{"id":1450,"date":"2014-01-05T15:37:33","date_gmt":"2014-01-05T14:37:33","guid":{"rendered":"https:\/\/locallost.net\/?p=1450"},"modified":"2014-04-28T06:33:25","modified_gmt":"2014-04-28T04:33:25","slug":"building-a-netgear-dm111pv2-firmware-without-scfgmgr","status":"publish","type":"post","link":"https:\/\/locallost.net\/?p=1450","title":{"rendered":"Building a Netgear DM111Pv2 firmware without scfgmgr"},"content":{"rendered":"<p><a href=\"\/?p=1425\">Lately<\/a> you found that your <a href=\"https:\/\/github.com\/elvanderb\/TCP-32764\">DSL modem\/router was wide open<\/a>, and you want to fix it.<\/p>\n<p>Looking for a way to close this \u00ab\u00a0back\u00a0\u00bb door, I noticed that most of Netgear&rsquo;s firmwares source codes are available from their site <a href=\"http:\/\/kb.netgear.com\/app\/answers\/detail\/a_id\/2649\">http:\/\/kb.netgear.com\/app\/answers\/detail\/a_id\/2649<\/a>.<\/p>\n<p>Perhaps we could recompile a firmware with a \u00ab\u00a0fixed\u00a0\u00bb version of <code>scfgmgr<\/code>?<\/p>\n<p>Looking in the <code>DM111P<\/code> firmware, you&rsquo;ll find that the despicable <code>scfgmgr<\/code> is bundled as a binary in <code>target.tar.bz2<\/code>, so it cannot be edited and recompiled to get rid of it&rsquo;s infamous behaviour.<\/p>\n<p>However, perhaps we can simply neutralize it (in the target overlay) hoping that there won&rsquo;t be any wrong side effects with the overall working of the firmware?<\/p>\n<p>So, here is a try at rebuilding a firmware (version <code>2.00.27_WW<\/code>) with a neutralized <code>\/usr\/sbin\/scfgmgr<\/code>.<\/p>\n<p>WARNING: Use these directives at your own risk. I&rsquo;m not liable for any damage to your computer system or loss of data. blah blah blah \u2026Insert here the usual disclaimers\u2026 blah blah blah.<\/p>\n<p><!--more--><\/p>\n<p>Grab the firmware&rsquo;s source code from Netgear&rsquo;s site <a href=\"http:\/\/kb.netgear.com\/app\/answers\/detail\/a_id\/2649\">http:\/\/kb.netgear.com\/app\/answers\/detail\/a_id\/2649<\/a> &amp; <a href=\"http:\/\/www.downloads.netgear.com\/file\/GPL\/DM111PV2_Flash_VA2.00.27_WW_ALL_src.tar.zip\">http:\/\/www.downloads.netgear.com\/file\/GPL\/DM111PV2_Flash_VA2.00.27_WW_ALL_src.tar.zip<\/a>.<\/p>\n<p>Unpack source tree:<\/p>\n<pre><code>$ unzip -p DM111PV2_Flash_VA2.00.27_WW_ALL_src.tar.zip \\\nDM111PV2_Flash_VA2.00.27_WW_ALL_src.tar.bz2 \\\n| tar jxf -\n$ cd DM111PV2_Flash_VA2.00.27_WW_ALL_src\n<\/code><\/pre>\n<p>View the official README procedure for rebuilding custom firmware:<\/p>\n<pre><code>$ cat README\n<\/code><\/pre>\n<p>In fact, we won&rsquo;t need to recompile anything, as the <code>target<\/code> overlay we&rsquo;ll be enough for us to neutralize <code>scfgmgr<\/code>. So, no libraries, programs or kernel recompiling involved.<\/p>\n<p>Unpack target archive as instructed by the <code>README<\/code>:<\/p>\n<pre><code>$ tar jxvf target.tar.bz2\n<\/code><\/pre>\n<p>Neutralize <code>scfgmgr<\/code> replacing it by an empty shell script:<\/p>\n<pre><code>$ echo '#!\/bin\/sh' &gt; target\/usr\/sbin\/scfgmgr\n<\/code><\/pre>\n<p>Update version strings (to distinguish from official firmware once upgraded):<\/p>\n<pre><code>$ echo \"A2.00.27_WW_noscfgmgr\" &gt; target\/usr\/etc\/version\n$ sed -i'' -e 's\/^VER: 2.00.27_WW$\/VER: 2.00.27_WW_noscfgmgr\/' target\/usr\/etc\/svn.info\n<\/code><\/pre>\n<p>Recompute md5 checksums of modified files (just in case there are used by the upgrade process):<\/p>\n<pre><code>$ sed -i'' -e '\/  .\\\/usr\\\/sbin\\\/scfgmgr$\/d' target\/www.eng\/md5\n$ sed -i'' -e '\/  .\\\/usr\\\/etc\\\/version$\/d' target\/www.eng\/md5\n$ sed -i'' -e '\/  .\\\/usr\\\/etc\\\/svn\\.info$\/d' target\/www.eng\/md5\n\n$ (cd target &amp;&amp; md5sum .\/usr\/sbin\/scfgmgr) &gt;&gt; target\/www.eng\/md5\n$ (cd target &amp;&amp; md5sum .\/usr\/etc\/version) &gt;&gt; target\/www.eng\/md5\n$ (cd target &amp;&amp; md5sum .\/usr\/etc\/svn.info &gt;&gt; target\/www.eng\/md5\n\n$ sed -i'' -e 's\/^Firmware version: A2.00.27_WW$\/Firmware version: A2.00.27_WW_noscfgmgr\/' target\/www.eng\/md5\n<\/code><\/pre>\n<p>Repack custom firmware into <code>DM111P_FW_V2.00.27_WW_noscfgmgr.img<\/code>:<\/p>\n<pre><code>$ .\/build.sh DM111P_FW_V2.00.27_WW.img target DM111P_FW_V2.00.27_WW_noscfgmgr.img\nOriginal Image: DM111P_FW_V2.00.27_WW.img\nYour Filesystem: target\nNew Image: DM111P_FW_V2.00.27_WW_noscfgmgr.img\n\nPress 'y' to continue\ny\nCreating big endian 2.1 filesystem on fs.bin, block size 65536.\n\nBig endian filesystem, data block size 65536, compressed data, compressed metadata, compressed fragments\nFilesystem size 999.61 Kbytes (0.98 Mbytes)\n    27.29% of uncompressed filesystem size (3663.13 Kbytes)\nInode table size 2228 bytes (2.18 Kbytes)\n    30.30% of uncompressed inode table size (7352 bytes)\nDirectory table size 2509 bytes (2.45 Kbytes)\n    57.05% of uncompressed directory table size (4398 bytes)\nNumber of duplicate files found 11\nNumber of inodes 357\nNumber of files 227\nNumber of fragments 24\nNumber of symbolic links  66\nNumber of device nodes 45\nNumber of fifo nodes 0\nNumber of socket nodes 0\nNumber of directories 19\nNumber of uids 1\n    unknown (0)\nNumber of gids 0\nDM111P_FW_V2.00.27_WW.img read 2048 kbytes maximum 2048 kbytes\nfs.bin read 1000 kbytes maximum 1279 kbytes\nfs size =1310464\nfs_len = 0x1bff46: 1791K\nchecksum = 0xE0D2\nDM111P_FW_V2.00.27_WW_noscfgmgr.img Created!\n<\/code><\/pre>\n<p>So, now you have a custom firmware that can be used to upgrade your modem.<\/p>\n<p>So far, so good:<\/p>\n<pre><code>Modem Status\n-------------------------------------------------\nSystem Up Time              01:10:48\nAccount Name                \nFirmware Version            V2.00.27_WW_noscfgmgr\nBoot Loader Version         1.1.5-1.0.4 \nADSL Driver Version         3.3.2.2.0.1\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Lately you found that your DSL modem\/router was wide open, and you want to fix it. Looking for a way to close this \u00ab\u00a0back\u00a0\u00bb door, I noticed that most of Netgear&rsquo;s firmwares source codes are available from their site http:\/\/kb.netgear.com\/app\/answers\/detail\/a_id\/2649. &hellip; <a href=\"https:\/\/locallost.net\/?p=1450\">Continuer la lecture <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[18],"tags":[],"class_list":["post-1450","post","type-post","status-publish","format-standard","hentry","category-network"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2Bei9-no","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/1450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1450"}],"version-history":[{"count":14,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/1450\/revisions"}],"predecessor-version":[{"id":1498,"href":"https:\/\/locallost.net\/index.php?rest_route=\/wp\/v2\/posts\/1450\/revisions\/1498"}],"wp:attachment":[{"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locallost.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}