-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firmware login - inferNetwork #23
Comments
It shouldn't matter whether the firmware requires a password to login or not; pretty much all will have a password prompt on the root shell. The system looks for system calls to certain kernel networking functions that bind IP addresses, in order to infer the correct address. If this isn't happening, typically there is some NVRAM-related problem earlier in the boot process that is causing a crash or abort before the networking comes up. You'll want to see what are the last few NVRAM keys requested before the crash/abort, and whether a default value needs to be set for that key to continue the boot process. |
Here is more logs but I don't know what does that mean nor exactly what I have to do with that... I'm new to all these things :s
It doesn't seem to have other errors in the full log. |
Looking at that log, I don't see the firmware try to assign IP addresses to any network adapters. I suspect that it's aborting parts of the boot process as soon as it encounters a failure, specifically inserting the kernel module. See if you can find a configuration file or init script on the filesystem, and modify it to avoid inserting any kernel modules. You may find the mount.sh and umount.sh scripts useful for doing this. |
Thx again for your help but I'm still stuck :( I managed to modify configuration to avoid loading kernel modules and it worked (I didn't see insmod error anymore). But still the same result. So I also disabled the start of "httpd" because it seemed to throw an error too. But doesn't matter, the boot process still doesn't go further... I found a (non-emulated I guess) bootlog of other TP-Link router, dunno if it can help : https://wiki.openwrt.org/toh/tp-link/tl-mr11u/bootlog |
Hmm, looking at that bootlog, it seems that the kernel module failures are normal. At this point, I'd guess that the firmware is trying to access NVRAM or flash via a mechanism that we don't emulate in libnvram. If you have access to IDA Pro or another disassembler, I'd suggest looking to see where the string "Now flash open!" is being printed out from to get an idea of where this is occurring. In the simplest case, you'll just need to add an alias for the library function to libnvram, but in a more complex case, if the system is accessing e.g. /dev/nvram directly, you'd need to add some IOCTL or read/write emulation to the firmadyne kernel module. |
Hi, I don't remember where I got that but I have the source code of the firmware for that router model.
Where should I look if I didn't had the source code? Which executable should I have disassembled ? I have really no idea what to do exactly now... :s Should I edit libnvram/alias.c to add something for Atheros driver? |
Generally, you would start looking at the You should try to figure out what is the name of the device that is being accessed (e.g. |
Hi,
I successfully ran the firmware example following the readme.
Then I tried to do the same with another firmware.
I got stuck at the inferNetwork.sh step. It wasn't able to find an interface, so no run.sh file created. Then I looked up at the qemu initial logs and it seems that the firmware require a login and probably a password to go further. If I'm right, how can I give one via firmadyne ?
Here are the logs of inferNetwork :
Here are my logs from qemu :
Here is the link of the firmware :
http://static.tp-link.com/resources/software/TL-WR740N_V4_140520.zip
The text was updated successfully, but these errors were encountered: