Reverse Engineering TP-Link Home Router’s Firmware With Binwalk
Click Here ---> https://urlin.us/2ta7YN
Linux has a powerful command line utility called strings that will tell you what a binary file contains. However, that's only useful to you if you have the source code for the software you're working with: that's exactly what I used to understand the uhttpd Lua extensions for the router.
As I said above, you can use the binwalk tool to extract files from a firmware image. You can also use the binwalk tool to inspect an image and look for configuration and other data. For this, we need to first build a firmware image. To get a firmware image, we can download a firmware image from a vendor. You can find vendor firmware images here and you can find more information about them
Here you can see that there are a few files extracted from the firmware image. Using binwalk against the file you can see that there is a Vendor file for this particular firmware. There is also a info file, which contains several interesting strings. I will focus on the info file because you can see the string kerninfo.lz4 in it. That is the name of the Lua interpreter used for this firmware.
I haven’t gotten very far, but I think I have found a couple of interesting things. I found the original firmware on the router using binwalk and from there, I was able to extract the filesystem.binwalk is able to extract files from mounted filesystems, without mounting it. I’m not sure if you need to have the root access on the host, or if it’s possible to extract files from the filesystem even if you don’t have root access. Either way, here are some interesting files that I discovered:
System.img: This is the filesystem image of the router. It has the encrypted configuration and the default configuration, along with other configuration files. The binwalk command will extract a .img file. I have read somewhere that you need the default password to decrypt the image, but I couldn’t get this to work. The default password is something like admin or password. 827ec27edc