forked from krolinventions/draytools
-
Notifications
You must be signed in to change notification settings - Fork 4
/
README
206 lines (161 loc) · 7.97 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
------------------------------------------------------------------------------
DrayTek Vigor password recovery, config & firmware tools
https://github.com/ammonium/draytools/
https://github.com/ammonium/draytools/wiki
------------------------------------------------------------------------------
draytools Copyright (C) 2011 AMMOnium <ammonium at mail dot ru>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
------------------------------------------------------------------------------
This program uses code translated from Java code of Java-LZO compression
program by Markus Oberhumer, author of LZO algorithm and its implementation:
http://www.oberhumer.com/opensource/lzo/
Copyright (C) 1999 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1998 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1997 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1996 Markus Franz Xaver Johannes Oberhumer
The LZO library is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License, or (at your option) any later version.
The LZO library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with the LZO library; see the file COPYING.
If not, write to the Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
Markus F.X.J. Oberhumer
http://wildsau.idv.uni-linz.ac.at/mfx/lzo.html
------------------------------------------------------------------------------
1. Introduction
------------------------------------------------------------------------------
1.1. The problem.
------------------------------------------------------------------------------
Modern DrayTek Vigor routers (V2xxx models, e.g. 2710, 2820, 2930 etc.
and V3xxx, e.g 3200) compress and enrypt their configuration files,
and their firmware (and the web interface filesystem) is also compressed.
The router's owner may forget his router admin password one day.
Resetting the device to factory settings may not be an option, e.g. if
some complex network configuration has been done.
1) If you have a config file, but have lost/forgotten the login/password
or,
2) even if you have lost everything, except the router,
then draytools still can help you!
THIS PROGRAM WAS MADE TO BE USED BY LEGITIMATE DEVICE OWNERS ONLY.
IF YOU USE IT, YOU ACCEPT THAT YOU ARE DOING EVERYTHING AT YOUR OWN RISK.
------------------------------------------------------------------------------
1.2. Features.
------------------------------------------------------------------------------
1.2.1. Extract admin login & password from config files
1.2.2. Generate FTP master key based on router's MAC address
1.2.3. Decrypt DrayTek config files
1.2.4. Decompress DrayTek config files
1.2.5. Decompress DrayTek firmware files
1.2.6. Extract filesystem from DrayTek firmware files
------------------------------------------------------------------------------
1.3. List of supported routers
------------------------------------------------------------------------------
NOTE: Only firmwares older than year 2013 are supported. Newer ones do not
contain the features we are relying on (master password removed, etc.)
For config file operations, refer to the corresponding list.
For firmware operations, most DrayTek Vigor 2xxx routers should be supported
(and some 3xxx also).
The master password generator seems to work for all the models that have been
tested for firmware operations.
Config file operations tested on:
2700
2710
2800
2820
2830
2910
Firmware operations tested on:
2600
2700
2710
2800
2820
2830
2900
2910
2920
2930
2950
2955
3200
------------------------------------------------------------------------------
2. Installation and usage
------------------------------------------------------------------------------
2.1. SEE INSTALL file for more details.
2.2. Execute:
------------------------------------------------------------------------------
$ python draytools.py --help
Usage: draytools.py [options] file
DrayTek V2xxx config file and firmware decryption/decompression tools
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-o OUTFILE, --output=OUTFILE
Output file name, %INPUTFILE%.out if omitted
-t, --test Test mode, do not write anything to disk, only try to
parse files
-v, --verbose Verbose output
Config file (*.cfg) commands:
To be used on config files only
-c, --config Decrypt and decompress config
-d, --decompress Decompress an unenrypted config file
-y, --decrypt Decrypt config file
-p, --password Retrieve admin login and password from config file
Firmware file (*.all, *.rst, *.bin) commands:
To be used on firmware files only
-f, --firmware Decompress firmware
-F, --firmware-all Decompress firmware and extract filesystem
-s, --fs Extract filesystem
-O OUTDIR, --out-dir=OUTDIR
Output directory for filesystem contents, "fs_out" by
default
Miscellaneous commands:
Some other useful stuff
-m MAC, --master-key=MAC
Generate FTP master key for given router MAC address.
To login to FTP enter "admin" as username and
generated master key as password
Examples:
To print login&password from the config file:
$ python draytools.py -p config.cfg
Login and password will be displayed
To decrypt & decompress the config file:
$ python draytools.py -c config.cfg
Raw config file "config.cfg.out" will be produced
To extract firmware and filesystem contents
$ python draytools.py -F firmware.all
Uncompressed firmware will be written to file "firmware.all.out"
Filesystem will be extracted to "fs_out" folder.
------------------------------------------------------------------------------
... and have fun.
2.3. ... or even use draytools.py & pydelzo.py in your projects (GPL v3).
------------------------------------------------------------------------------
3. Known BUGs and other notes
------------------------------------------------------------------------------
3.1. Input is not validated, many stupid default assumptions are being made.
3.2. If draytools is not working for your box,
visit https://github.com/ammonium/draytools/issues or email me.
3.3. Almost no error handling (sorry for being so lazy).
------------------------------------------------------------------------------
4. TODOs
------------------------------------------------------------------------------
4.1. Further research of config file format (VPN, firewall rules, ...)
4.2. Further research of firmware file format (checksums?)
4.3. Try building custom firmware :)
------------------------------------------------------------------------------