Closed X3eRo0 closed 2 years ago
itsyourap
commented
2 years ago trying to decrypt the configuration file for JCO110 with firmware ARCTF1_JCO110_R1.148 leads to a bad decrypt.
Try this key : server.key.zip! I just extracted it from the ARCTF1_JCO110_R1.148 firmware!
Can you explain how did you extracted the encryption keys in the first place?
Used binwalk
Thanks you are doing awesome work.
Welcome
X3eRo0
commented
2 years ago I wanna know more about the firmware. Is the firmware encrypted in sorts? I wanna look for vulns in the actual webserver and shit. XD I was on hold because I tried finding easy low hanging fruit bugs in the web ui, you know like command injection and quickly realised the web ui is quit strong, even something like a config file is also encrypted and then gave up. I didn't have the tools/experience to dump ROM and stuff. I've seen people open up the router and find the debug serial port and get a shell like that. :)
X3eRo0
commented
2 years ago I just extracted the ubifs from the firmware and I am looking at the webserver code. Its in Lua, I am so surprised XD
itsyourap
commented
2 years ago I've seen people open up the router and find the debug serial port and get a shell like that
Few of us also tried but failed to get root due to unknown root password
I just extracted the ubifs from the firmware and I am looking at the webserver code. Its in Lua, I am so surprised XD
Yeah! Best Of Luck!
trying to decrypt the configuration file for JCO110 with firmware ARCTF1_JCO110_R1.148 leads to a bad decrypt. Can you explain how did you extracted the encryption keys in the first place? How did you reverse engineer the firmware? Thanks you are doing awesome work.