Breaking the D-Link DIR3060 Firmware Encryption – Recon – Part 1

For those who are interested and found the article interesting there are additional posts in this series. The second[0] and third[1] posts are quite neat.<p>[0]: <a href="https:&#x2F;&#x2F;0x434b.dev&#x2F;breaking-the-d-link-dir3060-firmware-encryption-static-analysis-of-the-decryption-routine-part-2-1&#x2F;" rel="nofollow">https:&#x2F;&#x2F;0x434b.dev&#x2F;breaking-the-d-link-dir3060-firmware-encr...</a><p>[1]: <a href="https:&#x2F;&#x2F;0x434b.dev&#x2F;breaking-the-d-link-dir3060-firmware-encryption-static-analysis-part-2&#x2F;" rel="nofollow">https:&#x2F;&#x2F;0x434b.dev&#x2F;breaking-the-d-link-dir3060-firmware-encr...</a>

Cool! One question: I wonder why they didn’t just use GHIDRA to reverse engineer the MIPS binary? GHIDRA can decompile MIPS and does quite a passable job. IDA is an awesome tool (and still edges out GHIDRA for ARM&#x2F;x86 if you have the decompiler), but my experience is that GHIDRA is way nicer for pretty much any other architecture. YMMV.<p>I appreciated the writeup, especially since I’ve done some firmware decryption and repacking myself (although in my case, the encryption was just repeating-XOR!).

At least a few models of Linksys&#x2F;Cisco home routers I own had their firmware &quot;encrypted&quot; using GnuPG. They had the extension .gpg.img but could simply be decrypted with:<p>$ gpg --output decrypted.img --decrypt &lt;model&gt;&lt;ver&gt;.gpg.img<p>binwalk can handle the rest.<p>It looks like they mainly did this for verification, as there is an RSA public key embedded on the device. It unfortunately does make it nearly impossible to flash any modified firmware such as OpenWRT, which is very frustrating. I say nearly as I haven&#x27;t fully investigated the models that I own. Some routers have a emergency recovery flash method that may bypass the PGP check, I recall older D-Link models having a web flasher integrated into u-boot.

&gt; the firmware encryption that was put in place to prevent tampering and static analysis<p>Code signing is enough to prevent tampering, so D-Link obviously doesn&#x27;t want their users to know how their own hardware works. Does D-Link view their users as the adversary? If so, should the users view D-Link as hostile?

Hey, I&#x27;m the author of this series (see my Twitter &quot;rant&quot;: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;0xricksanchez&#x2F;status&#x2F;1290291267914563585" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;0xricksanchez&#x2F;status&#x2F;1290291267914563585</a> or my repo with the re-constructed source code here: <a href="https:&#x2F;&#x2F;github.com&#x2F;0xricksanchez&#x2F;dlink-decrypt&#x2F;blob&#x2F;master&#x2F;src&#x2F;imgdecrypt.c" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;0xricksanchez&#x2F;dlink-decrypt&#x2F;blob&#x2F;master&#x2F;s...</a> )<p>All your thoughts and feedback are much appreciated :). I&#x27;m happy if you guys liked it!<p>cheers

I&#x27;m not an expert (so I might be wrong here question-wise), but it seems to me that using the same type of encryption &quot;key&quot; to lock down firmware on various devices sounds like a very ill-advised way to do things.<p>It seems like it would be possible that once you find the &quot;key&quot; for one router, you could potentially exploit a bunch of other router&#x2F;switch models as well. Am I incorrect in this thinking?

I LOVE this kind of stuff!<p>I was able to finally extract the squashfs file from my routers firmware using dd and program I found on github called “sasquash” which patches decompression tools and can also flip endianness.

Secure through obscurity, the age old security solution!