Closed DocDrydenn closed 1 month ago
That decrypted config is junk data; it looks like the RBR760 is using a different encryption scheme. Or, it might have something to do with a different implementation of rand()
since this model uses musl libc instead of uClibc. I'll check it out tomorrow.
@DocDrydenn To test my theory since I don't have this device, can you:
musl-gcc
on your system, either by running apt install musl-tools
(if you have Debian/Ubuntu), or by following the instructions in the first box on this pagemusl-test
branch of orbicfg: git clone -b musl-test https://github.com/fysac/orbicfg
make
./orbicfg /root/NETGEAR_RBR760.cfg > /root/NETGEAR_RBR760.decrypted
/root/NETGEAR_RBR760.decrypted
) has any useful dataTested everything you asked.
root@BackupServer:~/testing/orbicfg# ./orbicfg /root/NETGEAR_RBR760.cfg > /root/NETGEAR_RBR760.decrypted
using magic: 0x01346231
invalid checksum (0x01da144e), continuing anyway
root@BackupServer:~/testing/orbicfg#
Output file was created. Contents of this file is not readable. Sample (First 5 Lines):
IUQ.2^ZY:�1�d^Z��it��;���
^O^\�>^D^^�Z�)�7W}kN�^E^Y^Y^?U:^D�A}LY��A4�@�^Z��� �H�^]ץ�$|z�L&F�}�^S�^P,�`^Sj��K���%���#�^G}$���7�J�i�?>A��d`��^^I��^R%�<^Lg�i�^A�$: ^]��W�{�! * ^S�f&>
�^?b^CV�1H�Z^S
9LN>sq^_�n�
�=�^\���^_-S�^X��Y
Would sending you the .cfg
help? If not, I can keep testing as you request.
Would sending you the
.cfg
help? If not, I can keep testing as you request.
It would be very helpful, but the config probably contains sensitive information (a SHA256 hash of your admin password, the SSID, hostnames of connected devices, etc.). If you're still willing to send it, you could temporarily change your password and anything else you don't want me to see, re-export the config, and share that sanitized version. If you don't care about me seeing any settings, sending it as-is is fine.
I run my Orbi in AP mode behind my router so no real security risk. NETGEAR_RBR760.zip
Thanks, got it working with a hacky fix in the musl-test
branch. Either Netgear is trying to mess with us or there's a typo in their code, because the magic value given in the file header was incorrect (off by exactly 1). I manually overrode it with the right value.
I'll add a proper solution to the Go version later.
using the go-rewrite...