Home Explore Help
Sign In
Superglue
/
serverfiles
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

dlink-flash.c tool

Danja Vasiliev 10 years ago
parent
c525a988b2
commit
96b31030cb
2 changed files with 327 additions and 0 deletions
Split View Show Diff Stats
  1. 0 0
      openwrt/tools/collect-local.sh
  2. 327 0
      openwrt/tools/dlink-flash.c

+ 0 - 0
openwrt/collect-local.sh → openwrt/tools/collect-local.sh
View File


+ 327 - 0
openwrt/tools/dlink-flash.c
View File 

@@ -0,0 +1,327 @@
 
+/* dlink-flash - Flash D-Link DIR505 (and potentially other D-Links) 
+ * using recovery web flashing without using Internet Explorer 8
 
+ *
 
+ * SuperGlue project | http://superglue.it
 
+ * Danja Vasiliev <danja@k0a1a.net> | 2014
 
+ * Based on original work by Daniel Dickinson, 2014
 
+ *
 
+ * - Compile this tool:
 
+ *
 
+ *   $ gcc -o dlink-flash dlink-flash.c
 
+ * 
+ * - Boot your DIR-505 unit while holding Reset until red LED begins to blink slowly
 
+ * - Configure your host network interface:
 
+ *
 
+ *   # ifconfig eth0 192.168.0.2 netmask 255.255.255.0 up
 
+ *
 
+ * - Upload desired (original) firmware:
 
+ *
 
+ *   $ ./dlink-flash firmware.bin 
+ *
 
+ * - Allow a few minutes for flashing (no indication provided)
 
+ * - Power cycle the unit to boot to new firmware
 
+ *
 
+ * This program is free software: you can redistribute it and/or modify
 
+ * it under the terms of the GNU General Public License as published by
 
+ * the Free Software Foundation, either version 3 of the License, or
 
+ * (at your option) any later version.
 
+ *
 
+ * This program is distributed in the hope that it will be useful,
 
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
 
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
+ * GNU General Public License for more details.
 
+ *
 
+ * You should have received a copy of the GNU General Public License
 
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>. 
+ */
 
+ 
+#include <sys/types.h>
 
+#include <sys/socket.h>
 
+#include <unistd.h>
 
+#include <stdlib.h>
 
+#include <regex.h>
 
+#include <stdint.h>
 
+#include <string.h>
 
+#include <stdio.h>
 
+#include <netinet/in.h>
 
+#include <netinet/tcp.h>
 
+#include <arpa/inet.h>
 
+#include <errno.h>
 
+ 
+void build_post_bin(uint8_t **post, size_t *post_len, uint8_t *newdata, size_t datalen) {
 
+    uint8_t *newpost = NULL;
 
+ 
+    newpost = malloc((*post_len + datalen) * sizeof(uint8_t));
 
+    if (*post) {
 
+  memcpy(newpost, *post, *post_len);
 
+    } else {
 
+        *post_len = 0;
 
+    }
 
+    memcpy(newpost + *post_len, newdata, datalen);
 
+    *post_len += datalen;    
+    if (*post)
 
+  free(*post);    
+    *post = newpost;
 
+}
 
+ 
+void build_post(uint8_t **post, size_t *post_len, char *newchar, size_t *content_len) {
 
+    uint8_t *newpost = NULL;
 
+    size_t nlen;
 
+    build_post_bin(post, post_len, newchar, strlen(newchar));
 
+    if (content_len) {
 
+        *content_len += strlen(newchar);
 
+    }
 
+}
 
+ 
+void usage(char *exename) {
 
+    printf("Usage: %s <filename> [-d]\n", exename);
 
+    printf("   Interface attached to D-Link must have IP addres 192.168.0.2");
 
+    exit(1);
 
+}
 
+ 
+int open_socket(void) {
 
+    /* we need TCP window to be 1024 bytes long */
 
+    int sock = socket(AF_INET, SOCK_STREAM, 0);
 
+    unsigned int tcpflush = 1;
 
+    unsigned int recvbufsz = 1024;
 
+    unsigned int smallwindow = 1024;
 
+    unsigned int mss = 2048;
 
+ 
+    setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &recvbufsz, sizeof(recvbufsz));
 
+    setsockopt(sock, SOL_SOCKET, SO_SNDBUF, &recvbufsz, sizeof(recvbufsz));
 
+    setsockopt(sock, IPPROTO_IP, TCP_NODELAY, &tcpflush, sizeof(tcpflush));
 
+    setsockopt(sock, IPPROTO_IP, TCP_MAXSEG, &mss, sizeof(mss));
 
+    setsockopt(sock, IPPROTO_IP, TCP_WINDOW_CLAMP, &smallwindow, sizeof(smallwindow));
 
+ 
+    struct sockaddr_in ipaddr;
 
+    /* D-Link default recovery IP */
 
+    in_addr_t hostip = inet_addr("192.168.0.1");
 
+    ipaddr.sin_family = AF_INET;
 
+    ipaddr.sin_port = htons(80);
 
+    ipaddr.sin_addr.s_addr = hostip;
 
+    if (connect(sock, (struct sockaddr *)&ipaddr, sizeof(struct sockaddr)) < 0) {
 
+        return -1;
 
+    }
 
+    return sock;
 
+}
 
+ 
+void send_get(int *sock, uint8_t *get, size_t getlen, uint8_t *post, int debug) {
 
+    size_t socksent = 0;
 
+    size_t curpos = 0;
 
+    *sock = open_socket();
 
+    if (*sock < 0) {
 
+        perror("send_get");
 
+        free(get);
 
+        if (post)
 
+            free(post);
 
+        exit(7);
 
+    }
 
+    while (curpos < getlen) {
 
+        if ((getlen - curpos) >= 1024) {
 
+      socksent = send(*sock, get + curpos, 1024, 0);
 
+            if (debug)
 
+                fprintf(stderr, "Sent %d bytes\n", socksent);
 
+      if (socksent < 0) {
 
+          perror("send_get");
 
+    close(*sock);
 
+    free(get);
 
+                if (post)
 
+        free(post);
 
+    exit(7);
 
+            }
 
+  } else {
 
+      socksent = send(*sock, get + curpos, getlen - curpos, 0);
 
+            if (debug)
 
+                fprintf(stderr, "Sent %d bytes\n", socksent);
 
+      if (socksent < 0) {
 
+          perror("send_get");
 
+    close(*sock);
 
+    free(get);
 
+                if (post)
 
+        free(post);
 
+    exit(7);
 
+            }
 
+        }
 
+        curpos += socksent;
 
+        printf("\r%d/%d Bytes written: GET %g%% complete                          ", curpos, getlen, ((float)curpos / (float)getlen) * (float)100);
 
+  fflush(stdout);
 
+    }
 
+    printf("\nFinished sending GET. Waiting for response.\n");
 
+}
 
+ 
+int main(int argc, char *argv[]) {
 
+    uint8_t *firmware = NULL;   
+    uint8_t *post = NULL;
 
+    size_t postlen = 0;
 
+    uint8_t *get = NULL;
 
+    size_t getlen = 0;
 
+    uint8_t *content = NULL;
 
+    size_t contentlen = 0;
 
+    size_t nonnllen = 0;
 
+    size_t firmwarelen = 0;
 
+    char contentlenstr[2048];
 
+    size_t curpos = 0;
 
+    contentlenstr[0] = 0;
 
+    int debug = 0;
 
+ 
+    if (argc < 2) {
 
+  usage(argv[0]);
 
+    }
 
+ 
+   if (argc == 3) {
 
+        if (!strncmp(argv[2], "-d", 2)) {
 
+      debug = 1;
 
+        } else {
 
+      usage(argv[0]);
 
+        }
 
+    } else if (argc > 2) {
 
+  usage(argv[0]);
 
+    }
 
+ 
+    printf("Load firmware file %s\n", argv[1]);
 
+ 
+    int firmwarefd = open(argv[1], 0);
 
+    if (firmwarefd < 0) {
 
+  perror(argv[1]);
 
+  exit(1);
 
+    }
 
+ 
+    size_t len = 0;
 
+    uint8_t buf[2048];
 
+    uint8_t *newfw = NULL;
 
+    int sock;
 
+ 
+    do {
 
+        len = read(firmwarefd, &buf[0], 2048);
 
+        if (len < 0) {
 
+  perror(argv[1]);
 
+  close(firmwarefd);
 
+        if (firmware)
 
+      free(firmware);
 
+            exit(2);
 
+  }
 
+        if (len > 0) {
 
+      newfw = malloc((firmwarelen + len) * sizeof(uint8_t));
 
+      if (firmware)
 
+    memcpy(newfw, firmware, firmwarelen);
 
+      memcpy(newfw + firmwarelen, &buf[0], len);
 
+      firmwarelen += len;
 
+      if (firmware)
 
+    free(firmware);
 
+      firmware = newfw;
 
+        }
 
+    } while (len > 0);
 
+    close(firmwarefd);
 
+    printf("Firmware %u bytes long\n", firmwarelen);
 
+ 
+    build_post(&content, &contentlen, "---------------------------7de1fe13304\r\n", NULL);    
+    nonnllen += 2;
 
+    /* just going to keep this */
 
+    build_post(&content, &contentlen, "Content-Disposition: form-data; name=\"files\"; filename=\"C:\\My Documents\\firmware.bin\"\r\n", &nonnllen);
 
+    build_post(&content, &contentlen, "Content-Type: application/octet-stream\r\n", &nonnllen);
 
+    build_post(&content, &contentlen, "\r\n", &nonnllen);
 
+    build_post_bin(&content, &contentlen, firmware, firmwarelen);
 
+    build_post(&content, &contentlen, "\r\n---------------------------7de1fe13304--\r\n", NULL);
 
+    nonnllen += 4;
 
+ 
+    sprintf(contentlenstr, "%d\r\n", nonnllen + firmwarelen);
 
+ 
+    build_post(&post, &postlen, "POST /cgi/index HTTP/1.1\r\n", NULL);
 
+    build_post(&post, &postlen, "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*\r\n", NULL);
 
+    build_post(&post, &postlen, "Referer: http://192.168.0.1\r\n", NULL);
 
+    build_post(&post, &postlen, "Accept-Language: en-US\r\n", NULL);
 
+    build_post(&post, &postlen, "User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)\r\n", NULL);
 
+    build_post(&post, &postlen, "Content-Type: multipart/form-data; boundary=---------------------------7de1fe13304\r\n", NULL);
 
+    build_post(&post, &postlen, "Accept-Encoding: gzip, deflate\r\n", NULL);
 
+    build_post(&post, &postlen, "Host: 192.168.0.1\r\n", NULL);
 
+    build_post(&post, &postlen, "Content-Length: ", NULL);
 
+    build_post(&post, &postlen, contentlenstr, NULL);
 
+    build_post(&post, &postlen, "Connection: Keep-Alive\r\n", NULL);
 
+    build_post(&post, &postlen, "Cache-Control: no-cache\r\n", NULL);
 
+    build_post(&post, &postlen, "\r\n", NULL);
 
+    build_post_bin(&post, &postlen, content, contentlen);
 
+    free(content);
 
+    free(firmware);
 
+ 
+    int gotlen = 0;
 
+    char recvbuf[2048];
 
+    int recvlen = recv(sock, &recvbuf[0], 1024, MSG_WAITALL);
 
+    int newrecvlen;
 
+    printf("Initiating transfer....");
 
+    fflush(stdout);
 
+    sock = open_socket();
 
+    if (sock < 0) {
 
+        perror(argv[1]);
 
+        free(post);
 
+    }
 
+    size_t socksent = 0;
 
+    curpos = 0;
 
+    while (curpos < postlen) {
 
+        if ((postlen - curpos) >= 1024) {
 
+      socksent = send(sock, post + curpos, 1024, 0);
 
+            if (debug)
 
+                fprintf(stderr, "Sent %d bytes\n", socksent);
 
+      if (socksent < 0) {
 
+          perror(argv[1]);
 
+    close(sock);
 
+    free(post);
 
+    exit(5);
 
+            }
 
+  } else {
 
+      socksent = send(sock, post + curpos, postlen - curpos, 0);
 
+            if (debug)
 
+                fprintf(stderr, "Sent %d bytes\n", socksent);
 
+      if (socksent < 0) {
 
+          perror(argv[1]);
 
+    close(sock);
 
+    free(post);
 
+    exit(5);
 
+            }
 
+        }
 
+        curpos += socksent;
 
+        printf("\r%d/%d Bytes written: Upload %g%% complete        ", curpos, postlen, ((float)curpos / (float)postlen) * (float)100);
 
+  fflush(stdout);
 
+    }
 
+    printf("\nFinished sending post. Waiting for response.\n");
 
+    free(post);
 
+    regex_t pattern;
 
+    if (regcomp(&pattern, "count_down", REG_NOSUB)) {
 
+  printf("Error compiling expression to detect success or failure\n");
 
+  close(sock);
 
+  exit(7);
 
+    }
 
+    recvbuf[0] = 0;
 
+    recvlen = recv(sock, &recvbuf[0], 1024, MSG_WAITALL);
 
+    if (debug) {
 
+        fprintf(stderr, "Got %d bytes\n", recvlen);
 
+        fprintf(stderr, "%s", &recvbuf[0]);
 
+    }
 
+    int firstpacket = 1;
 
+    do {
 
+       if (recvlen < 0) {
 
+           perror(argv[1]);
 
+     close(sock);
 
+     exit(6);
 
+       } else if (recvlen > 0) {
 
+           if (!regexec(&pattern, &recvbuf[0], 0, NULL, 0)) {
 
+              printf("Firmware successfully sent.  Please wait for device to reboot.\n");
 
+              break;
 
+              if (firstpacket) {
 
+            printf("Error sending firmware to device.  Response is:\n");
 
+              }
 
+        printf("%s", &recvbuf[0]);
 
+          }
 
+          recvlen = recv(sock, &recvbuf[0], 1024, MSG_WAITALL);
 
+          if (debug) {
 
+        fprintf(stderr, "Got %d data\n", newrecvlen);
 
+              if (recvlen > 0)
 
+                 fprintf(stderr, "%s", &recvbuf[0]);
 
+          }
 
+       }
 
+       firstpacket = 0;
 
+    } while (recvlen > 0);
 
+    regfree(&pattern);
 
+    shutdown(sock, SHUT_RDWR);
 
+    close(sock);
 
+    return 0;    
+}