get mtd device

cat /proc/mtd

dev:  size   erasesize  name

mtd0: 00800000 00010000 "ALL"

mtd1: 00030000 00010000 "Bootloader"

mtd2: 00010000 00010000 "Config"

mtd3: 00010000 00010000 "Factory"

mtd4: 007b0000 00010000 "firmware"

mtd5: 0067ac57 00010000 "rootfs"

mtd6: 003a0000 00010000 "rootfs_data"

size is 0x00010000 = 65536 = 512*1024

how to use hexdump

hexdump -help

hexdump: invalid option -- h

BusyBox v1.22.1 (2017-02-25 15:19:37 CST) multi-call binary.

Usage: hexdump [-bcCdefnosvx] [FILE]...

Display FILEs (or stdin) in a user specified format

        -b              One-byte octal display

        -c              One-byte character display

        -C              Canonical hex+ASCII, 16 bytes per line

        -d              Two-byte decimal display

        -e FORMAT_STRING

        -f FORMAT_FILE

        -n LENGTH       Interpret only LENGTH bytes of input

        -o              Two-byte octal display

        -s OFFSET       Skip OFFSET bytes

        -v              Display all input data

        -x              Two-byte hexadecimal display

just use hexdump -C “FILE” to observe file content

Observe mtd3 file

hexdump -C /dev/mtd3

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ....q.]s.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

Mac: 60 08 71 85 5d 73

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00

Copy file from mtd3

shell

dd if=/dev/mtd3 of=/tmp/test_1.bin bs=512 count=1024 conv=sync

shell

hexdump -C test_1.bin

offset is:

0x00000000+4 = 4

0x00000020+9 = 41

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ...`.q.]s`.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

CGI code

#!/bin/sh

[ "$REQUEST_METHOD" = "GET"] && read QUERY_STRING

echo "Content-type: text/html;charset=UTF-8"

echo "posted data is $QUERY_STRING" >&2

echo

echo "<HTML><BODY>"

echo "<CENTER>Today is:</CENTER>"

echo "<CENTER><B>"

date

echo "</B></CENTER>"

#echo "Mac Address"

echo "<br>"

echo "<center>please input mac such as:FF.FF.FF.FF.FF.FF</center>"

echo "<br>"

echo "<center>Mac Address:<input type=\"text\" name=\"firstname\" id=\"mac\" value="">"

echo ""

echo "<input type=\"button\" value=\"OK\" id=\"btm\" οnclick=\"getValue()\"></center>"

echo ''

echo "<script>"

echo "function getValue() {"

echo "var msg = document.getElementById(\"mac\").value;"

#echo "document.getElementById(\"mac\").innerHTML=msg;"

echo "alert(\"Ready to write Mac \" + msg + \" to camera\")"

echo "}"

echo "</script>"

echo "</BODY></HTML>"

Final

get binary file “test_1.bin” from mtd device

shell

dd if=/dev/mtd3 of=test_1.bin ibs=512 obs=512 count=1024 skip=0 seek=0 conv=notrunc

write mac address to temp.bin

shell

echo -e -n "\x60\x08\x71\x85\x5d\x70" > temp.bin

overwrite file “temp.bin” to test_1.bin, offset is 4 and 41

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=4 conv=notrunc

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=41 conv=notrunc

Openwrt:逆向永久修改Flash中的Mac地址的更多相关文章

  1. Android中通过进程注入技术修改系统返回的Mac地址

    致谢 感谢看雪论坛中的这位大神,分享了这个技术:http://bbs.pediy.com/showthread.php?t=186054,从这篇文章中学习到了很多内容,如果没有这篇好文章,我在研究的过 ...

  2. 【转】busybox分析——arp设置ARP缓存表中的mac地址

    [转]busybox分析——arp设置ARP缓存表中的mac地址 转自:http://blog.chinaunix.net/uid-26009923-id-5098083.html 1. 将arp缓存 ...

  3. 【转载】取得系统中网卡MAC地址的三种方法

    From:http://blog.csdn.net/zhangting1987/article/details/2732135 网卡地址这个概念有点混淆不清.因为实际上有两个地址,mac地址和物理地址 ...

  4. 在Web中获取MAC地址

    很多时候都很难琢磨客户在想什么,也许是自己业务经验不足,也许是客户要显示出他在软件方面也非常的专业.记得以前听过一个故事,说一个富人想娶个媳妇,然后他比较钟意的有三个女人,然后就想从三个女人中选一个, ...

  5. 深度技术W10系统中绑定MAC地址和IP地址的设置技巧

    深度技术W10系统中绑定MAC地址和IP地址的设置技巧分享给大家,感兴趣的用户,请一起来了解下,以备以后作参考,具体如下:1.点击“开始——搜索”,输入CMD命令,然后在CMD上右键选择以管理员身份运 ...

  6. 修改pc机的mac地址 以及 mac地址的组成

    在"开始"菜单的"运行"中输入regedit,打开注册表编辑器,展开注册表到:HKEY_LOCAL_ MACHINE/System/CurrentControl ...

  7. 修改centos7/osx的MAC地址

    change MAC Address in CentOS 7: nano /etc/sysconfig/network-scripts/ifcfg-ens160 systemctl restart n ...

  8. Linux/CentOS下修改MAC地址

    Linux/CentOS下修改MAC地址 摘自:https://blog.csdn.net/qq_33233768/article/details/64906265 2017年03月22日 11:06 ...

  9. linux/Centos下查看和修改网卡Mac地址(ifconfig命令)

    本文转载自http://www.169it.com/article/14360294838474691537.html linux/Centos下查看网卡Mac地址,输入命令: #ifconfig - ...

随机推荐

  1. 你只要5行代码,拥有你的个性二维码,用Python生成动态二维码

    如果想了解更多关于python的应用,可以私信我,或者点击下方链接自行获取,里面到资料都是免费的(http://t.cn/A6Zvjdun) 二维码满天飞,但是有没有想过Python也能制作出专属于自 ...

  2. 原创Hbase1.2.1集群安装

    [hadoop@Hmaster install]$ tar -zxvf hbase-1.2.1-bin.tar.gz -C ~ [hadoop@Hmaster install]$vi ~/.bash_ ...

  3. Laravel 上手增删改查

    拿到一个框架,除了解框架,还要能实现基本的CURD操作. 添加 1.配置路由,指定添加页面: // routes/web.php 中增加如下: // 添加页面.存放路径 Laravel7/resour ...

  4. 原子类的ABA问题

    原子类AtomicInteger的ABA问题 连环套路 从AtomicInteger引出下面的问题 CAS -> Unsafe -> CAS底层思想 -> ABA -> 原子引 ...

  5. python 进阶篇 迭代器和生成器深入理解

    列表/元组/字典/集合都是容器.对于容器,可以很直观地想象成多个元素在一起的单元:而不同容器的区别,正是在于内部数据结构的实现方法. 所有的容器都是可迭代的(iterable).另外字符串也可以被迭代 ...

  6. tensorflow1.0 队列FIFOQueue管理实现异步读取训练

    import tensorflow as tf #模拟异步子线程 存入样本, 主线程 读取样本 # 1. 定义一个队列,1000 Q = tf.FIFOQueue(1000,tf.float32) # ...

  7. WebApi参数检查验证FluentValidation的使用方法

    右键打开NuGet程序包管理,进入浏览,搜索 FluentValidation,点击下载 在Model文件夹添加一个Person类进行校验 校验前,using需要引入相应的命名空间方可使用,Abstr ...

  8. CG-CTF(1)

    CG-CTF CG-CTF题目网址:https://cgctf.nuptsast.com/challenges#Web 第一题:签到题 查看页面源代码,得到flag(干杯~): 第二题:md5 col ...

  9. 2019-2020-1 20199329《Linux内核原理与分析》第五周作业

    <Linux内核原理与分析>第五周作业 一.上周问题总结: 虚拟机将c文件汇编成汇编文件时忘记添加include<stdio.h> gdb跟踪汇编过程不熟练 二.本周学习内容: ...

  10. java 之 enum(枚举)

    推荐博客 http://blog.csdn.net/javazejian/article/details/71333103