The target hardware in this publication is commonly distributed by Japanese ISP So-Net under the Nuro name. Precautions should be taken if you wish to reproduce the depicted results. All presented information is only my personal observation. I do not bear responsibility for any potential damages that may occur due to information written in this article. Is there any other way to decrypt the //////config/currentcfg or the //////etc/defaultcfg.xml Like.This is an ongoing project aimed at reverse engineering modern Huawei ONT implementations to evaluate their security. All I found in my.so file was the following, have tried numerous ways of shuffling them around in your script, messing with it ect, but still no luck here, unless I’m missing something (which is most likely). I think the HG630 is locked out and this exploit doesn’t really cover it. Found libcfmapi.so, and couldnt really find anything useful, but for those who can’t find the.so file its here //////lib/libcfmapi.so decompile this file to C+ so you can read it easily. –>so i asked my ISP for recent Sources no answer ’til now ? Thanks in advance, Marcus Like. Of the configuration file to modify and read or change this file in hte HG532e Huawei. I Looking for latest firmware of HUAWEI HG532e modem.
Mips-Funktions yield to errors, ARM-Funktions to Segfaults.) Then i tried to use the Libs I extracted from the Firmware-Package, but they seem to be coruppted (don’t know if it’s BINWALKs fault or a problem with Little-/Big-Endianness).Įndless Story Reira Starring Yuna Ito Rar on this page.
It would be awesome if you could help! I created an archive with Firmware and a clean Config: BTW: I also tried to decrypt with the Router-API (from the Source-Package) but it seems that my Sources are to old – or i tried the wrong Functions ? (my Router is half-mips – half-arm, so I have some Functions twice. But I think ‘ATP_CFM_ExtExportEncryptedCfgFile’ and ‘ATP_CFM_ExtImportEncryptedCfgFile’ could be the right ones. The function ‘the RkyAdtp’ however is not existent. IT WIND E5251sCUST-B00C51 Firmware Configuration File. Need Huawei HG532 Firmware? M94Khaled Aug 1, 2016, 5:30 PM Hello Guys, I need a good firmware for a Huawei HG532 Router that accepts and supports telnet commands. But until now, I couldn’t find anything (tried objdump and radare2 – there are no ‘Sections’ like.data or.rodata) and I’m quite new to this Reverse-Engineering-Stuff ? Do you know of any ‘Markers’ I could search for?
So now I have a startingpoint ? ‘libcfmapi.so’ exists – so i’ll give it a try. (normally the keys should be in the sources – but were?) Any Idea would be great – thanks in advance.
But until now i couldn’t find any keys or encryption-patterns.
After digging in my unppacked Firmware and the released Sources it seems to use AES-Encryption (encrypted in flash with 32Bytes, encrypted export with 32Bytes, encrypted Parameter with 16Bytes). I’m ‘forced’ to use a Huawei-‘based’ Router (in it’s Firmware it is called VE886 – b880-based). Is there any chance to get a hint were to get those keys? I attach two examples below: >PASS EXAMPLE: Encrypted: “zVW2qyh3XwXBqlMhVlzG5w=” Decrypted: “vodafone” Should read: “vodafone” >FAIL EXAMPLE: Encrypted: “TkT1xDhMpzlvnBVtrnE9nG0Q8r6uPcCC8UZIUEqPA7YBOODgjMPMdz1ZGQ6GN5qsFJR66ZLH9BycjaACYrjAG1FwMh+kgscas52NVp8hefw=” Decrypted: “ac96085e35b9d3e3e8bed88cb3434828b43b86fc0596cad4c6e270” Should read: “admin1234” Am I doing something wrong here?ĭo I need to use a different key for certain passwords? Subtitle Indonesia Film The Heirs Episode 20.
Please ignore my comment above about Windows I was being lazy! I booted up a Linux VM and I can decrypt the passwords However, while some of the passwords decrypt to their text equivalent as expected, others decrypt to a long string of characters.