1

I've been playing around with a router d-link dwr-921 and found some vulnerabilities in the web interface. I still haven't managed to get shell access and now I'm thinking about modifying the firmware since I can access the administration panel.

So far, I've downloaded the latest firmware from d-link, disassembled it using this tool chain and examined the output. On a partition called rootfs/, on which the web interface is located, are several .htm files. These files, however, also contain binary code aside from html, css and javascript which is used to apply settings on the router. How may I find out what binary format is the router using? I'm guessing that it's ARM but haven't tried to disassemble it yet.

I was thinking of compiling a standalone ssh server, add it to the rootfs/ and create an .htm file that sets it up as a cron job for later use.

Can you think of another approach?

Sebi
  • 1,391
  • 9
  • 16
  • I'm a little confused. If you disassembled the latest firmware you should know the type of binary format it's using. Also, the javascript is traditionally interpreted, but it could be done with Just In Time compiling. – RoraΖ Jul 09 '15 at 15:33
  • The whole partition(firmware) was stored in a .bin file. I've extracted it with fmk(second link in the question) and got that rootfs directory which contained the .htm files. I don't know the exact architecture they're meant to run on as the initial .bin file was not an actual binary on its own. – Sebi Jul 09 '15 at 16:03
  • Yeah I see what you mean. There's a `headers.img` file, but it doesn't seem to use any normal type of compression. You know, you might be able to just open up the case and look at the processor. It probably says right on there what it is. – RoraΖ Jul 09 '15 at 18:33
  • 1
    It looks like the processor is a `MIPS 24K V4.12`, [this page](https://forum.openwrt.org/viewtopic.php?id=51451) has the details. Anything else is beyond me I'm afraid :) – Julian Knight Jul 09 '15 at 21:20
  • @Julian Knight I wonder how that guy got a shell running. I think I'll ask on that forum :)) – Sebi Jul 10 '15 at 16:52

0 Answers0