Building a Netgear DM111Pv2 firmware without scfgmgr

Lately you found that your DSL modem/router was wide open, and you want to fix it.

Looking for a way to close this « back » door, I noticed that most of Netgear’s firmwares source codes are available from their site

Perhaps we could recompile a firmware with a « fixed » version of scfgmgr?

Looking in the DM111P firmware, you’ll find that the despicable scfgmgr is bundled as a binary in target.tar.bz2, so it cannot be edited and recompiled to get rid of it’s infamous behaviour.

However, perhaps we can simply neutralize it (in the target overlay) hoping that there won’t be any wrong side effects with the overall working of the firmware?

So, here is a try at rebuilding a firmware (version 2.00.27_WW) with a neutralized /usr/sbin/scfgmgr.

WARNING: Use these directives at your own risk. I’m not liable for any damage to your computer system or loss of data. blah blah blah …Insert here the usual disclaimers… blah blah blah.

Grab the firmware’s source code from Netgear’s site &

Unpack source tree:

$ unzip -p \
DM111PV2_Flash_VA2.00.27_WW_ALL_src.tar.bz2 \
| tar jxf -
$ cd DM111PV2_Flash_VA2.00.27_WW_ALL_src

View the official README procedure for rebuilding custom firmware:

$ cat README

In fact, we won’t need to recompile anything, as the target overlay we’ll be enough for us to neutralize scfgmgr. So, no libraries, programs or kernel recompiling involved.

Unpack target archive as instructed by the README:

$ tar jxvf target.tar.bz2

Neutralize scfgmgr replacing it by an empty shell script:

$ echo '#!/bin/sh' > target/usr/sbin/scfgmgr

Update version strings (to distinguish from official firmware once upgraded):

$ echo "A2.00.27_WW_noscfgmgr" > target/usr/etc/version
$ sed -i'' -e 's/^VER: 2.00.27_WW$/VER: 2.00.27_WW_noscfgmgr/' target/usr/etc/

Recompute md5 checksums of modified files (just in case there are used by the upgrade process):

$ sed -i'' -e '/  .\/usr\/sbin\/scfgmgr$/d' target/www.eng/md5
$ sed -i'' -e '/  .\/usr\/etc\/version$/d' target/www.eng/md5
$ sed -i'' -e '/  .\/usr\/etc\/svn\.info$/d' target/www.eng/md5

$ (cd target && md5sum ./usr/sbin/scfgmgr) >> target/www.eng/md5
$ (cd target && md5sum ./usr/etc/version) >> target/www.eng/md5
$ (cd target && md5sum ./usr/etc/ >> target/www.eng/md5

$ sed -i'' -e 's/^Firmware version: A2.00.27_WW$/Firmware version: A2.00.27_WW_noscfgmgr/' target/www.eng/md5

Repack custom firmware into DM111P_FW_V2.00.27_WW_noscfgmgr.img:

$ ./ DM111P_FW_V2.00.27_WW.img target DM111P_FW_V2.00.27_WW_noscfgmgr.img
Original Image: DM111P_FW_V2.00.27_WW.img
Your Filesystem: target
New Image: DM111P_FW_V2.00.27_WW_noscfgmgr.img

Press 'y' to continue
Creating big endian 2.1 filesystem on fs.bin, block size 65536.

Big endian filesystem, data block size 65536, compressed data, compressed metadata, compressed fragments
Filesystem size 999.61 Kbytes (0.98 Mbytes)
    27.29% of uncompressed filesystem size (3663.13 Kbytes)
Inode table size 2228 bytes (2.18 Kbytes)
    30.30% of uncompressed inode table size (7352 bytes)
Directory table size 2509 bytes (2.45 Kbytes)
    57.05% of uncompressed directory table size (4398 bytes)
Number of duplicate files found 11
Number of inodes 357
Number of files 227
Number of fragments 24
Number of symbolic links  66
Number of device nodes 45
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 19
Number of uids 1
    unknown (0)
Number of gids 0
DM111P_FW_V2.00.27_WW.img read 2048 kbytes maximum 2048 kbytes
fs.bin read 1000 kbytes maximum 1279 kbytes
fs size =1310464
fs_len = 0x1bff46: 1791K
checksum = 0xE0D2
DM111P_FW_V2.00.27_WW_noscfgmgr.img Created!

So, now you have a custom firmware that can be used to upgrade your modem.

So far, so good:

Modem Status
System Up Time              01:10:48
Account Name                
Firmware Version            V2.00.27_WW_noscfgmgr
Boot Loader Version         1.1.5-1.0.4 
ADSL Driver Version
Ce contenu a été publié dans network. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *