Skip to content

knightmare2600/draytools

 
 

Repository files navigation

------------------------------------------------------------------------------
 DrayTek Vigor password recovery, config & firmware tools

 https://github.com/ammonium/draytools/
 https://github.com/ammonium/draytools/wiki
------------------------------------------------------------------------------
draytools Copyright (C) 2011 AMMOnium <ammonium at mail dot ru>
  
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

------------------------------------------------------------------------------
This program uses code translated from Java code of Java-LZO compression 
program by Markus Oberhumer, author of LZO algorithm and its implementation:

http://www.oberhumer.com/opensource/lzo/


   Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer
   Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer
   Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer
   Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer

   The LZO library is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public License as
   published by the Free Software Foundation; either version 2 of
   the License, or (at your option) any later version.

   The LZO library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with the LZO library; see the file COPYING.
   If not, write to the Free Software Foundation, Inc.,
   59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

   Markus F.X.J. Oberhumer
   <[email protected]>
   http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html

------------------------------------------------------------------------------
1. Introduction
------------------------------------------------------------------------------
1.1. The problem.
------------------------------------------------------------------------------

Modern DrayTek Vigor routers (V2xxx models, e.g. 2710, 2820, 2930 etc. 
and V3xxx, e.g 3200) compress and enrypt their configuration files, 
and their firmware (and the web interface filesystem) is also compressed. 

The router's owner may forget his router admin password one day.
Resetting the device to factory settings may not be an option, e.g. if 
some complex network configuration has been done.

1) If you have a config file, but have lost/forgotten the login/password
or,
2) even if you have lost everything, except the router,
then draytools still can help you!

THIS PROGRAM WAS MADE TO BE USED BY LEGITIMATE DEVICE OWNERS ONLY.
IF YOU USE IT, YOU ACCEPT THAT YOU ARE DOING EVERYTHING AT YOUR OWN RISK.

------------------------------------------------------------------------------
1.2. Features.
------------------------------------------------------------------------------

1.2.1. Extract admin login & password from config files
1.2.2. Generate FTP master key based on router's MAC address
1.2.3. Decrypt DrayTek config files
1.2.4. Decompress DrayTek config files
1.2.5. Decompress DrayTek firmware files
1.2.6. Extract filesystem from DrayTek firmware files

------------------------------------------------------------------------------
1.3. List of supported routers 
------------------------------------------------------------------------------

NOTE: Only firmwares older than year 2013 are supported. Newer ones do not 
contain the features we are relying on (master password removed, etc.)

For config file operations, refer to the corresponding list.
For firmware operations, most DrayTek Vigor 2xxx routers should be supported
(and some 3xxx also).
The master password generator seems to work for all the models that have been 
tested for firmware operations.


Config file operations tested on:
  2700
  2710
  2800
  2820
  2830
  2910

Firmware operations tested on:
  2600
  2700
  2710
  2800
  2820
  2830
  2900
  2910
  2920
  2930
  2950
  2955
  3200

------------------------------------------------------------------------------
2. Installation and usage
------------------------------------------------------------------------------
2.1. SEE INSTALL file for more details.
2.2. Execute:
------------------------------------------------------------------------------
$ python draytools.py --help

Usage: draytools.py [options] file
DrayTek V2xxx config file and firmware decryption/decompression tools

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -o OUTFILE, --output=OUTFILE
                        Output file name, %INPUTFILE%.out if omitted
  -t, --test            Test mode, do not write anything to disk, only try to
                        parse files
  -v, --verbose         Verbose output

  Config file (*.cfg) commands:
    To be used on config files only

    -c, --config        Decrypt and decompress config
    -d, --decompress    Decompress an unenrypted config file
    -y, --decrypt       Decrypt config file
    -p, --password      Retrieve admin login and password from config file

  Firmware file (*.all, *.rst, *.bin) commands:
    To be used on firmware files only

    -f, --firmware      Decompress firmware
    -F, --firmware-all  Decompress firmware and extract filesystem
    -s, --fs            Extract filesystem
    -O OUTDIR, --out-dir=OUTDIR
                        Output directory for filesystem contents, "fs_out" by
                        default

  Miscellaneous commands:
    Some other useful stuff

    -m MAC, --master-key=MAC
                        Generate FTP master key for given router MAC address.
                        To login to FTP enter "admin" as username and
                        generated master key as password

Examples:

To print login&password from the config file:
$ python draytools.py -p config.cfg
	Login and password will be displayed

To decrypt & decompress the config file:
$ python draytools.py -c config.cfg
	Raw config file "config.cfg.out" will be produced

To extract firmware and filesystem contents
$ python draytools.py -F firmware.all
	Uncompressed firmware will be written to file "firmware.all.out"
	Filesystem will be extracted to "fs_out" folder.

------------------------------------------------------------------------------
... and have fun.

2.3. ... or even use draytools.py & pydelzo.py in your projects (GPL v3).

------------------------------------------------------------------------------
3. Known BUGs and other notes
------------------------------------------------------------------------------

3.1. Input is not validated, many stupid default assumptions are being made.
3.2. If draytools is not working for your box, 
visit https://github.com/ammonium/draytools/issues or email me.
3.3. Almost no error handling (sorry for being so lazy).

------------------------------------------------------------------------------
4. TODOs
------------------------------------------------------------------------------

4.1. Further research of config file format (VPN, firewall rules, ...)
4.2. Further research of firmware file format (checksums?)
4.3. Try building custom firmware :)

------------------------------------------------------------------------------

About

DrayTek Vigor password recovery, config & firmware tools

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 100.0%