本帖最后由 尊称 于 2015-5-13 03:10 编辑
http://www.dd-wrt.com/phpBB2/vie ... uffalo&start=15
Well here they are:
1. Download the openwrt source files and look for buffalo-enc.c, buffalo-lib.c, and buffalo-lib.h.
2. Open buffalo-enc.c and add the line to the top:
#include "buffalo-lib.c"
3. Use whatever C/C++ compiler you want, but I used gcc:
gcc -o buffalo-enc.prog buffalo-enc.c
4. Now you have the decryption program, but you'll need to strip off the first "start" section of the firmware using a hex editor. I used wxhexedit 0.22 (0.21 has a bug that disallows saving truncated files). You must highlight and delete the first 208 bytes of the firmware file up to the second "start" word in the file.
5. After saving this, run buffalo-enc.prog -d -i wzrhpg450h-pro-v24sp2-20025.enc -o decrypted.bin
6. This will produce feedback text in your terminal indicating the decryption was successful.
7. You may now use the Openwrt (or any firmware flash gui running from your router) and it won't complain of an invalid firmware image.
[root@localhost buffalo-enc]# gcc -o buffalo-enc.prog buffalo-enc.c
[root@localhost buffalo-enc]# ls -l
总用量 72
-rw-------. 1 root root 5619 5月 13 02:53 buffalo-enc.c
-rwxr-xr-x. 1 root root 20254 5月 13 02:54 buffalo-enc.prog
-rw-------. 1 root root 10360 5月 13 02:03 buffalo-lib.c
-rw-------. 1 root root 3355 5月 13 02:04 buffalo-lib.h
-rw-------. 1 root root 7600 5月 13 02:04 buffalo-tag.c
-rw-------. 1 root root 3181 5月 13 02:04 buffalo-tftp.c
[root@localhost down]# dd bs=208 skip=1 if=wzrhpg450h-pro-v24sp2-20025b.enc of=wzrhpg450h-pro-v24sp2-20025b.enc_less218
记录了72192+1 的读入
记录了72192+1 的写出
15015980字节(15 MB)已复制,0.183807 秒,81.7 MB/秒
[root@localhost down]# ./buffalo-enc.prog -d -i wzrhpg450h-pro-v24sp2-20025b.enc_less218 -o wzrhpg450h-pro-v24sp2-20025b-decrypted.bin
Magic : 'start'
Seed : 0xd6
Product : 'WZR-HP-G450H'
Version : '1.86'
Data len : 15015936
Checksum : 0x5d083a35
|