peterpawn / yourfritz Goto Github PK

dynamic package management for AVM routers

License: GNU General Public License v2.0

C 2.23% Shell 74.87% Lua 0.24% PowerShell 16.44% Makefile 0.09% HTML 0.12% Assembly 0.16% C# 5.41% sed 0.43%

avm firmware threats tools

yourfritz's Introduction

The final target of this project is to provide a really dynamic package management for SOHO/consumer IADs built by well-known vendor (at least known in Germany) AVM from Berlin.

These devices integrate various functions into a single device and - even due to grant-aided sales over some bigger providers in Germany - they're used widely in many (non-professional) installations in Germany (some sources speak about a market share of 50-60 percent here), Austria and Switzerland.

Maybe there's a little active community using FRITZ!Box devices in Australia too ... sometimes you may find some (mostly older) bulletin board conversations from this country regarding AVM routers.

The firmware for these devices is built on-top of Linux with many proprietary components. AVM states, they would publish a package with the open source files used to build their system, but since they switched to kernel version 3.10.73, these source packages are very incomplete (at least I think, they are ... I'm unable to compile a running kernel from these sources and I'm not the only one with such problems).

This repository contains (yet) some smaller shell scripts and files supporting their use ... it's growing and each new script is created with the intention to support the future target - they are the building blocks, which will be put together sometime in the future to form a single integrated solution.

Currently I'm the only one working on this project, any fellows are very welcome.

The modfs project is a spin-off from this (earlier) project, it's a solution to change the firmware supplied by the vendor on the FRITZ!Box device itself without the needs to use an own Linux installation with a complete toolchain built by the Freetz project. It's only a command line based solution, created from some proof-of-concept shell scripts, but it got some attention since it's a really simple solution to customize the stock firmware for your own needs. Because it may be used to create incremental changes and it contains a "boot manager" solution to switch a FRITZ!Box router between two different systems, each installed in its own partitions in the NAND flash of modern devices, there's little or no risk to damage the router and even the risk to be forced to recover such a device is practically non-existant.

Why should anybody need such a solution?

Because most users of FRITZ!OS devices are missing only an OpenVPN server/client and a SSH server for secure access to the command shell of the devices, these packages are (according to my experiences in the support forum for the Freetz project from the IPPF BBS - www.ip-phone-forum.de) the most used extensions to the stock firmware and a solution providing these additions as modular packages could save many people from the needs to make further changes to their devices, as the use of a "full-blown" Freetz image would do. Meanwhile the extensive changes made by the vendor to the GUI of the devices (it's now a "responsive design" :-)) renders some important Freetz packages useless and while Freetz is a really big solution, changing many aspects of the system and containing an own GUI (even if it's rather old and - meanwhile - unsecure compared with the stock firmware), some users want only smaller changes and prefer a solution, which can make them more "under the hood" without interferences with the original firmware.

It's not possible to implement the final solution in one fell swoop ... but the building blocks are growing step by step and meanwhile I think, we should be able to test the first integrated version during this year.

yourfritz's People

Contributors

Stargazers

Watchers

Forkers

presswurst hardfalcon hph86 aoxis er13 milchen83 damiankaczkowski deathfragger cymode mouset447 mr-jfk n3wb13 fgrueninger thekilleddead alex-tola flole998 bullstaff18 ostalecki pureinnocence tim1512 degs01 rolandludovici susiktom martnxx thorbenhild kabelhorst drbronko quitinit walluwins drostman hwolfram jekkos gitschorsch bbathow-private stepbyclab robe-15 peterp222 brille1 jony1512 adfx sky321 jgq8oils mvoppen mik5z acidgurkal tomposer rozwad bvbdvg shedowe19 c0c4in3 starbrights imbehinya matze-s blockchainnewbie doob85 froonix 3453-315h muhammadammadyousaf-developer mahdi7839 shindyhq rileysjc weshouman liviob74

yourfritz's Issues

Bootmanager und FIT?

Bootmanager funktioniert nicht mit "FIT" Geräten: Freetz-NG/freetz-ng#465 (comment)
Hast du geplant das zu unterstützen?

avm_kernel_config.extract & 4020

Größe der config-area kann für FRITZ.Box_4020.de-en-es-it-fr-pl.147.07.01.image nicht ermittelt werden

 $FTOOLS/avm_kernel_config.extract -l 0x80060000 kernel.raw.unpacked
Unexpected config area content found, extraction aborted.

 $FTOOLS/avm_kernel_config.extract -s 1024 -l 0x80060000 kernel.raw.unpacked
Unexpected config area content found, extraction aborted.

 $FTOOLS/avm_kernel_config.extract -s 64 -l 0x80060000 kernel.raw.unpacked |wc -l
5

BM und AVM FRITZ! Smart Home Gateway

root@fritz:/var/mod/root# bootslotctl get_active
0
root@fritz:/var/mod/root# bootmanager debug verbose
yf_bootmanager version = 0.8.6-202301141521
>>>>>>>>>> device configuration from EVA loader <<<<<<<<<<
>>>>>>>>>> debug output of bootmanager script <<<<<<<<<<
system type = IPQ5018
model = AVM FRITZ! Smart Home Gateway 1
chipset manufacturer = qcom
compatible = IPQ5018
system selector = 0
system is switched = false
device branding = avm
device branding is changeable = false
current branding = avm
system in inactive slot is installed = true
>>>>>>>>>>>>>>>>>>>> running system <<<<<<<<<<<<<<<<<<<<
active filesystem = /dev/mtdblock5
active system version = 265.07.54-106830
active system date = 21.06.2023, 17:38:46 Uhr (epoch: 1687361926)
active system modification date = 06.07.2023, 21:15:26 Uhr (epoch: 1688670926)
active system modification source = Freetz-NG
brandings supported on active system = avm avme
branding used by active system = avm (immutable)
>>>>>>>>>>>>>>>>>> alternative system <<<<<<<<<<<<<<<<<<
inactive filesystem = /dev/mtdblock6
inactive filesystem mounted on /var/tmp/9812_1688672372/alt_root
inactive system version = 265.07.54-106830
inactive system date = 21.06.2023, 17:38:46 Uhr (epoch: 1687361926)
inactive system modification date = 06.07.2023, 14:58:17 Uhr (epoch: 1688648297)
inactive system modification source = Freetz-NG
brandings supported on inactive system = avm avme
branding used by inactive system = avm (immutable)
inactive filesystem dismounted
root@fritz:/var/mod/root# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00700000 00020000 "fit0"
mtd1: 00540000 00020000 "urlader"
mtd2: 00800000 00020000 "nand-tffs"
mtd3: 00700000 00020000 "fit1"
mtd4: 064c0000 00020000 "ubi"
mtd5: 01e08000 0001f000 "filesystem"
mtd6: 01e08000 0001f000 "reserved-filesystem"
mtd7: 022a2000 0001f000 "avm_update"
root@fritz:/var/mod/root# ls -l /dev/disk/by-partlabel/
lrwxrwxrwx    1 root     root            12 Jan  1  1970 avm_filesys_0 -> ../../ubi0_0
lrwxrwxrwx    1 root     root            12 Jan  1  1970 avm_filesys_1 -> ../../ubi0_1
lrwxrwxrwx    1 root     root            12 Jan  1  1970 avm_update -> ../../ubi0_2
root@fritz:/var/mod/root# cd /var
root@fritz:/var# wget https://raw.githubusercontent.com/PeterPawn/YourFritz/freetz-ng-test/fit_tools/fit-findfs.sh
Connecting to raw.githubusercontent.com (185.199.111.133:443)
wget: note: TLS certificate validation not implemented
saving to 'fit-findfs.sh'
fit-findfs.sh        100% |*****************************************************************************************************************************************************************************************************************************| 16883  0:00:00 ETA
'fit-findfs.sh' saved
root@fritz:/var# time sh fit-findfs.sh /dev/dev/mtdblock5
device node not found
Invalid magic value (0x00000000) found at offset 0x00.
Command exited with non-zero status 1
real	0m 0.11s
user	0m 0.02s
sys	0m 0.04s
root@fritz:/var# time sh fit-findfs.sh /dev/dev/mtdblock6
device node not found
Invalid magic value (0x00000000) found at offset 0x00.
Command exited with non-zero status 1
real	0m 0.06s
user	0m 0.00s
sys	0m 0.02s
root@fritz:/var#

avm_kernel_config & GCC v10 optimization

Bin auf ein neues Betriebssystem gewechselt (x64, selinux, gcc10, ...), seitdem crasht "avm_kernel_config.bin2asm"

$ make kernel-precompiled
Warning: targetAddressSpaceBasePtr(0x80892000) <= targetAddressSpacePtr(0x28758980) violated, doing no conversion
/bin/bash: Zeile 1: 428163 Speicherzugriffsfehler  (Speicherabzug geschrieben) tools/avm_kernel_config.bin2asm "source/kernel/ref-vr9-7490_07.19/linux-3.10/arch/mips/kernel/avm_kernel_config_area.fritz.box_7490-07.19-77732-labor.bin" > "source/kernel/ref-vr9-7490_07.19/linux-3.10/arch/mips/kernel/avm_kernel_config_area.fritz.box_7490-07.19-77732-labor.S"
make: *** [make/linux/kernel.mk:150: source/kernel/ref-vr9-7490_07.19/linux-3.10/arch/mips/kernel/avm_kernel_config_area.fritz.box_7490-07.19-77732-labor.S] Fehler 1

Combined tasks: Firmware handling with PowerShell

make firmware handling possible under Windows and for other platforms with a bunch of classes for PowerShell Core 6.0

~~provide a class to handle RSA keys for firmware signing~~ - done in signimage/FirmwareImage.ps1 with class SigningKey and some helper classes
~~provide a class to append, verify, remove a TI-style checksum to/on/from firmware files~~ - included in signimage/FirmwareImage.ps1 as TIchksum
~~read/write/dissect TAR files as base of firmware images~~ - done in signimage/FirmwareImage.ps1 as class TarFile with some helpers
~~add, verify, remove RSA signatures to/on/from firmware images~~ - done in signimage/FirmwareImage.ps1 as 'FirmwareImage` class
read TFFS dumps, create files from it, build TFFS images
discover starting FRITZ!OS devices
handle FTP communication with a FRITZ!OS device's bootloader
handle SquashFS images, extract members, change/add members, if possible
create scripts to automate the usage of the classes above for various, recurring tasks

Boot-Manager auf der FRITZ!Box 5530

Discussed in #48

^{Originally posted by PeterPawn March 20, 2022}
Das wird etwas schwieriger werden, denn da wird eine "ramdisk" als Root-Dateisystem verwendet.

Adding shell to 7490 firmware

Hi there, really cool project you have here!
I'm trying to add a shell to a 7490 firmware, which is specifically made for Belgium ISP

Issuing the following command

TOOLBOX_IMAGE_SIZE=3 ./build_shellinabox_implant_image -d FRITZ.Box_7490.en-de-es-it-fr-pl.113.06.53.image > 7490.image

this gives me this output

Using binaries for systems with kernel version 3.10.73.
A TI checksum signature was found on './var/tmp/kernel.image', file will be truncated by 8 byte.

But the final file is way smaller than the original (5MB instead of 23MB) and also I can't flash it through the browser (as it says it's invalid). Any idea how I can debug this further? Eg which files should be present in the archive and how can I dissect it?

Thanks

bootmanager & freetz-ng

Es wird die falsche Freetz-Version angezeigt.
Mein Vorschlag: https://trac.boxmatrix.info/freetz-ng/browser/freetz-ng/trunk/tools/make/yourfritz-host/patches/100-bootmanager_freetz_detection.patch
Kannst natürlich auch sonstwie einbauen

Openssl update von 1.0.2u zu 1.1.1g anfrage

Hi Peter,

ich habe da mal eine frage ist es möglich das Openssl 1.0.2u auf 1.1.1g ein update bekommt. Ich versuche dieses nun seit ein paar tagen aber ich bekomme immer ein Fehler.

Configuring OpenSSL version 1.1.1g (0x1010107fL) for linux-freetz-mips-asm
Using os-specific seed configuration
Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]

pick os/compiler from:
BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-i386 Cygwin-i486 Cygwin-i586
Cygwin-i686 Cygwin-x86 Cygwin-x86_64 DJGPP MPE/iX-gcc UEFI UWIN VC-CE VC-WIN32
VC-WIN32-ARM VC-WIN32-ONECORE VC-WIN64-ARM VC-WIN64A VC-WIN64A-ONECORE
VC-WIN64A-masm VC-WIN64I aix-cc aix-gcc aix64-cc aix64-gcc android-arm
android-arm64 android-armeabi android-mips android-mips64 android-x86
android-x86_64 android64 android64-aarch64 android64-mips64 android64-x86_64
bsdi-elf-gcc cc darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc
darwin64-x86_64-cc gcc haiku-x86 haiku-x86_64 hpux-ia64-cc hpux-ia64-gcc
hpux-parisc-cc hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc
hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc hpux64-parisc2-gcc hurd-x86
ios-cross ios-xcrun ios64-cross ios64-xcrun iossimulator-xcrun iphoneos-cross
irix-mips3-cc irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-aarch64
linux-alpha-gcc linux-aout linux-arm64ilp32 linux-armv4 linux-c64xplus
linux-elf linux-generic32 linux-generic64 linux-ia64 linux-mips32 linux-mips64
linux-ppc linux-ppc64 linux-ppc64le linux-sparcv8 linux-sparcv9 linux-x32
linux-x86 linux-x86-clang linux-x86_64 linux-x86_64-clang linux32-s390x
linux64-mips64 linux64-s390x linux64-sparcv9 mingw mingw64 nextstep
nextstep3.3 sco5-cc sco5-gcc solaris-sparcv7-cc solaris-sparcv7-gcc
solaris-sparcv8-cc solaris-sparcv8-gcc solaris-sparcv9-cc solaris-sparcv9-gcc
solaris-x86-gcc solaris64-sparcv9-cc solaris64-sparcv9-gcc solaris64-x86_64-cc
solaris64-x86_64-gcc tru64-alpha-cc tru64-alpha-gcc uClinux-dist
uClinux-dist64 unixware-2.0 unixware-2.1 unixware-7 unixware-7-gcc vms-alpha
vms-alpha-p32 vms-alpha-p64 vms-ia64 vms-ia64-p32 vms-ia64-p64 vos-gcc
vxworks-mips vxworks-ppc405 vxworks-ppc60x vxworks-ppc750 vxworks-ppc750-debug
vxworks-ppc860 vxworks-ppcgen vxworks-simlinux

NOTE: If in doubt, on Unix-ish systems use './config'.

ERROR: Build failed.

Ich habe auch schon mal bei freetz-ng angefragt aber da habe ich die Antwort bekommen

Nein, kann ich nicht. Ich hoffe aber nach wie vor dass @PeterPawn die irgendwann braucht ;-)

FirmwareImage.ps1: add better dictionary handling to TarFile class

TODO:

make members a Dictionary collection
add some search methods to this dictionary
add an output list (as ToString() method) to the Dictionary and a wrapper method for it to the TarFile class

Installation via EVA-FTP-Client.ps1 not working

Hey, I have a problem with install freetz via NAND mode to FRITZ!Box 7590.

Windows Power Shell say: Unexpected answer '' from remote host.

I don't know why.

Sry for my bad english.

Best regards
ZanderCodes

P.S. My FRITZ!Box has the version 7.11

juis_check: Zeichen aus "MAJOR" verschwindet

Aus der Version "100.06.50" verschwindet eine der "0"en. Ergebnis: "10.06.50"

$ juis_check --debug -i Version=100.06.50-37551 Name=FRITZ!Boxâ€ŠFonâ€ŠWLANâ€Š7320 HW=172 OEM=avm Lang=de Country=049 Annex=B Flag=empty Public=2 Serial=0

Setting 'Version' to '100.06.50-37551' from command line parameter

Splitting compound version number '100.06.50-37551' to:
Major=100
Minor=06
Patch=50
Buildnumber=37551

Compound version number used for request: '10.06.50-37551'
 >>>                                       ^^

-------------------------------------------------------
Variables set:
-------------------------------------------------------
Major="10"
 >>>   ^^
Minor="6"
Patch="50"
Buildnumber="37551"
Flag=""
Public="2"
type="1"
hostname="172.jws.avm.de"

               <q:HW>172</q:HW>
               <q:Major>10</q:Major>
 >>>                    ^^
               <q:Minor>6</q:Minor>
               <q:Patch>50</q:Patch>
               <q:Buildnumber>37551</q:Buildnumber>

eva_to_memory - Syntax Error

Sorry for Msg in german:

./eva_to_memory: Zeile 321: / 1024 / 1024 : Syntax Fehler: Operator erwartet. (Fehlerverursachendes Zeichen ist \"/ 1024 / 1024 \"). Memory size is

Anything missing in my system or the code just broken?

Thanks

yf_patchkernel & kernel v4

Kannst du das yf_patchkernel (ist das der offizielle Name?) für kernel 4.9 der 7590 und die verschiedenen 4.4 der anderen Geräte anpassen? Die Docsis Geräte mit 4.9 am besten ignorieren, da gibts nichts den neuestens Source von AVM.
Wie compiliert man kernelmodule für 4.9? Nicht mit dem master, da dort keine Kernelmodule freigeschaltete sind Replace kernel (not available, needs AVM sources) , also erst gar nicht compiliert wird - ausser man fummelt herum und verschweigt das im Forum...
Sondern man nimmt den entsprechenden branch den es seit heut morgen gibt.
Davor könntest du noch dein geflame von wegen keine Branches, Versuchskanninchen usw von heut Mittag korrigieren ;-)

HTTPS Zertifikat abgelaufen

Geht net: https://yourfritz.de/

bootmanager: sed in Variable

Könntest du sed am Anfang des Scriptes in einer Variable definieren?
Also SED=${SED:-sed}. Dies würde diesen Patch überflüssig machen, der eh früher oder später nicht mehr passen wird: Freetz-NG/freetz-ng@d88e97533
Die globale Definition ist hier: https://github.com/Freetz-NG/freetz-ng/blob/master/fwmod#L185
Es geht nur um das sed das auf dem Host im fakeroot-Context ausgeführt wird, da es mit selinux Probleme gibt

juic not running on macosx

hi,

frist thing was:
./juis_check
juis_check: Eine benötigte ausführbare Datei fehlt: realpath.

this can be fixed via:
sudo echo '/usr/bin/readlink "$@"' > /usr/local/bin/realpath
sudo chmod +x /usr/local/bin/realpath

second open one:
./juis_check
juis_check: Unter '/proc' muss ein 'procfs' verfügbar sein für die korrekte Funktion dieses Skripts.

greetings
andreas

signimage: new and enhanced version

build a new version of the files collected under "signimage", based on framework functions
add a "structure analyzer" to collect info about original images from vendor
make shell code POSIX-compliant
fix a bug related to a special (currently unknown) integral file size, leading to errors from libfwsign.so while checking signatures

squashfs

I just tried to investigate shellinabox.squashfs, but failed to unsquash it on Debian v9.6 with unsquashfs v4.3:

./yourfritz/addons/VR9$ unsquashfs -l shellinabox.squashfs
Reading a different endian SQUASHFS filesystem on shellinabox.squashfs
Filesystem on shellinabox.squashfs is (4:0), which is a later filesystem version than I support!

I am confused, because the message looks like my version is too old, but what else should 4:0" > "4.3" mean? There seems to be no later version available.
On the other hand, if "4:0" is the version of the FS itself, the manpages of squashfs-tools does not mention anything about it. However, the changelog states at least that FS v4.0 was added in SW v4.0.

Anyway, which version and which SW did you use to generate the image?

eva_discover calling non-existent function yf_get_ip_addresses

The title says it all - and easy to fix with attached change - but makes me wonder who has actually used the current version;-)

Still not able to access EVA in my 7490 - maybe I can understand the analysis in http://www.ip-phone-forum.de/showthread.php?t=289201 to get it working ...

Regards, Martin
git.diff.zip

Ich weiss nicht wo ich dir sonst schreiben soll

deshlab mach ich es hier, nach dem Lesen bitte einfach löschen...

Tja, du bist mal wieder auf die DEBen reingefallen! Und bevor du noch mehr Zeit mit diesen Experten verschwendest

"key9" hat mit NG nichts zu tun: https://github.com/Freetz-NG/freetz-ng/blob/master/fwmod#L1880
Freetz/ dagegen schon, dort gibt es aber keine FOS 7.25+

Sondern insti(ippf) aka osprey (deb-moderator) hat es selbst verpfuscht:
https://instinto.mooo.com:1974/osprey/avm_firmware_public_key9
https://youtu.be/kx5pf5YF2W8?t=117
https://www.digital-eliteboard.com/threads/491034/

Toolbox error

Hey,

ich habe eine FritzBox 6490. Ich wollte darauf gerne ein SIAB image spielen.
Leider gibt es kein Fertiges also wollte ich eins mit Hilfe deiner YourFritz Toolbox erstellen.

Leider bekomme ich bei dem Command

TOOLBOX_IMAGE_SIZE=3 ./build_shellinabox_implant_image FRITZ.Box_6490_Cable.de-en-es-it-fr-pl.141.06.87.image > SIAB-6490.image

folgenden Fehler

tar: ./var/chksum.x86\n./var/chksum: Nicht im Archiv gefunden.
tar: Beende mit Fehlerstatus aufgrund vorheriger Fehler
image/get_file_from_image: Zeile 109: [: -eq: Einstelliger (unärer) Operator erwartet.
image/get_file_from_image: Zeile 138: [: 0: Einstelliger (unärer) Operator erwartet.
tar: ./var/remote/var/tmp/kernel.image\n./var/remote/var/tmp/x86/kernel.image: Nicht im Archiv gefunden.
tar: Beende mit Fehlerstatus aufgrund vorheriger Fehler
image/get_file_from_image: Zeile 109: [: -eq: Einstelliger (unärer) Operator erwartet.
image/get_file_from_image: Zeile 138: [: 0: Einstelliger (unärer) Operator erwartet.
tar: ./var/remote/var/tmp/filesystem.image\n./var/remote/var/tmp/x86/filesystem.image: Nicht im Archiv gefunden.
tar: Beende mit Fehlerstatus aufgrund vorheriger Fehler
image/get_file_from_image: Zeile 109: [: -eq: Einstelliger (unärer) Operator erwartet.
image/get_file_from_image: Zeile 138: [: 0: Einstelliger (unärer) Operator erwartet.

juis_check: better handling of "BuildType"

Seems like AVM is checking the BuildType field of a request more strictly/thoroughly - I've got problems to get a correct response for a 6490 device, while using a build type of 1001 with a version number of 141.07.02. Only with the value 1 I've got the expected answer.

Meanwhile some of the used BuildType values are well-known (it may be read from /etc/init.d/rc.conf) and the script should provide an option to select the wanted "flavor" of firmware, beside the simple differentiation between public and internal versions.

juis_check: No result for 6490 Cable

./juis_check -d 192.168.178.1
debug: Respawning script with Bash as shell, calling: command bash ./juis_check --debug --no-respawn 192.168.178.1
debug: -------------------------------------------------------
debug: Reading values from '192.168.178.1:80/juis_boxinfo.xml': .
debug: Read response from device:
debug: -------------------------------------------------------
       HTTP/1.0 404 Not Found
       Content-Length: 5103
       Content-Type: text/html; charset=utf-8
       
       <!DOCTYPE html>
       [...]
       </html>

debug: Error reading 'juis_boxinfo.xml' from FRITZ!Box device with address '192.168.178.1:80'.
debug: -------------------------------------------------------
debug: Reading values from '192.168.178.1:80/jason_boxinfo.xml': .
debug: Read response from device:
debug: -------------------------------------------------------
       HTTP/1.1 200 OK
       Cache-Control: max-age=120
       Connection: close
       Content-Type: text/xml;charset=utf-8
       Date: Sat, 16 Dec 2023 12:03:44 GMT
       ETag: "191602FB51C2CB421"
       Expires: Sat, 16 Dec 2023 12:05:44 GMT
       Last-Modified: Sat, 16 Dec 2023 12:01:51 GMT
       Mime-Version: 1.0
       
       
       <j:BoxInfo xmlns:j="http://jason.avm.de/updatecheck/">
       <j:Name>FRITZ!Box 6490 Cable</j:Name>
       <j:HW>213</j:HW>
       <j:Version>141.06.51</j:Version>
       <j:Revision>34089</j:Revision>
       <j:Serial>E0286[......]</j:Serial>
       <j:OEM>avm</j:OEM>
       <j:Lang>de</j:Lang>
       <j:Annex>Kabel</j:Annex>
       <j:Lab></j:Lab>
       <j:Country>049</j:Country>
       <j:UpdateConfig>2</j:UpdateConfig></j:BoxInfo>
debug: Splitting compound version number '141.06.51-34089' to:
debug: Major=141
debug: Minor=06
debug: Patch=51
debug: Buildnumber=34089
debug: Compound version number used for request: '141.06.51-34089'
debug: -------------------------------------------------------
debug: Variables set:
debug: -------------------------------------------------------
debug: Name="FRITZ!Box 6490 Cable"
debug: HW="213"
debug: OEM="avm"
debug: Lang="de"
debug: Annex="Kabel"
debug: Country="049"
debug: Serial="E0286D37D229"
debug: Major="141"
debug: Minor="6"
debug: Patch="51"
debug: Buildnumber="34089"
debug: Flag=""
debug: Buildtype="1"
debug: hostname="213.jws.avm.de"
debug: nonce="MTM6MDM6NDcxMi8xNi8yMw=="
debug: -------------------------------------------------------
debug: Sent request:
debug: -------------------------------------------------------
       POST /Jason/UpdateInfoService HTTP/1.1
       Host: 213.jws.avm.de:80
       Content-Length: 1175
       Content-Type: text/xml; charset="utf-8"
       Connection: close

       <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap-enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:e="http://juis.avm.de/updateinfo" xmlns:q="http://juis.avm.de/request">
         <soap:Header/>
         <soap:Body>
           <e:BoxFirmwareUpdateCheck>
             <e:RequestHeader>
               <q:Nonce>MTM6MDM6NDcxMi8xNi8yMw==</q:Nonce>
               <q:UserAgent>Box</q:UserAgent>
               <q:ManualRequest>true</q:ManualRequest>
             </e:RequestHeader>
             <e:BoxInfo>
               <q:Name>FRITZ!Box 6490 Cable</q:Name>
               <q:HW>213</q:HW>
               <q:Major>141</q:Major>
               <q:Minor>6</q:Minor>
               <q:Patch>51</q:Patch>
               <q:Buildnumber>34089</q:Buildnumber>
               <q:Buildtype>1</q:Buildtype>
               <q:Serial>E0286D37D229</q:Serial>
               <q:OEM>avm</q:OEM>
               <q:Lang>de</q:Lang>
               <q:Country>049</q:Country>
               <q:Annex>Kabel</q:Annex>
               <q:Flag></q:Flag>
               <q:UpdateConfig>1</q:UpdateConfig>
               <q:Provider>oma_lan</q:Provider>
             </e:BoxInfo>
           </e:BoxFirmwareUpdateCheck>
         </soap:Body>
       </soap:Envelope>
debug: -------------------------------------------------------
debug: Reading response from '213.jws.avm.de:80': .
debug: Received response:
debug: -------------------------------------------------------
       HTTP/1.1 200 OK
       download-delay: 251
       content-type: text/xml;charset=UTF-8
       content-length: 1866
       date: Sat, 16 Dec 2023 12:03:47 GMT
       access-control-allow-origin: http://scope.avm.de
       access-control-allow-headers: content-type
       connection: close
       
       <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/><soap:Body ID="Body"><ns2:BoxFirmwareUpdateCheckResponse xmlns:ns2="http://juis.avm.de/updateinfo" xmlns:ns3="http://juis.avm.de/response" xmlns:ns4="http://juis.avm.de/request"><ns2:ResponseUpdateInfo><ns3:ResponseHeader><ns3:Nonce>MTM6MDM6NDcxMi8xNi8yMw==</ns3:Nonce></ns3:ResponseHeader><ns3:UpdateInfo><ns3:CheckInterval>48</ns3:CheckInterval><ns3:Found>false</ns3:Found><ns3:Version></ns3:Version><ns3:DownloadURL></ns3:DownloadURL><ns3:InfoURL></ns3:InfoURL><ns3:InfoText></ns3:InfoText><ns3:HintURL></ns3:HintURL><ns3:Priority>1</ns3:Priority><ns3:AutoUpdateStartTime>0</ns3:AutoUpdateStartTime><ns3:AutoUpdateEndTime>0</ns3:AutoUpdateEndTime><ns3:AutoUpdateKeepServices>true</ns3:AutoUpdateKeepServices></ns3:UpdateInfo></ns2:ResponseUpdateInfo></ns2:BoxFirmwareUpdateCheckResponse><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI="#Body"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>CN0MjM6x44/fVZwVqKGMDR7ZLVt+sovSSWL3PD2kVzk=</DigestValue></Reference></SignedInfo><SignatureValue>M5ttEGTlCFJq+1CtJRwTWQlt5eivz7a0fNZ677uypHykGMkRwvWseTYQDxRGOBtW9Kyi6ePy2CfPSvheS7XKcSi5X+/sR/TFO7qpyslkM7PMpbfOKyZA7RCgoll2LLstYx6vPlsqcLWHSlAPRyS5XI0zr+Sgaz854TBXaeKwTbuItQcTufMwH+cIltwprQbSXb8w4aQT5zLnEzJbguLJb9YgCK0cV3c9UAX9pcehaLKHgjmwRLM7FWMpbJyb8OcuVtpjbOriatYDZmXxjeHEWd8D0YTEdW901vpjuUnxXcM31UsRGlATtprDaT2UNsezUbfR9j3P5VBBzPH2rYBgAw==</SignatureValue></Signature></soap:Body></soap:Envelope>
debug: -------------------------------------------------------
juis_check: No newer version found, check was made with source version '141.06.51-34089'.

However, after some googling I simply found https://download.avm.de/fritzbox/fritzbox-6490-cable/deutschland/fritz.os/ so was in the end able to update my box, but just to let you know in case this is not expected behavior.

Bootmanager und Inhaus 7.39

Mit den neuen FW läuft dein Boot Manager unter dem AVM Webinterface nicht mehr, die Seite bleibt einfach weiß.

https://www.ip-phone-forum.de/threads/311707/

bootmanager: add a detection of immutable 'firmware_version' values

extract EVA configuration area (first 1024 bytes) from 'urlader' partition and
dissect it to get an environment file (like proc/sys/urlader/environment), but with some marks for immutable values and
check the mark of firmware_version for a meaningful differentiation of models with and without the feature to change 'firmware_version' permanently via /proc/sys/urlader/environment -> firmware_version

YF-Bootmanager auf 7530

7530 mit .57 verursacht der YF Bootmanager ne Reboot Schleife (nach 120s) durch den AVM Watchguard.

extract_version_values: grep-Fehler

Es gibt da noch 2 Schönheitsfehler abhängig von der libc in https://github.com/PeterPawn/YourFritz/blob/master/toolbox/image/extract_version_values#L166

7590 7.19:
applying patch file ./patches/scripts/800-modfs_boot_manager.sh
  adding modfs boot-manager
    adding boot-manager front end to branding "all"
Autodetection of target system version: 154.07.19
      Patching file 'usr/www/all/system/reboot.js' ...
      Patching file 'usr/www/all/system/reboot.lua' ...
    adding boot-manager back end script

7590 7.12:
applying patch file ./patches/scripts/800-modfs_boot_manager.sh
  adding modfs boot-manager
    adding boot-manager front end to branding "all"
grep: : Datei oder Verzeichnis nicht gefunden
grep: : Datei oder Verzeichnis nicht gefunden
Autodetection of target system version: 154.07.12
      Patching file 'usr/www/all/system/reboot.js' ...
      Patching file 'usr/www/all/system/reboot.lua' ...
    adding boot-manager back end script

Die kommen wohl von der libc-Erkennung

set -x
+++ find build/modified/filesystem/lib -maxdepth 1 -name 'libc.so*'
+++ sed -n -e 1p
++ readlink -f ''
+ libc_file=
++ printf %s '}'
++ sed -n -e 's|^.*/libuClibc-\([0-9\.]*\)\.so.*$|\1|p'
+ libc_version=
+ '[' -z '' ']'
++ grep -ao 'glibc [0-9]\+\.[0-9]\+' ''
grep: : Datei oder Verzeichnis nicht gefunden
+ check_glibc=
+ '[' -n '' ']'
++ grep -ao 'musl libc (' ''
grep: : Datei oder Verzeichnis nicht gefunden
+ check_musl=
+ '[' -n '' ']'
+ libc_project=unknown
+ libc_version=unknown
+ libc_ident=unknown

Anyway to get Telnet working on new firmware ?

https://avm.de/fileadmin/user_upload/DE/Labor/Download/fritzbox-7490-labor-46493_Netz.zip

how would I go about getting telnet inside this firmware ?

I tried using TelefonSparbuch_Telnet04.30.tar but did not seem to work

juis_check: No newer version found, check was made with source version '141.06.51-34089'

I get the message "juis_check: No newer version found, check was made with source version '141.06.51-34089'."

With...

debug: Name="FRITZ!Box 6490 Cable"
debug: HW="213"
debug: OEM="avm"
debug: Lang="de"
debug: Annex="Kabel"
debug: Country="049"
debug: Serial=removed
debug: Major="141"
debug: Minor="6"
debug: Patch="51"
debug: Buildnumber="34089"
debug: Flag=""
debug: Public="1"
debug: type="1001"
debug: hostname="213.jws.avm.de"

The person in #19 wrote a similar Notification but I still get it on the newest version.

I startet the script on android, connected with wlan to the fritzbox who got the Internet from Lan 1.

Thank you!

Changes of eva_to_memory

I have identified a problem with the eva_to_memory script: for the Fritzbox 7581 the upload parameters are set incorrectly, so that the firmware upload fails:
In the original script the memory size is 0x80000000, but the fritzbox in question only has 0x20000000.

After inserting three lines into the code, the parameters were set correctly again, just as the original recovery program from AVM sets.

[ "$limit_memory" = "1" ] && memsize=$(( 1024 * 1024 * 128 )) && echo "Memory size limited to 128 MB"

new

				if [ $((startaddress)) -gt $((memsize)) ]; then
					startaddress=$(( 0 ))
				fi

#end new
echo "Image size is $(printf "0x%06x" $filesize) $(printf "(%u MB)" $(( filesize / 1024 / 1024 )))"

Test

"expr: syntax error" in juis_check

Tried juis on my Mac (Mojave 10.14.2) with my 6490, but the following error occurs when running it:

debug: -------------------------------------------------------
debug: Reading values from 'fritz.box:80/jason_boxinfo.xml': .
debug: Read response from device:
debug: -------------------------------------------------------
HTTP/1.1 200 OK
Cache-Control: max-age=120
Connection: close
Content-Type: text/xml;charset=utf-8
Date: Fri, 14 Dec 2018 17:38:40 GMT
ETag: "D008DE7B64CF95EFB"
Expires: Fri, 14 Dec 2018 17:40:40 GMT
Last-Modified: Thu, 01 Jan 1970 00:01:33 GMT
Mime-Version: 1.0

   <j:BoxInfo xmlns:j="http://jason.avm.de/updatecheck/">
   <j:Name>FRITZ!Box 6490 Cable</j:Name>
   <j:HW>213</j:HW>
   <j:Version>141.06.51</j:Version>
   <j:Revision>34089</j:Revision>
   <j:Serial>entfernt</j:Serial>
   <j:OEM>avm</j:OEM>
   <j:Lang>de</j:Lang>
   <j:Annex>Kabel</j:Annex>
   <j:Lab></j:Lab>
   <j:Country>049</j:Country>
   <j:Flag>crashreport</j:Flag>
   <j:UpdateConfig>1</j:UpdateConfig></j:BoxInfo>

debug: Splitting compound version number '141.06.51-34089' to:
expr: syntax error
debug: Major=141
debug: Minor=06
debug: Patch=51
debug: Buildnumber=34089
debug: Compound version number used for request: '34089.00.00-'

debug: -------------------------------------------------------
debug: Variables set:
debug: -------------------------------------------------------
debug: Name="FRITZ!Box 6490 Cable"
debug: HW="213"
debug: OEM="avm"
debug: Lang="de"
debug: Annex="Kabel"
debug: Country="049"
debug: Serial="entfernt"
debug: Major=""
debug: Minor=""
debug: Patch=""
debug: Buildnumber="34089"
[...]

The request to the update service is called without version info, causing a 500 response:

           <q:Name>FRITZ!Box 6490 Cable</q:Name>
           <q:HW>213</q:HW>
           <q:Major></q:Major>
           <q:Minor></q:Minor>
           <q:Patch></q:Patch>
           <q:Buildnumber>34089</q:Buildnumber>
           <q:Buildtype>1001</q:Buildtype>

Error-messages from build_shellinabox_implant_image re-directed to /dev/null

Nach langer Zeit bin ich wieder an meiner 7490 - und wollte natürlich gleich das tolle neue build_shellinabox_implant_image ausprobieren - und bekam als Ausgabe (also das gewünschte Image) nur 0 Byte:-0 Dass liegt darann, daß auf meinem ArchLinux moutn nur von root genutzt werden kann - aber diese Meldung war in /dev/null verschwunden. Beiliegend ein Vorschlag, wie man etwas mehr (= hilfreiche) Fehlermeldungen bekommen kann.
YourFritz.diff.zip

Am Rande: Ich machte dann weiter und auch das aktuelle eva_discover fing die Kiste beim Reboot (das hatte e sfrüher nicht getan) - aber dann scheiterte eva_to_memory - weil wohl in 6.93 das bisherige EVA-Passwort adam2 nicht mehr gilt:-0

Gruß, Martin

add support for four-eyes principle to image signing

add another (optional) layer of security to signed files, ensuring that the resulting ./var/signature file is signed again by at least two different persons, identified by a X.509 certificate or a OpenPGP certificate
OpenPGP support needs additional packages
try to keep the format of a signed image file compatible with vendors firmware, if it's possible - even if this firmware may be unable to verify the signature, it should still be usable to download and/or unpack it

MacOS 10.15.2 - stats

Hello,

i using MacOS und the "stat -c %s" don't work (show the size in bytes).

VoidBookPro:eva_tools Username$ stat -c %d 7490_07.12-freetz-master-20191207.image.in-memory 
stat: illegal option -- c
usage: stat [-FlLnqrsx] [-f format] [-t timefmt] [file ...]

it is possible alternate to use "stats -f %z" for MacOS?

VoidBookPro:eva_tools Username$ stat -f %z 7490_07.12-freetz-master-20191207.image.in-memory 
37626112

or a software switch for Mac User.

LG VoiD

create database

containing public keys from current versions for all models

Boot-Manager auf der FRITZ!Box 5530

Discussed in #48

^{Originally posted by PeterPawn March 20, 2022}
Das wird etwas schwieriger werden, denn da wird eine "ramdisk" als Root-Dateisystem verwendet.

7490 labor firmware shell-in-a-box

Hi again!

After doing a succesful mod with shell-in-a-box on my 7490 with firmware FRITZ.Box_7490.en-de-es-it-fr-pl.113.07.01, I found that my modem was updated by the ISP with the FRITZ.Box_7490-07.19-77201-Labor.image firmware and so I lost access to the shell.

I was trying to reinstall the shell-in-a-box on this labor firmware using the latest script versions but to no avail. Do you know whether something was changed in that firmware that disables the shell-in-a-box startup? I also tried to flash the original 113.07.01 mod (which certainly worked before), but got nothing running on port 8010. Perhaps I need to downgrade the fritzbox to the older firmware.

I used the following command to do the flash when the bootloader starts (usnig bash here as the scripts don't work from zsh)

(bash ./eva_discover INTERFACE=enp0s31f6 TO=192.168.178.1 FROM=192.168.178.20 BLIP=0) && bash -x ./eva_to_memory 7490.img 192.168.178.1

It seems to accept the image happily and then boots after. Find the log here attached.

log.txt

peterpawn / yourfritz Goto Github PK

yourfritz's Introduction

yourfritz's People

Contributors

Stargazers

Watchers

Forkers

yourfritz's Issues

make firmware handling possible under Windows and for other platforms with a bunch of classes for PowerShell Core 6.0

Discussed in #48

new

Discussed in #48

Recommend Projects

Recommend Topics

Recommend Org