Posted: Fri Aug 06, 2021 18:11 Post subject: How to make LOM's webrevert files
Hi all, looking into how to make "webrevert" files like LOM did in his thread, but for the Archer C7 v4 which doesn't have one yet.
From comparing the C7 v2 stock to LOM's webrevert and DD-WRT's factory-to-ddwrt to the std build it looks like the only important thing is adding the DD-WRT-like header to a stock image like:
Has anyone tried to recreate this before and can verify? Could I just copy and paste the HDR from the latest DD-WRT to the latest stock, or is there a checksum and padding that would need to be fixed as well?
Last edited by osm0sis on Tue Aug 10, 2021 13:32; edited 1 time in total
In fact, TFTPD32/TFTPD64 log will tell you what filename it is looking for, or so I found out, but you can also use wireshark to verify, if needed. If you produce a usable revert file, I can add it to that thread. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Presumably anyone who needed a webrevert for their devices could just grab the correct trx* source from DD-WRT's repo and build the utility, then sign the latest stock firmware bin using the Makefile trx command so DD-WRT will recognize it.
I'll give this a shot for my device next time I've got time to muck with compiles and router downtime.
Yes, that's the naming used by TFTP, but it also appears to just be the filename the DD-WRT build system uses as an interim before adding the trx "HDR0" header so that the WebUI will accept it.
So, signing stock firmware with trx_n to make our own webreverts should work, theoretically! May just need the bootloader stripped too, as I've read, but that also may differ between devices/revisions. 🙂
Edit: `gcc trx_n.c` compiled without issue in Cygwin, no changes needed, and the utility appears to have successfully trx signed the stock C7 v4 firmware.🤘
But I'll have to save testing it and reporting whether the WebUI accepts it (and whether it needs to be stripped before signing it on the v4) when it's not the middle of a work week. 🤞🤠
Last edited by osm0sis on Tue Aug 10, 2021 13:42; edited 1 time in total
Well the WebUI said the flash was successful, so presumably the trx_n signing of the file was correct, but unfortunately the device then wouldn't boot and I had to tftpd it.
Not sure if that's because the final stock firmware needed to be stripped or not (I didn't see any obvious point at which to strip it around 0x20200 like other C7 stripping tutorials mention), or whether with the added header the firmware was simply too large. I had told it to factory reset so it shouldn't have been an nvram settings issue.
Either way the compiled trx_n "HDR0" signing utility might still be useful to others on non-broadcom hardware wanting to try to make webreverts, so I've uploaded my Cygwin build (+lib) of it, and the .c source file (from DD-WRT's repo as linked above), and if anyone wanted it for MacOS or Linux I'm sure it would be just as simple to make a native compile as I mentioned in my previous post.
Judging from the Makefile most non-broadcom devices can just use: `./trx_n -m 40000000 -o <output-file> <input-file>`
If you read KrypteX's post in the thread I linked, you would know you had to strip the bootloader to create the file.
I told you I did read it and I linked you another site that said if "boot" wasn't present in the C7 stock firmware filename that it also might not need to be stripped..
The "if you had read" posts when I've clearly shown I've done my homework here are a bit frustrating. Like, in the post you're replying to I discussed hunting around in the file for any clear point at which to strip, but unfortunately didn't see one.
Anyway, I'll keep searching for any clearer instructions for finding the right stripping offset and perhaps try again, but as I said, the trx_n utility will likely also be useful for others as it seems like nobody ever thought to look at the source code for the signing utility and have just done it manually over the years, and I'm also surprised BrainSlayer never offered you guys the utility directly to make everyone's lives easier.. so, yeah, you're welcome.
Joined: 08 May 2018 Posts: 14207 Location: Texas, USA
Posted: Wed Aug 11, 2021 5:49 Post subject:
All of LOM's files use the oldest firmware for the device, not the newest AFAIK. If I missed something where you have done your homework, sorry. If there is no bootloader or anything that needs to be stripped or overwritten, I am at a loss; but it has to be one or the other as to why it didn't work, if I am not mistaken. I believe you would have to compare the webflash file with the stock firmware file in a hex editor as you already know. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
