doesnt even run.

[Electrik-rich546456]

hi i'm not to much of an expert bet my ide fof py says things like undefined name 'xrange'. and

Local variable 'final_key' is assigned to but never used.

when i tried to run it it would not run as there was an undefined log var. so i changed it to print it seemed to work then got errors like this NameError: global name 'colored' is not defined

so commented those entries out

and now i have this error

ValueError: Key cannot be the null string

[tautology0]

The xrange comment tells me that your IDE is Python 3, whereas the script uses Python 2 (which is probably a bug).

The colored error is probably that you haven't installed the TermColor library.

Could you try this in Python 2 and copy and paste in the exact errors please?

[Electrik-rich546456]

Oh thanks for your time. Ive run it again ane here are the errors python2 netgear_fwtool.py Test.spk

[LOG] using file Test.spk [LOG] file is 0x686a932 long Traceback (most recent call last): File "netgear_fwtool.py", line 129, in aes = AES.new(aes_key, AES.MODE_ECB, "") File "/usr/lib/python2.7/dist-packages/Crypto/Cipher/AES.py", line 94, in new return AESCipher(key, *args, kwargs) File "/usr/lib/python2.7/dist-packages/Crypto/Cipher/AES.py", line 59, in init blockalgo.BlockAlgo.init(self, _AES, key, *args, *kwargs) File "/usr/lib/python2.7/dist-packages/Crypto/Cipher/blockalgo.py", line 141, in init self._cipher = factory.new(key, args, kwargs) ValueError: Key cannot be the null string

[Electrik-rich546456]

python2 Python 2.7.15+ (default, Oct 7 2019, 17:39:04) [GCC 7.4.0] on linux2 Type "help", "copyright", "credits" or "license" for more information.

import Crypto.Cipher from Crypto.Cipher import AES print (AES) <module 'Crypto.Cipher.AES' from '/usr/lib/python2.7/dist-packages/Crypto/Cipher/AES.pyc'>

[Electrik-rich546456]

if thats any help

[engur]

... "Doing the actual key-finding and decryption can be left as an exercise for the reader ?" ... So, you have to find the key yourself... https://www.pentestpartners.com/security-blog/breaking-bad-firmware-encryption-case-study-on-the-netgear-nighthawk-m1/

[Electrik-rich546456]

Yes I know that's were I found it. Even thought I found the article very informative I still cannot do it. I suspect I'm missing something. Any help would be appreciated.

On Wed, 27 Nov 2019, 10:12 am Engür Pişirici, notifications@github.com wrote:

... "Doing the actual key-finding and decryption can be left as an exercise for the reader ?" ... So, you have to find the key yourself...

https://www.pentestpartners.com/security-blog/breaking-bad-firmware-encryption-case-study-on-the-netgear-nighthawk-m1/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pentestpartners/defcon27-4grouters/issues/1?email_source=notifications&email_token=AN3GUW6TE5L2YZ4IEHQT46LQVZB2VA5CNFSM4JQWQXV2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFI76SQ#issuecomment-559021898, or unsubscribe https://github.com/notifications/unsubscribe-auth/AN3GUW3D5UA3XC5FZTJ5G2DQVZB2VANCNFSM4JQWQXVQ .

[Electrik-rich546456]

maybe i should be a bit clearer how do i get the key ? I was thinking of integrating the two snippets of code that has been taken from the actual device. I am not knowledgeable enough to incorporate it into this py code .

[jla3378]

maybe i should be a bit clearer how do i get the key ? I was thinking of integrating the two snippets of code that has been taken from the actual device. I am not knowledgeable enough to incorporate it into this py code .

The first 32 bits of the key in hex is 67458b6b

That should technically make it exponentially easier for you to brute force it ;)

[soaringswine]

Hi @sgulls @tautology0, to piggyback on this.. embedded security research is nothing new to me but I'm hitting a brick wall. I have the aes_key and it works, and I got the key_padding correct I believe, as the resulting _decrypted.bin actually has stuff that binwalk recognizes and can extract (kind of), and I can see strings from like APNs configs and JSON and such in the resulting files .ubi and .zlib files.

However, I still think something is screwed up on my end because the original encrypted firmware file is 103.7 MB (MR1100-100NAS_23113828_NTG9x50C_12.06.11.00_00_GenericNA_05.03.secc.spk) and the _decrypted.bin is only 16.9 MB and binwalk ends up not being to extract anything from the resulting .ubi files, despite actually seeing file headers for instance. There's a whole lot less in what I ended up with vs what's floating around in the FOTO9X50 file.

Have you tried this on the latest MR1100 firmware? Or am I missing something (key_32 maybe..?) that you can give me a hint on? I've spent a ton of time understanding your script and trying to retrace your steps (xortool is awful, Google Translate is great) and actually own a Segger J-Link in case I need to go that route :-)

[hizukiayaka]

I am not sure whether the key found on the slide show of defcon 27 would still work today I try to port this script to python3 but I failed in if line[12:17] == "BASE" It means I didn't decrypt the right content.

[tautology0]

I get the feeling this will need updating for Python3 and the latest firmware. Happy to accept pull requests for it. It may be a while until I can get a chance to look properly.

[hizukiayaka]

I tried the python2 environment, I am not sure whether it is problem of the wrong key or header format has been changed. The same problem as python3. I though the last one would be more possible or the old firmware can't be updated to a later version. But if it is the problem of the key, I am not good at this, I even don't understand where that old key comes from.

[flamingo1616]

你好@sgulls @tautology0嵌入式安全研究对我来说并不新鲜，但我遇到了困难。我有 aes_key 并且它可以工作，并且我相信 key_padding 是正确的，因为生成的 _decrypted.bin 实际上具有 binwalk 识别并可以提取（某种程度）的内容，并且我可以看到来自 APNs 配置和 JSON 等的字符串在生成的文件 .ubi 和 .zlib 文件中。

然而，我仍然认为我的最终搞砸了，因为原始加密固件文件是 103.7 MB (MR1100-100NAS_23113828_NTG9x50C_12.06.11.00_00_GenericNA_05.03.secc.spk) 而 _decrypted.bin 只有 16.9 MB 并且 binwalk 最终没有从生成的 .ubi 文件中提取任何内容，尽管实际上看到了文件头。与 FOTO9X50 文件中浮动的内容相比，我最终得到的内容要少得多。

您是否在最新的 MR1100 固件上尝试过此操作？或者我错过了一些东西（也许是 key_32..？），你可以给我一个提示吗？我花了很多时间来理解你的脚本并尝试追溯你的步骤（xortool 很糟糕，谷歌翻译很棒），并且实际上拥有一个 Segger J-Link，以防我需要走那条路:-)

Hello, I am not sure if you have finally resolved the firmware decryption issue. I have also encountered the same problem as before. I am unable to obtain the key kernel padding and other information contained in the firmware. If you have resolved it, I hope to receive your help