-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
70ec912
commit 28e8968
Showing
39 changed files
with
536 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
## Build dropbear | ||
|
||
``` | ||
export TOOLCHAIN=/static/mipsel-linux-musl-cross/bin | ||
export CROSS_COMPILE=$TOOLCHAIN/mipsel-linux-musl- | ||
export PATH=$PATH:/static/mipsel-linux-musl-cross/bin | ||
export CC=${CROSS_COMPILE}gcc | ||
export AR=${CROSS_COMPILE}ar | ||
export LDFLAGS="-static" | ||
./configure \ | ||
--host=mips-linux \ | ||
--enable-static \ | ||
--disable-lastlog \ | ||
--disable-utmp --disable-utmpx \ | ||
--disable-wtmp --disable-wtmpx \ | ||
--disable-pututline --disable-pututxline \ | ||
--enable-bundled-libtom \ | ||
--with-zlib=/git/install | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
dropbearmulti |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
dropbearmulti |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
dropbearmulti |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
dropbearmulti |
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
dropbearmulti |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,161 @@ | ||
#!/bin/bash | ||
# | ||
|
||
action="$1" | ||
SoC="$2" | ||
|
||
RECOVERY_BIN="demo_wcv3.bin" | ||
|
||
EXTRACTED_ROOTFS_IMG="rootfs.img" | ||
EXTRACTED_APP_IMG="app.img" | ||
|
||
ROOTFS_DIR="rootfs" | ||
APP_DIR="app" | ||
ABACK_DIR="aback" | ||
|
||
ROOTFS_SQSH_BLOCKSIZE="128K" | ||
APP_SQSH_BLOCKSIZE="128K" | ||
ABACK_SQSH_BLOCKSIZE="128K" | ||
|
||
OUT_KERNEL_IMG="output/stock_${SoC}_kernel.bin" | ||
OUT_ROOTFS_IMG="output/stock_${SoC}_rootfs.bin" | ||
OUT_APP_IMG="output/stock_${SoC}_app.bin" | ||
OUT_ABACK_IMG="output/stock_${SoC}_aback.bin" | ||
|
||
|
||
function extract_recovery_bin() { | ||
echo -n "Copying recovery bin... " | ||
cp recovery_bin/$(ls recovery_bin | tail -n 1) $RECOVERY_BIN && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
echo | ||
echo "Extracting recovery bin" | ||
|
||
[ ! -f ${RECOVERY_BIN} ] && { echo "${RECOVERY_BIN} does not exist" ; return 1 ; } | ||
|
||
local kernel_start_addr="64" | ||
local rootfs_start_addr="2031680" | ||
local app_start_addr="6029376" | ||
local RECOVERY_BIN_size=`du -b ${RECOVERY_BIN} | cut -f1` | ||
|
||
local kernel_size=$(( $rootfs_start_addr - $kernel_start_addr)) | ||
local rootfs_size=$(( $app_start_addr - $rootfs_start_addr )) | ||
local app_size=$(( $RECOVERY_BIN_size - $app_start_addr )) | ||
|
||
echo -n " Extracting kernel image from recovery bin... " | ||
[ -f $OUT_KERNEL_IMG ] && { echo "$OUT_KERNEL_IMG exists" ; return 1 ; } | ||
dd if=${RECOVERY_BIN} of=$OUT_KERNEL_IMG bs=1 skip=$kernel_start_addr count=${kernel_size} status=none && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
echo -n " Extracting rootfs image from recovery bin... " | ||
[ -f $EXTRACTED_ROOTFS_IMG ] && { echo "$EXTRACTED_ROOTFS_IMG exists" ; return 1 ; } | ||
dd if=${RECOVERY_BIN} of=$EXTRACTED_ROOTFS_IMG bs=1 skip=$rootfs_start_addr count=$rootfs_size status=none && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
echo -n " Extracting app image from recovery bin... " | ||
[ -f $EXTRACTED_APP_IMG ] && { echo "$EXTRACTED_APP_IMG exists" ; return 1 ; } | ||
dd if=${RECOVERY_BIN} of=$EXTRACTED_APP_IMG bs=1 skip=$app_start_addr count=$app_size status=none && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
echo -n " Decompressing rootfs image... " | ||
[ -d $ROOTFS_DIR ] && { echo "$ROOTFS_DIR directory exists" ; return 1 ; } | ||
unsquashfs -d $ROOTFS_DIR $EXTRACTED_ROOTFS_IMG >/dev/null && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
echo -n " Decompressing app image... " | ||
[ -d $APP_DIR ] && { echo "$APP_DIR directory exists" ; return 1 ; } | ||
unsquashfs -d $APP_DIR $EXTRACTED_APP_IMG >/dev/null && echo "done" || { echo "failed" ; return 1 ; } | ||
} | ||
|
||
function modify_partitions() { | ||
echo | ||
echo "Modifying rootfs and app" | ||
chmod 644 $ROOTFS_DIR/etc/shadow | ||
|
||
echo -n " Copying rootfs_overlay... " | ||
cp -rT rootfs_overlay $ROOTFS_DIR && echo "done" || { echo "failed" ; return 1 ; } | ||
chmod 400 $ROOTFS_DIR/etc/shadow | ||
|
||
local rootfs_ver=$(cat $ROOTFS_DIR/usr/app.ver | grep appver= | cut -d '=' -f2) | ||
local app_ver=$(cat $APP_DIR/bin/app.ver | grep appver= | cut -d '=' -f2) | ||
echo " + rootfs version: $rootfs_ver" | ||
echo " + app version: $app_ver" | ||
|
||
echo -n " Writing new rootfs and app version... " | ||
sed -i "s/$rootfs_ver/sftp_$rootfs_ver/g" $ROOTFS_DIR/usr/app.ver || { echo "failed" ; return 1 ; } | ||
sed -i "s/$app_ver/sftp_$app_ver/g" $APP_DIR/bin/app.ver && echo "done" || { echo "failed" ; return 1 ; } | ||
|
||
local new_rootfs_ver=$(cat $ROOTFS_DIR/usr/app.ver | grep appver= | cut -d '=' -f2) | ||
local new_app_ver=$(cat $APP_DIR/bin/app.ver | grep appver= | cut -d '=' -f2) | ||
echo " + new rootfs version: $new_rootfs_ver" | ||
echo " + new app version: $new_app_ver" | ||
|
||
echo " Disabling mtd-utils to block firmware update" | ||
for mtd_utils in flashcp flash_erase flash_eraseall; do | ||
mtd_utils_files=$( find . -name $mtd_utils \( -type f -o -type l \) ) | ||
for mtd_utils_file in $mtd_utils_files; do | ||
echo " + $mtd_utils_file" | ||
rm $mtd_utils_file | ||
echo -e "#!/bin/sh\nexit 0" > $mtd_utils_file | ||
chmod +x $mtd_utils_file | ||
done | ||
done | ||
|
||
echo " Creating /usr/local/bin to mount aback" | ||
mkdir -p $ROOTFS_DIR/usr/local/bin | ||
} | ||
|
||
function repack_partitions() { | ||
echo | ||
echo -n "Repacking rootfs... " | ||
mksquashfs $ROOTFS_DIR $OUT_ROOTFS_IMG -comp xz -all-root -b $ROOTFS_SQSH_BLOCKSIZE >/dev/null && echo "done" || { echo "failed" ; return 1 ; } | ||
echo " + $(du $EXTRACTED_ROOTFS_IMG)" | ||
echo " + $(du $OUT_ROOTFS_IMG)" | ||
|
||
echo | ||
echo -n "Repacking app..." | ||
mksquashfs $APP_DIR $OUT_APP_IMG -comp xz -all-root -b $APP_SQSH_BLOCKSIZE >/dev/null && echo "done" || { echo "failed" ; return 1 ; } | ||
echo " + $(du $EXTRACTED_APP_IMG)" | ||
echo " + $(du $OUT_APP_IMG)" | ||
|
||
echo | ||
echo -n "Repacking aback..." | ||
mksquashfs $ABACK_DIR $OUT_ABACK_IMG -comp xz -all-root -b $ABACK_SQSH_BLOCKSIZE >/dev/null && echo "done" || { echo "failed" ; return 1 ; } | ||
echo " + $(du $OUT_APP_IMG)" | ||
echo " + $(du $OUT_ABACK_IMG)" | ||
} | ||
|
||
function generate_checksum() { | ||
echo | ||
echo "Generating sha256sum files" | ||
for outfile in $OUT_KERNEL_IMG $OUT_ROOTFS_IMG $OUT_APP_IMG $OUT_ABACK_IMG; do | ||
echo -n " For $outfile... " && echo "done" || { echo "failed" ; return 1 ; } | ||
( cd $(dirname $outfile) && sha256sum $(basename $outfile) > $(basename $outfile).sha256sum ) | ||
done | ||
} | ||
|
||
function clean() { | ||
rm -rf $RECOVERY_BIN $EXTRACTED_ROOTFS_IMG $EXTRACTED_APP_IMG $EXTRACTED_ROOTFS_IMG $EXTRACTED_APP_IMG $ROOTFS_DIR $APP_DIR output | ||
} | ||
|
||
function show_syntax() { | ||
echo "Syntax: ./build.sh <create/clean> <SoC>" | ||
} | ||
|
||
[ ! -d output ] && mkdir output | ||
|
||
case "${1}" in | ||
"create") | ||
if [[ ! "$SoC" == "t31a" ]] && [[ ! "$SoC" == "t31x" ]]; then | ||
echo "Invalid SoC, only t31a and t31x are supported" | ||
show_syntax | ||
exit 1 | ||
fi | ||
|
||
extract_recovery_bin || exit 1 | ||
modify_partitions || exit 1 | ||
repack_partitions || exit 1 | ||
generate_checksum || exit 1 | ||
;; | ||
"clean") | ||
clean | ||
;; | ||
*) | ||
show_syntax | ||
;; | ||
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
diff --git a/default_options.h b/default_options.h | ||
index 5132775..c041b78 100644 | ||
--- a/default_options.h | ||
+++ b/default_options.h | ||
@@ -13,7 +13,7 @@ Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS | ||
|
||
IMPORTANT: Some options will require "make clean" after changes */ | ||
|
||
-#define DROPBEAR_DEFPORT "22" | ||
+#define DROPBEAR_DEFPORT "1022" | ||
|
||
/* Listen on all interfaces */ | ||
#define DROPBEAR_DEFADDRESS "" | ||
@@ -21,10 +21,10 @@ IMPORTANT: Some options will require "make clean" after changes */ | ||
/* Default hostkey paths - these can be specified on the command line. | ||
* Homedir is prepended if path begins with ~/ | ||
*/ | ||
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" | ||
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" | ||
-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" | ||
-#define ED25519_PRIV_FILENAME "/etc/dropbear/dropbear_ed25519_host_key" | ||
+#define DSS_PRIV_FILENAME "/configs/dropbear/dropbear_dss_host_key" | ||
+#define RSA_PRIV_FILENAME "/configs/dropbear/dropbear_rsa_host_key" | ||
+#define ECDSA_PRIV_FILENAME "/configs/dropbear/dropbear_ecdsa_host_key" | ||
+#define ED25519_PRIV_FILENAME "/configs/dropbear/dropbear_ed25519_host_key" | ||
|
||
/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens | ||
* on chosen ports and keeps accepting connections. This is the default. | ||
@@ -253,7 +253,7 @@ group1 in Dropbear server too */ | ||
/* A default argument for dbclient -i <privatekey>. | ||
* Homedir is prepended if path begins with ~/ | ||
*/ | ||
-#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" | ||
+#define DROPBEAR_DEFAULT_CLI_AUTHKEY "/configs/dropbear/id_dropbear" | ||
|
||
/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD | ||
* environment variable. */ | ||
@@ -298,11 +298,11 @@ group1 in Dropbear server too */ | ||
* scripts etc. This can be overridden with the -P flag. | ||
* Homedir is prepended if path begins with ~/ | ||
*/ | ||
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid" | ||
+#define DROPBEAR_PIDFILE "/var/run/dropbear_sftp.pid" | ||
|
||
/* The command to invoke for xauth when using X11 forwarding. | ||
* "-q" for quiet */ | ||
-#define XAUTH_COMMAND "/usr/bin/xauth -q" | ||
+#define XAUTH_COMMAND "/usr/local/bin/xauth -q" | ||
|
||
|
||
/* If you want to enable running an sftp server (such as the one included with | ||
@@ -311,11 +311,11 @@ group1 in Dropbear server too */ | ||
* Homedir is prepended if path begins with ~/ | ||
*/ | ||
#define DROPBEAR_SFTPSERVER 1 | ||
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server" | ||
+#define SFTPSERVER_PATH "/usr/local/bin/sftp-server" | ||
|
||
/* This is used by the scp binary when used as a client binary. If you're | ||
* not using the Dropbear client, you'll need to change it */ | ||
-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" | ||
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/local/bin/dbclient" | ||
|
||
/* Whether to log commands executed by a client. This only logs the | ||
* (single) command sent to the server, not what a user did in a | ||
@@ -351,7 +351,7 @@ be overridden at runtime with -I. 0 disables idle timeouts */ | ||
#define DEFAULT_IDLE_TIMEOUT 0 | ||
|
||
/* The default path. This will often get replaced by the shell */ | ||
-#define DEFAULT_PATH "/usr/bin:/bin" | ||
-#define DEFAULT_ROOT_PATH "/usr/sbin:/usr/bin:/sbin:/bin" | ||
+#define DEFAULT_PATH "/usr/bin:/bin:/usr/local/bin" | ||
+#define DEFAULT_ROOT_PATH "/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/opt/bin:/opt/sbin" | ||
|
||
#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */ | ||
diff --git a/svr-authpubkey.c b/svr-authpubkey.c | ||
index 5d298cb..5bf9054 100644 | ||
--- a/svr-authpubkey.c | ||
+++ b/svr-authpubkey.c | ||
@@ -464,11 +464,11 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, | ||
} else { | ||
/* we don't need to check pw and pw_dir for validity, since | ||
* its been done in checkpubkeyperms. */ | ||
- len = strlen(ses.authstate.pw_dir); | ||
+ | ||
/* allocate max required pathname storage, | ||
* = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ | ||
- filename = m_malloc(len + 22); | ||
- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", | ||
+ filename = m_malloc(34); | ||
+ snprintf(filename, 34, "/configs/dropbear/authorized_keys", | ||
ses.authstate.pw_dir); | ||
|
||
authfile = fopen(filename, "r"); | ||
@@ -528,52 +528,8 @@ out: | ||
* ~/.ssh/authorized_keys are all owned by either root or the user, and are | ||
* g-w, o-w */ | ||
static int checkpubkeyperms() { | ||
- | ||
- char* filename = NULL; | ||
- int ret = DROPBEAR_FAILURE; | ||
- unsigned int len; | ||
- | ||
- TRACE(("enter checkpubkeyperms")) | ||
- | ||
- if (ses.authstate.pw_dir == NULL) { | ||
- goto out; | ||
- } | ||
- | ||
- if ((len = strlen(ses.authstate.pw_dir)) == 0) { | ||
- goto out; | ||
- } | ||
- | ||
- /* allocate max required pathname storage, | ||
- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ | ||
- len += 22; | ||
- filename = m_malloc(len); | ||
- strlcpy(filename, ses.authstate.pw_dir, len); | ||
- | ||
- /* check ~ */ | ||
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { | ||
- goto out; | ||
- } | ||
- | ||
- /* check ~/.ssh */ | ||
- strlcat(filename, "/.ssh", len); | ||
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { | ||
- goto out; | ||
- } | ||
- | ||
- /* now check ~/.ssh/authorized_keys */ | ||
- strlcat(filename, "/authorized_keys", len); | ||
- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { | ||
- goto out; | ||
- } | ||
- | ||
- /* file looks ok, return success */ | ||
- ret = DROPBEAR_SUCCESS; | ||
- | ||
-out: | ||
- m_free(filename); | ||
- | ||
- TRACE(("leave checkpubkeyperms")) | ||
- return ret; | ||
+ TRACE(("skip checkpubkeyperms")) | ||
+ return DROPBEAR_SUCCESS; | ||
} | ||
|
||
/* Checks that a file is owned by the user or root, and isn't writable by |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
WyzeCamV3 |
Oops, something went wrong.