路由器解包
主要是 MD5 加密,需要获取盐
路由器固件解包后,从 /bin/mkxqimage
中提取盐
固件下载
从小米官网下载固件:MiWiFi – 下载
准备工具
在 Ubuntu 下安装解包需要的工具,需要 python3 和 pip
1 2
| sudo apt install python3 sudo apt install python3-pip
|
binwalk
1 2 3
| git clone https://github.com/ReFirmLabs/binwalk.git cd binwalk sudo python3 setup.py install
|
ubi_reader
1 2 3 4 5
| git clone https://github.com/jrspruitt/ubi_reader cd ubi_reader sudo python3 setup.py install sudo apt-get install liblzo2-dev pip install python-lzo
|
解包
对 小米 ax1800 解包
1 2 3 4 5
| binwalk -Me miwifi_rm1800_firmware_47f08_1.0.394.bin cd _miwifi_rm1800_firmware_47f08_1.0.394.bin.extracted/ ubireader_extract_images 2B0.ubi cd ubifs-root/2B0.ubi sudo unsquashfs ./img-793458279_vol-ubi_rootfs.ubifs
|
解包成功后会得到一个 squashfs-root
文件
提取盐
进入目录后找到 mkxqimage
文件,拿出来
打开mkxqimage
文件后,搜索 SN 或者 MD5,就找到了我们需要的数据 d44fb0960aa0-a5e6-4a30-250f-6d2df50a
计算初始密码
Java 代码如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
| import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Scanner;
public class Password { public static void main(String[] args) { String original = "d44fb0960aa0-a5e6-4a30-250f-6d2df50a"; String[] split = original.split("-"); String s = ""; for (int i = 1; i <= split.length; i++) { s += split[split.length - i] + "-"; } String salt = s.substring(0, s.length() - 1);
System.out.print("请输入15的SN号码:"); Scanner scanner = new Scanner(System.in); String sn = scanner.nextLine();
String str = sn + salt;
byte[] digest = null; try { MessageDigest md5 = MessageDigest.getInstance("md5"); digest = md5.digest(str.getBytes(StandardCharsets.UTF_8)); String md5Str = new BigInteger(1, digest).toString(16); String pass = md5Str.substring(0, 8); System.out.println("初始密码为:" + pass); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } }
|