Fysac / orbicfg

Decrypt/encrypt Netgear Orbi config (.cfg) files
10 stars 4 forks source link

NVRAM checksum insight?? #2

Closed SLKsander closed 1 month ago

SLKsander commented 4 years ago

First, thank for a VERY helpful utility. It has save a great deal of time. THANK YOU.

My objective is to dump orbi config, use your utility to decrypt, sort and add things, then reencrypt and reload. The major stumbling block at the moment is the checksum on the new NVRAM set. Did you work uncover any info on how the checksum is generated by datalib? Any help would be much appreciated.

Fysac commented 4 years ago

Hi,

I'm glad you found some use for this project. Unfortunately, I have not looked into the checksum generation part, but you raise a good point; this tool should support re-encryption of the NVRAM config. I may look into that this weekend (or sooner, if I have time).

SLKsander commented 4 years ago

Thanks,

Scott

From: Fysac notifications@github.com Sent: Tuesday, August 18, 2020 9:00 PM To: Fysac/orbicfg orbicfg@noreply.github.com Cc: SLKsander ksander@purdue.edu; Author author@noreply.github.com Subject: Re: [Fysac/orbicfg] NVRAM checksum insight?? (#2)

Hi, I'm glad you found some use for this project. Unfortunately, I have not looked into the checksum generation part, but you raise a good point; this tool should support re-encryption of the NVRAM config. I may look into that this weekend (or sooner, if I have time). — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Fysac/orbicfg/issues/2#issuecomment-675791600 , or unsubscribe https://github.com/notifications/unsubscribe-auth/APDEED5JPBFUZYRUMYVK7LDSBMPYDANCNFSM4QD3JZOA . https://github.com/notifications/beacon/APDEEDYV7TBVL6CPKOLI6RLSBMPYDA5CNFSM4QD3JZOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFBD4F4A.gif

Fysac commented 4 years ago

An update: I've figured out how checksums are generated and have added code to verify the checksum of a config backup: https://github.com/Fysac/orbicfg/blob/0b6ddd65d93c6dc4e7a333f4c451a7874e612284/main.c#L88

The code to smoothly re-encrypt and create a valid checksum for arbitrary NVRAM entries is going to take me a bit longer, but the core logic will simply be the reverse of the function linked above. For example:

uint32_t create_checksum(unsigned char *data, size_t data_len) {
    uint32_t crc = 0xffffffff;
    for (int i = 0; i < data_len / sizeof(uint32_t); i++) {
        crc -= *((uint32_t *) data);
        data += sizeof(uint32_t);
    }
    return crc;
}

The data parameter refers to the plaintext/unencrypted key-value pairs, each separated by a null byte (\0). Note that in orbicfg's decryption output, null bytes are replaced with newlines for easier reading, so keep that in mind if you decide to implement your own encryption feature before me.

SLKsander commented 4 years ago

Thanks much. I will take a look and let you know.

Thanks,

Scott

From: Fysac notifications@github.com Sent: Thursday, August 27, 2020 8:33 PM To: Fysac/orbicfg orbicfg@noreply.github.com Cc: SLKsander ksander@purdue.edu; Author author@noreply.github.com Subject: Re: [Fysac/orbicfg] NVRAM checksum insight?? (#2)

An update: I've figured out how checksums are generated and have added code to verify the checksum of a config backup: https://github.com/Fysac/orbicfg/blob/0b6ddd65d93c6dc4e7a333f4c451a7874e612284/main.c#L88 The code to smoothly re-encrypt and create a valid checksum for arbitrary NVRAM entries is going to take me a bit longer, but the core logic will simply be the reverse of the function linked above. For example: uint32_t create_checksum(unsigned char data, size_t data_len) { uint32_t crc = 0xffffffff; for (int i = 0; i < data_len / sizeof(uint32_t); i++) { crc -= ((uint32_t *) data); data += sizeof(uint32_t); } return crc; } The data parameter refers to the plaintext/unencrypted key-value pairs, each separated by a null byte (\0). Note that in orbicfg's decryption output, null bytes are replaced with newlines https://github.com/Fysac/orbicfg/blob/0b6ddd65d93c6dc4e7a333f4c451a7874e612284/main.c#L77 for easier reading, so keep that in mind if you decide to implement your own encryption feature before me. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Fysac/orbicfg/issues/2#issuecomment-682258931 , or unsubscribe https://github.com/notifications/unsubscribe-auth/APDEED6DHGRRO53SOCAI4UDSC33LTANCNFSM4QD3JZOA . https://github.com/notifications/beacon/APDEEDZOSI6VXM6BNATVSJ3SC33LTA5CNFSM4QD3JZOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFCVHD4Y.gif

Fysac commented 1 month ago

Added in master branch.