Stumbled upon this file a couple of days ago and decided to update it to work with python3.
Additions:
n_encode()
n_decode()
log_hex()
n_encode() and n_decode() functions are in place to be helpers. Going from python2 to python3 we need to encode and decode certain parts. This boils down to the differences with how str and bytes are handled in python3.
Trying to work with ECB mode in python3 with the crypto library isn't great. To make this work I'm using pycryptodome. I came across this post that guided me in the right direction. I would suggest to use pycryptodome by default now in your virtual env.
I did notice the firmware Netgear provides for the MR1100 now includes a different build compared to the original presentation.
This results in less bin files being available after decrypting the spk. I'm assuming Netgear changed up the structure a bit with this new build. Maybe this code still needs more tweaking or my key_32/key_padding is off a bit.
closes https://github.com/pentestpartners/defcon27-4grouters/issues/1
Stumbled upon this file a couple of days ago and decided to update it to work with python3.
Additions:
n_encode()n_decode()log_hex()n_encode()andn_decode()functions are in place to be helpers. Going from python2 to python3 we need to encode and decode certain parts. This boils down to the differences with howstrandbytesare handled in python3.log_hex()is another helper to cleanupTrying to work with ECB mode in python3 with the
cryptolibrary isn't great. To make this work I'm using pycryptodome. I came across this post that guided me in the right direction. I would suggest to usepycryptodomeby default now in your virtual env.I did notice the firmware Netgear provides for the MR1100 now includes a different build compared to the original presentation.
~/Doc/F/defcon27-4grouters/n/__MR1100-100NAS_23113828_NTG9x50C_12.06.11.00_00_GenericNA_05.03.secc.spk python3 !1 ?6 ❯ strings -n 16 _decrypted.bin 1M!@NTG9X50C_12.06.11.00 r3831 ntgrbc-fwbuild4 2020/01/24 17:46:40This results in less bin files being available after decrypting the spk. I'm assuming Netgear changed up the structure a bit with this new build. Maybe this code still needs more tweaking or my key_32/key_padding is off a bit.