt/rtl8852cu_fw_v2.bin full(0x1b939) None chunk(0x300;3) MIPS16 | |
| linux-firmware-20231111/rtl_bt/rtl8761bu_fw.bin full(0xadc4) None chunk(0x200;2) MIPS16 | |
| linux-firmware-20231111/rtl_bt/rtl8822cs_config.bin full(0x21) None chunk(0x0;0) None | |
| linux-firmware-20231111/rtl_bt/rtl8761b_config.bin full(0x19) None chunk(0x0;0) None | |
| linux-firmware-20231111/rtl_bt/rtl8723d_fw.bin |
| $ python3 ~/cpu_rec/cpu_rec.py *.clx | |
| AQC100-Felicity-3.1.121_bdp_aqsign.clx full(0x200000) None chunk(0x30800;97) Xtensa | |
| AQC107-Nikki-3.1.121_bdp_aqsign.clx full(0x200000) None chunk(0x30800;97) Xtensa | |
| AQC111-Bermuda-B0-3.1.121_bdp_aqsign.clx full(0x200000) None chunk(0x31000;98) Xtensa | |
| $ binwalk *.clx | |
| Scan Time: 2021-07-08 17:01:00 | |
| Target File: /home/nick/aqn/AQC100-Felicity-3.1.121_bdp_aqsign.clx | |
| MD5 Checksum: 3dd8e40cd3e4aa183b13939190b86b05 | |
| Signatures: 404 |
| /* ### | |
| * IP: GHIDRA | |
| * | |
| * Licensed under the Apache License, Version 2.0 (the "License"); | |
| * you may not use this file except in compliance with the License. | |
| * You may obtain a copy of the License at | |
| * | |
| * http://www.apache.org/licenses/LICENSE-2.0 | |
| * | |
| * Unless required by applicable law or agreed to in writing, software |
| #!/usr/bin/env python3 | |
| # | |
| # find-compressed-data.py | |
| # | |
| # A small script to bruteforce embedded compressed data that might not have a header | |
| # Useful for raw binary firmware images that do not contain a standard | |
| # binary header (ELF, PE, MACH-O). | |
| # | |
| # I included a limt on size at 16KB because this has a tendency to create |
The DIR-3040 models of DLINK routers feature encrypted firmware images in the most recent versions of the firmware. https://support.dlink.com/ProductInfo.aspx?m=DIR-3040-US details the firmware images available for this product.
1.11B02 - ftp://ftp2.dlink.com/PRODUCTS/DIR-3040/REVA/DIR-3040_REVA_FIRMWARE_v1.11B02.zip1.02B03 - ftp://ftp2.dlink.com/PRODUCTS/DIR-3040/REVA/DIR-3040_REVA_FIRMWARE_v1.02B03.zipUnzipping the first reveals two files:
DIR-3040_REVA_RELEASE_NOTES_v1.11B02.pdf
I recently pulled a Linksys EA4500 out of storage for evaluation. The first thing I wanted to do was to update the firmware for the device.
https://www.linksys.com/us/support-article?articleNum=148385 offers the latest version of the firmware, which is 3.1.7 as of this writing.
However, we can see with the filename that its probably encrypted: FW_EA4500V3_3.1.7.181919_prod.gpg.img
When I run binwalk I don't get any meaningful results, confirming my suspcicions:
In this tutorial we will detail how to connect two linux hosts via 56k modems. To do this we will use the following components:
linksys SPA-2102 on ebay | $18-$25 )
In this short tutorial we will go over how to reproduce the crash from CVE-2020-8597. This is a stack-based buffer overflow in the pppd binary.
We will use our own pppd binary compiled from source, using the latest version: 2.4.8.
To accomplish this goal, we will need two Virtual Machines connected by a virtual serial port. I typically use VirtualBox since it is open source, but the same sort of configuration should work on other hypervisors.
I spun up two VMs: