Getting linux/openwrt running on this would be wicked cool. The second and more important part, at least for me, is that it is almost identical to a wrt54g plus it adds usb and sound-card. The first is that within this firmware are the private Airtunes keys. Reverse engineering the Airport Express Part 1įor quite some time I’ve wanted to reverse engineer the airport express base station. Unfortunately the link to the key at the end is a dead link. I've pieced in some photos using as well. Here's a series about this with an airport express, it's taken from this blog: but i will copy and paste the whole thing here because i don't trust this blog to stay online. When the device is running, you will get a decrypted firmware dump. Like others have said, you might have to take the hardware route, and physically connect a Bus Pirate or similar device to dump the firmware. What kind of encryption could have been used? Apple seems to use AES for Iphone and AppleTV firmware. Offset 35: Firmware Minor Version (8 bit signed) hex 63 => minor version 63 (aka x.63) Offset 34: Firmware Major Version (8 bit signed) hex 07 => major version 7 (aka 7.x) Offset 33: product ID (8 bit signed) hex 73 => product ID 115 Offset 2F: firmware format version (?) (8 bit signed) hex 2D => format 45 (7.5.x firmwares have format version 44, 7.7.x firmwares have format version 46) Offset 20-2D: static string APPLE-FIRMWARE Offset 16-1F: checksum or size for following part? Offset 15: Firmware Minor Version (8 bit signed) hex 63 => minor version 63 (aka x.63) Offset 14: Firmware Major Version (8 bit signed) hex 07 => major version 7 (aka 7.x) Offset 13: product ID (8 bit signed) hex 73 => product ID 115 Offset F: firmware format version (?) (8 bit signed) hex 2D => format 45 (7.5.x firmwares have format version 44, 7.7.x firmwares have format version 46) They seem to be encrypted: $ binwalk -H 7.6.3.basebinaryĠ 0x0 High entropy data, best guess: encrypted, size: 5673944, 0 low entropy blocksĮxamining different firmware files revealed their common structure. I downloaded all 3 versions and used binwalk (v1.2.2-1) on them. įor the Airport Express (model A1392, productID 115, see WikiDevi, Teardown by Rogue Amoeba) there are 3 firmware versions: 7.6.2, 7.6.3 and 7.6.4 (current). Firmware files can be downloaded with the help of ~/Library/Application\ Support/Apple/AirPort/Firmware/version.xml which contains all products and their available firmware versions. Apple provides firmware updates for their Airport products through 'Airport Utility'.
0 Comments
Leave a Reply. |