路由器解包
主要是 MD5 加密,需要获取盐
路由器固件解包后,从 /bin/mkxqimage 中提取盐
固件下载
从小米官网下载固件:MiWiFi – 下载
准备工具
在 Ubuntu 下安装解包需要的工具,需要 python3 和 pip
1
2
| sudo apt install python3
sudo apt install python3-pip
|
binwalk
1
2
3
| git clone https://github.com/ReFirmLabs/binwalk.git
cd binwalk
sudo python3 setup.py install
|
ubi_reader
1
2
3
4
5
| git clone https://github.com/jrspruitt/ubi_reader
cd ubi_reader
sudo python3 setup.py install
sudo apt-get install liblzo2-dev
pip install python-lzo
|
解包
对 小米 ax1800 解包
1
2
3
4
5
| binwalk -Me miwifi_rm1800_firmware_47f08_1.0.394.bin
cd _miwifi_rm1800_firmware_47f08_1.0.394.bin.extracted/
ubireader_extract_images 2B0.ubi
cd ubifs-root/2B0.ubi
sudo unsquashfs ./img-793458279_vol-ubi_rootfs.ubifs
|
解包成功后会得到一个 squashfs-root 文件
提取盐
进入目录后找到 mkxqimage 文件,拿出来
打开mkxqimage 文件后,搜索 SN 或者 MD5,就找到了我们需要的数据 d44fb0960aa0-a5e6-4a30-250f-6d2df50a
计算初始密码
Java 代码如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
| import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Scanner;
public class Password {
public static void main(String[] args) {
String original = "d44fb0960aa0-a5e6-4a30-250f-6d2df50a";
String[] split = original.split("-");
String s = "";
for (int i = 1; i <= split.length; i++) {
s += split[split.length - i] + "-";
}
String salt = s.substring(0, s.length() - 1);
System.out.print("请输入15的SN号码:");
Scanner scanner = new Scanner(System.in);
String sn = scanner.nextLine();
String str = sn + salt;
byte[] digest = null;
try {
MessageDigest md5 = MessageDigest.getInstance("md5");
digest = md5.digest(str.getBytes(StandardCharsets.UTF_8));
String md5Str = new BigInteger(1, digest).toString(16);
String pass = md5Str.substring(0, 8);
System.out.println("初始密码为:" + pass);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
}
|
