Wednesday, April 2, 2008

Dumping Busybox Firmware of newer bcm963xx devices

Particularly this script is for routers bases on BusyBox with kernel 2.6.8.1 built with gcc 3.4.2. It's inspired by Jerome Petazzoni's SkayaWiki, which is unfortunately quite outdated.

The world has been changed a lot since 2.4.x kernels. Also it now it's much less room in the RAM to play with. Jerome did the trick, using 1.5M all-in-one BusyBox binary, but nowadays I had to do the same, having all in all just 124K! Nonetheless, it's obviously possible. :-D

Disclaimer: you may use these scripts ONLY to dump the firmware of your own devices, and purely for educational purposes. Also I don't provide any warranty of any kind! The script is working in my case, but may damage your router, format all your hard drives, and insult your Mother-in-law.

The script was developed and tested under Linux. I haven't chance to run it under cygwin, but it should work. If anyone tries this I would appreciate the feedback.

Ok. Let's see, how you can use it.

The current version of the script has just one dependency:
  • python
To run the script, download it here, (you have to replace underscores in the name with dots, it's a limitation of my hosting provider), unpack it, edit the string

inichat=[("Login name:","admin\n"),("Password:","admin\n"),("> ","sh\n")]

providing your superuser account. The login prompt may also vary. In some older firmwares it's 'Login:', in mine it's 'Login name:'.

After changing this line (and, optionally your router - ip address), you can launch the script by typing:

python bcmfwext.py filename_to_save

The script is sending 4 files to the bcm963xx device, showing the progress per file, so don't get surprised when after something like 255/255, you see something like 1/7500.

On my system it takes approx 7 minutes to get the dump, so be patient. But if it takes more than 30 minutes, something went wrong.

Any feedback would be appreciated in English, German or Russian.

Good luck!

1 comment: