Open fredguth opened 2 years ago
Instead of this:
$OPENSSL aes-256-cbc -d $AES -in $IN | $OPENSSL zlib -d -out $TMP/mid.bin
use this on OSX:
$OPENSSL aes-256-cbc -d $AES -in $IN | pigz -z -d > $TMP/mid.bin
Similarly for the second decryption call:
# decrypt again to get xml file
$OPENSSL aes-256-cbc -d $AES -in $TMP/orig.bin | pigz -z -d > $OUT
Thanks a lot, @dbouras. I get a mismatch despite having the same Archer AC2300 V1. The XML seems fine, any idea why?
From AC2300 web interface: Firmware version: 2.0.3 Build 20180611 Rel. 77668 Hardware version: Archer C2300 v1.0
By the way, in xml2bin:
pigz -z -c $IN | $OPENSSL aes-256-cbc $AES -out $TMP/orig.bin
...
pigz -z -c $TMP/mid.bin | $OPENSSL aes-256-cbc $AES -out $OUT
Still, because of the mismatch in the bin2xml process, I also get it in xml2bin: MD5 (backup-AC2300-2022-01-31.bin) = 0f0cf3a864d821b7d352e8775cb46800 MD5 (newfile.bin) = 1ddf5452f82c37bc40fd03aa9d2063b4
The changes above resulted in a .bin file that wasn't recognised by the router. In the xmll2bin concatenation step, I made a small change using my FILE_MD5 instead of OURS_MD5. It became recognised by the router. But the change (only change was RemoteSSH on) did not work, and I couldn't access the router in any way (nor web nor ssh).
A factory reset brought it back, but I still haven't figured out how to remote ssh it.
Have you used the GPL code to figure out what to change?
https://static.tp-link.com/resources/gpl/AC2300V1_US_GPL.tar.gz
I thought about downgrading my firmware to have the same environment as yours, but the web interface does not allow it.
Are you using a recent version of openssl (e.g. installed via brew)?
% which openssl
/usr/local/opt/openssl/bin/openssl
% openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)
Here are my versions - hope they help:
#!/bin/bash
[ $# -lt 1 ] && echo "Syntax: $0 backup-filename.bin [output-filename.xml]" && exit
IN=$1
[ $# -lt 2 ] && OUT=${IN%.*}.xml || OUT=$2
OPENSSL=/usr/local/opt/openssl/bin/openssl
[ ! -f $IN ] && echo File $IN does not exist && exit
# MD5 used for Archer C2300
OUR_MD5=`echo -n 'Archer C2300' | md5sum | cut -d' ' -f 1`
# AES key & iv params
AES="-K 2EB38F7EC41D4B8E1422805BCD5F740BC3B95BE163E39D67579EB344427F7836 -iv 360028C9064242F81074F4C127D299F6"
TMP=$IN-tmp-dir
mkdir -p $TMP
# decode binary file downloaded from TP-Link firmware - Backup
#$OPENSSL aes-256-cbc -d $AES -in $IN | $OPENSSL zlib -d -out $TMP/mid.bin
$OPENSSL aes-256-cbc -d $AES -in $IN | pigz -z -d > $TMP/mid.bin
# first 16 bytes are MD5 of product
FILE_MD5=`dd if=$TMP/mid.bin bs=1 count=16 2>/dev/null | hexdump -v -e '/1 "%02x"'`
echo "File MD5: ${FILE_MD5}, product MD5: ${OUR_MD5}"
[ "${OUR_MD5}" != "${FILE_MD5}" ] && echo "MD5 product signature mismatch. Restoring from xml2bin output is not recommended." || echo "Matching MD5 product signature found."
# skip 16 bytes of md5 and extract orig.bin file
dd if=$TMP/mid.bin of=$TMP/orig.bin bs=1 skip=16 2>/dev/null
# decrypt again to get xml file
$OPENSSL aes-256-cbc -d $AES -in $TMP/orig.bin | pigz -z -d > $OUT
echo XML file saved in $OUT
rm -rf $TMP
#!/bin/bash
[ $# -lt 1 ] && echo "Syntax: $0 filename.xml [output-filename.bin]" && exit
IN=$1
[ $# -lt 2 ] && OUT=${IN%.*}.bin || OUT=$2
OPENSSL=/usr/local/opt/openssl/bin/openssl
[ ! -f $IN ] && echo File $IN does not exist && exit
# MD5 used for Archer C2300
OUR_MD5=`echo -n "Archer C2300" | md5sum | cut -d' ' -f 1`
# AES key & iv params
AES="-K 2EB38F7EC41D4B8E1422805BCD5F740BC3B95BE163E39D67579EB344427F7836 -iv 360028C9064242F81074F4C127D299F6"
TMP=$IN-tmp-dir
mkdir -p $TMP
# encrypt xml to get orig.bin file
cat $IN | pigz -z | $OPENSSL aes-256-cbc $AES -out $TMP/orig.bin
# create binary file (16 bytes) with content of product name md5
echo $OUR_MD5 | xxd -r -p >$TMP/md5file
# concatenate md5 file + orig.bin into mid.bin
cat $TMP/md5file $TMP/orig.bin >$TMP/mid.bin
# encrypt mid.bin to prepare final .bin acceptable by TP-Link firmware - Restore
pigz -z < $TMP/mid.bin | $OPENSSL aes-256-cbc $AES -out $OUT
echo BIN file saved in $OUT
rm -rf $TMP
~ ❯ which openssl Py base 21:31:08
/opt/homebrew/opt/openssl@3/bin/openssl
~ ❯ openssl version Py base 22:10:24
OpenSSL 3.0.1 14 Dec 2021 (Library: OpenSSL 3.0.1 14 Dec 2021)
With your bin2xml.sh, I also get a product name mismatch. I believe the problem is that my product is Archer C2300(US) V1 and not (EU).
I don't think that is the problem; I have the same product (version strings are identical to yours). Do the MD5 signatures match when you run bin2xml?
~/code/ac2300 ❯ sh ./tplink-archer-c2300/scripts/bin2xml.sh backup-AC2300-2022-01-31.bin Py base 20:00:29
File MD5: b37598ac5105ea9974fc6634a4c92a76, product MD5: 265bb095084b919cc022676898140b8c
MD5 product signature mismatch. Restoring from xml2bin output is not recommended.
XML file saved in backup-AC2300-2022-01-31.xml
Here is my backup file https://1drv.ms/u/s!Anhzg7v0vslFlfhp8KGwADG2fWaK2w?e=CdF9hw
Works fine here:
% ./bin2xml.sh backup-AC2300-2022-01-31.bin
File MD5: b37598ac5105ea9974fc6634a4c92a76, product MD5: b37598ac5105ea9974fc6634a4c92a76
Matching MD5 product signature found.
XML file saved in backup-AC2300-2022-01-31.xml
I think OSX's stock md5sum is the issue - install a replacement with brew:
% which md5sum
/usr/local/bin/md5sum
% md5sum --version
md5sum (GNU coreutils) 9.0
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Written by Ulrich Drepper, Scott Miller, and David Madore.
Could you help me understand what this command does (bin2xml.sh):
$OPENSSL zlib -d -out $TMP/mid.bin
My macos openssl has no zlib option, I have tried to change this without success, so I want to understand what this command does to see if I can think of another way.