republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Equipment Support » Hardware By Brand » Linksys » Sveasoft defamation
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·Forum Rules ·Forum FAQ ·FTP Modes & Ports ·Linksys Home
Fiber to curb DSL »
« [general] BEFW11S4 V.4 slow ethernet/wireless  
pandora
Premium
join:2001-06-01
Outland
·ooma
·Future Nine Corpor..
·Comcast

Re: Analysis of the Alchemy 5.1 binaries

said by Arno Nym:
Don't jump to conclusions. A tool with similar output could be written in a matter of hours with publically available crypto libraries.
Is the message encoded or just hidden, is decryption or exposure possible with a tool? Even if we could determine the size of the encryption we'd be able to guess what's stored... userid... date... time??

Can anyone who can download a binary indicate if they download 2 binaries on 2 days (of the same binary from Sveasoft) are they identical... this would help determine if there is a date/time stamp. If they're identical across time... then likely it's encrypting userid... someone with a copy may be able to test then by encrypting the userid into the "stripped" file to see if they get similar results. At least then the "mystery" of the checksum would be solved
permalink · 2004-07-21 17:40:33 · Print ·

TheIndividual



1 edit

Re: Analysis of the Alchemy 5.1 binaries

Arno Nym:
I have to admit that I am not that familiar with the firmware structure. Congratulations on your findings, I'm just curious how you did it. Did you strip the squashfs from the binary or did you actually upload it to your router and compare those files? I guess the former, so I would like to know how exactly one can do that and if it would be possible to re-compress a tag-free version?
Sveasoft obviously must be keeping all the different binaries available for possible later downloads, so they do know which file with which md5sum got transfered to who.

Anyways it's nice to know that there are no code differences in all versions, I never really believed in any backdoor and such on P2P versions.
permalink · 2004-07-21 18:00:08 · Print ·

Arno Nym



Re: Analysis of the Alchemy 5.1 binaries

A backdoor or phone home function is still possible if it is in every firmware binary. I only checked for differences. I have yet to compile my own binary. Sifting through the whole source for trojan code would take a long time.

The squash filesystem has a magic number. Open the firmware image with a hexeditor and look for hsqs (0x68 0x73 0x71 0x73) or shsq (0x73 0x68 0x73 0x71). In the Alchemy 5.1 binaries, this signature is found at offset 0xB84A0. Copy everything from that point on into a new file. This file can be mounted on a system with a matching squashfs driver (mount -o loop -t squashfs image.sqfs /mnt). The squashfs 2.0 final driver does not recognize the filesystem images from Alchemy 5.1, but the squashfs source from the Alchemy source package can be compiled on an i386 as well. To create a new squashfs image, you would have to use the binary only mksquashfs from the Alchemy source package, concatenate the resulting image file with a header and a kernel and adjust the checksum in the header. This could be the point where the tag is created, so check the resulting filesystem image. You could also try using the newer mksquashfs directly from the author, but to avoid bricking your router, you should first verify that you can mount the filesystem image with a kernel which has been patched with the squashfs code from Alchemy.

It should be noted that the tagging need not be this obvious and it is absolutely possible to create tags in a way which permits exact identification of the group of files which has been compared in order to eliminate the tag. Detagging could thus get all subscribers kicked who offer their downloaded firmware for comparison. You would be better off sacrificing one subscription per release.
permalink · 2004-07-21 18:31:43 · Print ·
(topic locked)
Forums » Equipment Support » Hardware By Brand » LinksysFiber to curb DSL »
« [general] BEFW11S4 V.4 slow ethernet/wireless  

Sunday, 29-Nov 01:23:03 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [73] Weekend Open Thread
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· sysguard2010.com [Security]
· [Newsgroups] Newzleech down? [Filesharing Software]
· netTalk tk6000 [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]