Posted: Sun Jul 17, 2022 3:11 Post subject: [SOLVED!] the Firmware Modification Kit still a viable tool?
I was recently able to get the FMK to extract the header, kernel and file system for a newer bin. It was also able to re-create a new bin file from those components (i did not actually change anything, just testing for now). But when I tried to load the new bin file into the router it gave a checksum error.
Before I spend anymore time screwing around with this, I thought i should ask if the FMK is even able to work with the newer bins? (seems it hasnt been updated in many years).
I know that the web-gui is somehow locked to prevent modifications, but I'm not sure if there is anything else in the new bins that obfuscates something needed for the checksum etc..
If it makes any difference, the bin file was dd-wrt.v24-49492_NEWD-2_K3.x_mega_f7d3302 for an old Belkin F7D3302 (Broadcom BCM4716 chip).
Thanks!
Last edited by MuzzleVelocity on Mon Jul 18, 2022 13:24; edited 1 time in total
Any changes inside the firmware image changes the header checksum value; the checksum validation on flash will see this and will not allow flashing the modified file if the FMK process of rebuilding the image does not modify the header checksum value. At least that is what my barely awake brain seems to think. <grin> _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
not allow flashing the modified file if the FMK process of rebuilding the image does not modify the header checksum value<grin>
thats the obvious explanation, but I ASSumed that the build-firmware.sh script in the FMK would re-create a new checksum, otherwise it wouldnt be very useful, would it?
I did try a little test though. I monitored the serial console during the bin upload, and saw what checksum it was expecting, vs whats in the bin. I then modified the checksum in the bin with hexeditor to give the router what it expected. That allowed me to flash the new bin, but after rebooting it bricked itself with a kernel-panic error. it was a longshot, but i tried... (was able to un-brick via CFE though)
I guess I must not have had the entire picture. What exactly where you trying to combine? Were you trying to inject a kernel into a different firmware image? There are plenty of factors at play here. One being kernel modules. If the modules aren't present and the running kernel is trying to load them, bad things (can) happen. A clearer picture of the objective might help finding a solution that works. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
I have some plans for things to try in the future, but as of right now, all i wanted to do is verify I had FMK installed correctly and it was working.
So i extracted the contents of a firmware, made ZERO changes to it, then rebuilt a bin file from it. Theres no point trying to make any changes to the files until i can at least get this part to work, right?
For now i just need to learn the limitations of FMK. Does it still work with modern bins? Is it limited to only certain routers? Has anybody actually used it in the last ten years?
I was able to get the FMK to work perfectly on the latest build from the BroadCom_K26 generic folder. My original test was from a file in Broadcom_K3X.
So unless someone has better info, I'm going to declare that FMK is not compatible with Kernel 3 or higher, but K26 is still good. I would update the wiki, but i don't have access.
One of the original folks behind the FMK is a former Developer/Maintainer of DD-WRT and it was originally written when uClibc was used across the board in embedded linux firmware projects. At least that is a semi-educated theory of sorts. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Success! Was able to get the FMK to extract and re-build a K3x (Kernel 4) build!
The two things I had to do to make it work:
1) use the -min argument with the build-firmware.sh script
2) use a generic bin (as opposed to a trailed build or .trx file)