dlink-decrypt icon indicating copy to clipboard operation
dlink-decrypt copied to clipboard

Published 20 hours ago verified publisher icon 0xricksanchez

decrypt not working for dir-1950

Open dm-holm opened this issue 3 years ago • 6 comments

hi, thank you for the de-crypting tool, it made me hopeful that I can straighten my mistake and unbrick my router, however it fails, maybe they've changed the key.

python3 ./dlink-dec.py -i ./DIR-1950A1_FW1.00B17.bin -o ./decrypt2.bin [] Calculating key... [+] OK! [] Checking magic bytes... [!] Failed! [!] Failed!

not allowed to upload the file, ping me if you want to look into this

dm-holm avatar Oct 30 '21 02:10 dm-holm

Based on a quick look on the recent firmware version 1.07 from their website its a different encryption scheme alltogether so my script won't work. As I don't own this device statically reversing this scheme solely based on the encrypted firmware download will be difficult.

0xricksanchez avatar Oct 31 '21 09:10 0xricksanchez

@0xricksanchez This doesn't work with my X1860. If I hook it up with a Serial, is there anything I can extract that could be helpful to decode the new encryption?

Vortelf avatar Nov 12 '21 19:11 Vortelf

@Vortelf Based on this firmware below, I can already see it's a different encryption scheme on this device as well. If you're able to hook up a serial connection and get access to a shell on the device, finding out how firmware updates are handled should be pretty straightforward forward

❯ binwalk DIRX1860A1_FW103B07.bin

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
6858708       0x68A7D4        PGP RSA encrypted session key - keyid: AB9F11F0 FBD6A71E RSA (Encrypt or Sign) 1024b

❯ binwalk -E DIRX1860A1_FW103B07.bin

WARNING: Failed to import matplotlib module, visual entropy graphing will be disabled

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
0             0x0             Rising entropy edge (0.997019)

I assume there will be some kind of config/script file somewhere. Grepping around the file system for known options like "FWUpd" or "Decrypt" and similar would help a lot... Based on what binwalk spits out already, it could be a call to gpg doing the work here.

0xricksanchez avatar Nov 12 '21 20:11 0xricksanchez

DIRX1860A1_FW103B07.bin So the same with me. binwalk nothing, uart shell can not work with login promotion.

zhjygit avatar Nov 20 '22 05:11 zhjygit

This could be helpful: https://openwrt.org/inbox/toh/d-link/dap-x1860#factory_image_encryptiondecryption

Djfe avatar Jun 28 '23 21:06 Djfe

https://openwrt.org/inbox/toh/d-link/dap-x1860#factory_image_encryptiondecryption

ok, I will have a try.

zhjygit avatar Jun 29 '23 02:06 zhjygit