Skip to main content

Obfuscation will never work.


Hello again, sweet readers !

OpenRG is an embedded OS for routers.
It's based on Linux and it's inside many ISP
routers out there.

Inside OpenRG configuration file,
passwords appear in a way that can seem
to be crypted, but it's just obfuscated.

For example:
(username(admin))
(password(&b7;X&5c;&b9;&a2;))

Above you can see a simple deobfuscator.
Enjoy!

You can try it with:
&ad;Y&5b;&b3;&a3;&17;T&8b;&c4;&b9;#&96;&04;c&ea;&1d;$%&5d;&16;&08;B3&c0;

:)

Zibri.

Comments

  1. Nice find Zibri!
    My router works fine except for the flaky wifi part.. Will look into this!

    Thanks!

    ReplyDelete
  2. Italian speaking people can read the explanation here:
    http://www.ilpuntotecnicoeadsl.com/forum/index.php/topic,10485.new.html#new

    ReplyDelete
  3. Great, you saved me lot of trouble with my Pirelli modem :) Thanx soooooooo much!

    ReplyDelete
  4. Hey Zibri! How about the new ziphone version? Any informatione about it?

    ReplyDelete
  5. so this basically de-encodes the password to access a wireless modem? and what do I need to see the encoded password?

    ReplyDelete
  6. you should put an eye on the motorola droid! I would love it if you were the one who unlocked it! Still have plenty of faith in you man! keep it up!

    ReplyDelete
  7. Hey Zibri, I have a question: Why did you leave the JB Community and stop creating jbs?

    ReplyDelete
  8. John.. hmm for the moment.. yes..
    I could come back in a near future or on the next product (tablet?)

    ReplyDelete
  9. Another question directed a Zibri... Why don't you make a Custom Firmware for PS3 or PSP... The scene for PS3 hacking/back-up loading hasen't even begun... Everybody's waiting for the new PSP to get hacked..... Hope you reply...

    ReplyDelete
  10. +1 on the ps3 custom firmware, hate that I have to convert .mkv files to .mpg :(

    ReplyDelete
  11. Send me a ps3 then... I still have my faithful ps2 .. yah I know.. I'm not a gamer :)

    ReplyDelete
  12. I'm sure if you post on your blog that you want a PS3 to do some testing/hacking somebody will give you one. After all your Zibri, famous iPhone hacker. :) I hope you take my advice seriously.

    ReplyDelete
  13. i do believe there is a product coming your way to jailbreak.... so keep an eye out...

    ReplyDelete
  14. @Joe:
    Like what?

    @PurpleeEse:
    I won't do that.. I have too many things now.
    And I usually don't ask.
    As I said I'm not into gaming so much.

    ReplyDelete
  15. @Zibri & @Joe Are you referring to the Apple Tablet rumour??

    ReplyDelete
  16. (password(&ce;hW&c9;&9e; Y&d3;))
    how can me know hash and how decrpt this

    ReplyDelete
  17. Sorry.. the "cat" was out of order. Now it's fixed. :D

    ReplyDelete
  18. hi bro how or what this hash type
    (password(&ce;hW&c9;&9e; Y&d3;))
    how u know hash type
    md5 or what
    if u can help me what tools u use

    ReplyDelete
  19. it's NOT a hash. It's an obfuscated string.

    ReplyDelete

Post a Comment

Popular posts from this blog

Powerline Ethernet fun and secrets.

Many 200 Mb/s powerline adapters nowadays are based on the INTELLON 6300 chipset.
Despite what can be thought looking at them, they are all using the same hardware and firmwares.
I heard many people with Netgear XAV101 or Linksys PLK 200 or PLE 200 having problems after firmware updates and many other people with other brands having much more problems because of lack of support or configuration/upgrade utilities.

So let me explain a few things I learnt studying them.

Many of 200 Mb/s powerline ethernet adapters follow the "HomePlug AV" standard. (85 Mb adapters use HomePlug 1.0 standard which is completely different).
This standard uses ethernet broadcast packets using the HomePlug AV protocol.

The interesting thing is that their firmware is made of two different parts:
a .PIB file (Parameter Information Block) and a .NVM file (the code itself).
In the P.I.B. there are many interesting things:
The branding (mac address, device name, etc) and the tone map.

I tested many firmw…

TP-LINK Configuration file encrypt and decrypt.

Here we go! TP-Link is another company that thinks that security by obscurity could ever work.
If you "backup" the configuration from most TP-Link routers, you will get a .BIN file which is "encrypted".
Use this utility below, to decrypt it (so you can edit it) and encrypt it again.
Have fun.
Drop files here or