Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Linksys » Sveasoft defamation
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Forum Rules ·Forum FAQ ·FTP Modes & Ports ·Linksys Home
Fiber to curb DSL »
« [general] BEFW11S4 V.4 slow ethernet/wireless  

Arno Nym

Re: Analysis of the Alchemy 5.1 binaries

Don't jump to conclusions. A tool with similar output could be written in a matter of hours with publically available crypto libraries.
permalink · 2004-07-21 17:28:52 ·
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast

Re: Analysis of the Alchemy 5.1 binaries

said by Arno Nym:
Don't jump to conclusions. A tool with similar output could be written in a matter of hours with publically available crypto libraries.
Is the message encoded or just hidden, is decryption or exposure possible with a tool? Even if we could determine the size of the encryption we'd be able to guess what's stored... userid... date... time??

Can anyone who can download a binary indicate if they download 2 binaries on 2 days (of the same binary from Sveasoft) are they identical... this would help determine if there is a date/time stamp. If they're identical across time... then likely it's encrypting userid... someone with a copy may be able to test then by encrypting the userid into the "stripped" file to see if they get similar results. At least then the "mystery" of the checksum would be solved
permalink · 2004-07-21 17:40:33 · Print ·

TheIndividual



1 edit

Re: Analysis of the Alchemy 5.1 binaries

Arno Nym:
I have to admit that I am not that familiar with the firmware structure. Congratulations on your findings, I'm just curious how you did it. Did you strip the squashfs from the binary or did you actually upload it to your router and compare those files? I guess the former, so I would like to know how exactly one can do that and if it would be possible to re-compress a tag-free version?
Sveasoft obviously must be keeping all the different binaries available for possible later downloads, so they do know which file with which md5sum got transfered to who.

Anyways it's nice to know that there are no code differences in all versions, I never really believed in any backdoor and such on P2P versions.
permalink · 2004-07-21 18:00:08 · Print ·

Arno Nym



Re: Analysis of the Alchemy 5.1 binaries

A backdoor or phone home function is still possible if it is in every firmware binary. I only checked for differences. I have yet to compile my own binary. Sifting through the whole source for trojan code would take a long time.

The squash filesystem has a magic number. Open the firmware image with a hexeditor and look for hsqs (0x68 0x73 0x71 0x73) or shsq (0x73 0x68 0x73 0x71). In the Alchemy 5.1 binaries, this signature is found at offset 0xB84A0. Copy everything from that point on into a new file. This file can be mounted on a system with a matching squashfs driver (mount -o loop -t squashfs image.sqfs /mnt). The squashfs 2.0 final driver does not recognize the filesystem images from Alchemy 5.1, but the squashfs source from the Alchemy source package can be compiled on an i386 as well. To create a new squashfs image, you would have to use the binary only mksquashfs from the Alchemy source package, concatenate the resulting image file with a header and a kernel and adjust the checksum in the header. This could be the point where the tag is created, so check the resulting filesystem image. You could also try using the newer mksquashfs directly from the author, but to avoid bricking your router, you should first verify that you can mount the filesystem image with a kernel which has been patched with the squashfs code from Alchemy.

It should be noted that the tagging need not be this obvious and it is absolutely possible to create tags in a way which permits exact identification of the group of files which has been compared in order to eliminate the tag. Detagging could thus get all subscribers kicked who offer their downloaded firmware for comparison. You would be better off sacrificing one subscription per release.
permalink · 2004-07-21 18:31:43 · Print ·
(topic locked)
Forums » Equipment Support » Hardware By Brand » LinksysFiber to curb DSL »
« [general] BEFW11S4 V.4 slow ethernet/wireless  

Thursday, 10-Dec 21:41:08 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [200] Sprint Sued For Distracted Driving Death
· [136] AT&T Launching New 24 Mbps U-Verse Tier
· [87] AT&T Hints At Usage-Based iPhone Data Pricing
· [82] 3G Network Test Says AT&T Is Tops
· [74] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [72] Mediacom Unveils 105 Mbps Pricing
· [66] Sprint Poised For A Turnaround?
· [55] Average American Consumes 34 Gigabytes Daily
· [51] The Future Of Wi-Fi Is Bright
· [50] Sprint, T-Mobile Merger Rumor Lives
Most people now reading
· New Mediacom Email [Mediacom]
· [WIN7] Well, I was dumb, but do I have recourse? [Microsoft Help]
· malware has been found hidden inside an Ubuntu screensaver [Security]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Windows 7 boot manager editing questions [Microsoft Help]
· ICC strats [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· ICC Strats??? [World of Warcraft]
· Equal speeds ruling [Canadian Broadband]
· Lawyers Claim Palin Hack Suspect's PC Had Spyware [Security]