![]() However, we recently came across a router in the DIR-X range, the firmware for which has a slightly different header: 00000000 65 6e 63 72 70 74 65 64 5f 69 6d 67 02 0a 00 14 |encrpted_img.| They extracted the encryption key and IV from the imgdecrypt binary, which they gain access to by a UART shell on a model in a similar series. A researcher named 0xricksanchez published a very nice writeup documenting finding the key for SHRS firmware images (including the DIR-3060, which we recently published an advisory for). This firmware format and encryption scheme has already been publicly documented. Many D-Link routers in the DIR range use a firmware update file format with the SHRS header: 00000000 53 48 52 53 01 13 91 5D 01 13 91 60 67 C6 69 73 SHRS‘]‘`gÆis ![]() D-Link Router Firmware Encryptionĭ-Link tends to encrypt the firmware images for its routers, with a custom firmware update file format. ![]() This device is part of the same router generation as D-Link DIR-X5460, which was featured in a recent Wi-Fi router security check conducted jointly by Chip – a popular German technology magazine – and IoT Inspector. While there are some resources out there on generic approaches to decrypting firmware images, today we’ll do a short walkthrough on how we extracted an encryption key for a subset of D-Link routers – in particular the D-Link DIR-X1560. One of the most common hurdles we come up against when analyzing firmware images is encryption.
0 Comments
Leave a Reply. |