get mtd device

cat /proc/mtd

dev:  size   erasesize  name

mtd0: 00800000 00010000 "ALL"

mtd1: 00030000 00010000 "Bootloader"

mtd2: 00010000 00010000 "Config"

mtd3: 00010000 00010000 "Factory"

mtd4: 007b0000 00010000 "firmware"

mtd5: 0067ac57 00010000 "rootfs"

mtd6: 003a0000 00010000 "rootfs_data"

size is 0x00010000 = 65536 = 512*1024

how to use hexdump

hexdump -help

hexdump: invalid option -- h

BusyBox v1.22.1 (2017-02-25 15:19:37 CST) multi-call binary.

Usage: hexdump [-bcCdefnosvx] [FILE]...

Display FILEs (or stdin) in a user specified format

        -b              One-byte octal display

        -c              One-byte character display

        -C              Canonical hex+ASCII, 16 bytes per line

        -d              Two-byte decimal display

        -e FORMAT_STRING

        -f FORMAT_FILE

        -n LENGTH       Interpret only LENGTH bytes of input

        -o              Two-byte octal display

        -s OFFSET       Skip OFFSET bytes

        -v              Display all input data

        -x              Two-byte hexadecimal display

just use hexdump -C “FILE” to observe file content

Observe mtd3 file

hexdump -C /dev/mtd3

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ....q.]s.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

Mac: 60 08 71 85 5d 73

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00

Copy file from mtd3

shell

dd if=/dev/mtd3 of=/tmp/test_1.bin bs=512 count=1024 conv=sync

shell

hexdump -C test_1.bin

offset is:

0x00000000+4 = 4

0x00000020+9 = 41

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ...`.q.]s`.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

CGI code

#!/bin/sh

[ "$REQUEST_METHOD" = "GET"] && read QUERY_STRING

echo "Content-type: text/html;charset=UTF-8"

echo "posted data is $QUERY_STRING" >&2

echo

echo "<HTML><BODY>"

echo "<CENTER>Today is:</CENTER>"

echo "<CENTER><B>"

date

echo "</B></CENTER>"

#echo "Mac Address"

echo "<br>"

echo "<center>please input mac such as:FF.FF.FF.FF.FF.FF</center>"

echo "<br>"

echo "<center>Mac Address:<input type=\"text\" name=\"firstname\" id=\"mac\" value="">"

echo ""

echo "<input type=\"button\" value=\"OK\" id=\"btm\" οnclick=\"getValue()\"></center>"

echo ''

echo "<script>"

echo "function getValue() {"

echo "var msg = document.getElementById(\"mac\").value;"

#echo "document.getElementById(\"mac\").innerHTML=msg;"

echo "alert(\"Ready to write Mac \" + msg + \" to camera\")"

echo "}"

echo "</script>"

echo "</BODY></HTML>"

Final

get binary file “test_1.bin” from mtd device

shell

dd if=/dev/mtd3 of=test_1.bin ibs=512 obs=512 count=1024 skip=0 seek=0 conv=notrunc

write mac address to temp.bin

shell

echo -e -n "\x60\x08\x71\x85\x5d\x70" > temp.bin

overwrite file “temp.bin” to test_1.bin, offset is 4 and 41

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=4 conv=notrunc

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=41 conv=notrunc

Openwrt:逆向永久修改Flash中的Mac地址的更多相关文章

  1. Android中通过进程注入技术修改系统返回的Mac地址

    致谢 感谢看雪论坛中的这位大神,分享了这个技术:http://bbs.pediy.com/showthread.php?t=186054,从这篇文章中学习到了很多内容,如果没有这篇好文章,我在研究的过 ...

  2. 【转】busybox分析——arp设置ARP缓存表中的mac地址

    [转]busybox分析——arp设置ARP缓存表中的mac地址 转自:http://blog.chinaunix.net/uid-26009923-id-5098083.html 1. 将arp缓存 ...

  3. 【转载】取得系统中网卡MAC地址的三种方法

    From:http://blog.csdn.net/zhangting1987/article/details/2732135 网卡地址这个概念有点混淆不清.因为实际上有两个地址,mac地址和物理地址 ...

  4. 在Web中获取MAC地址

    很多时候都很难琢磨客户在想什么,也许是自己业务经验不足,也许是客户要显示出他在软件方面也非常的专业.记得以前听过一个故事,说一个富人想娶个媳妇,然后他比较钟意的有三个女人,然后就想从三个女人中选一个, ...

  5. 深度技术W10系统中绑定MAC地址和IP地址的设置技巧

    深度技术W10系统中绑定MAC地址和IP地址的设置技巧分享给大家,感兴趣的用户,请一起来了解下,以备以后作参考,具体如下:1.点击“开始——搜索”,输入CMD命令,然后在CMD上右键选择以管理员身份运 ...

  6. 修改pc机的mac地址 以及 mac地址的组成

    在"开始"菜单的"运行"中输入regedit,打开注册表编辑器,展开注册表到:HKEY_LOCAL_ MACHINE/System/CurrentControl ...

  7. 修改centos7/osx的MAC地址

    change MAC Address in CentOS 7: nano /etc/sysconfig/network-scripts/ifcfg-ens160 systemctl restart n ...

  8. Linux/CentOS下修改MAC地址

    Linux/CentOS下修改MAC地址 摘自:https://blog.csdn.net/qq_33233768/article/details/64906265 2017年03月22日 11:06 ...

  9. linux/Centos下查看和修改网卡Mac地址(ifconfig命令)

    本文转载自http://www.169it.com/article/14360294838474691537.html linux/Centos下查看网卡Mac地址,输入命令: #ifconfig - ...

随机推荐

  1. K - Two Contests

    题目连接:https://atcoder.jp/contests/agc040/tasks/agc040_b 大佬题解:https://blog.csdn.net/duanghaha/article/ ...

  2. 最新VMware虚拟机安装Linux系统-CentOS(详细教程)

    一.前言 最近有网友反应初学Linx不会安装,找了许多教程不是太全面,总会遇到一些要不是启动不了,要不是连不上网,各种问题,为了让大家能够顺利的安装,小乐写了一个非常详细的教程,让大家少入坑. 二.背 ...

  3. Java集合案例(产生不重复随机数)

    获取10个1-20之间的随机数,要求不能重复 用数组实现,但是数组的长度是固定的,长度不好确定.所以我们使用集合实现. 分析:A:创建产生随机数的对象B:创建一个存储随机数的集合C:定义一个统计变量. ...

  4. CSS选择器与CSS的继承,层叠和特殊性

    什么是选择器?选择器{样式;},在{}之前的部分就是"选择器","选择器"指明了{}中的"样式"的作用对象,也就是"样式" ...

  5. amba H2平台用PWM控制LCD背光

    ambarella H2系列Soc的GPIO口能作PWM使用的个数有限(GPIO0-GPIO3),从PRM里GPIO: Function Selection章节可以得到如何配置GPIO为PWM功能. ...

  6. 让Vagrant在Windwos下支持使用NFS/SMB共享文件夹从而解决目录共享IO缓慢的问题

    此问题是在拥有相同配置的环境中,项目在win10跑的慢而在win7就正常的情况下发现的,一步步调试之后发现是文件操作的相关行为变的很慢,于是考虑到可能是系统问题,后来在如下链接找到了解决办法:http ...

  7. Docker网络与存储(三)

    Docker的网络和存储 1.1 Docker的4种网络模式 host模式,使用--net=host指定. container模式,使用--net=container:NAME_or_ID指定. no ...

  8. rabbitMQ本地安装(Mac版)

    一. 首先测试本机器是否安装wget命令 (可以通过wget www.baidu.com来测试,如果有响应则可直接进入步骤二,如果报错或者提示未安装wget则需要先安装wget) 1http://ft ...

  9. Django入门4: ORM 数据库操作

    大纲 一.DjangoORM 创建基本类型及生成数据库表结构 1.简介 2.创建数据库 表结构 二.Django ORM基本增删改查 1.表数据增删改查 2.表结构修改 三.Django ORM 字段 ...

  10. CCF系列奖获奖名单公布,鲍虎军、周志华获CCF王选奖 | CNCC 2017

    本文讲的是CCF系列奖获奖名单公布,鲍虎军.周志华获CCF王选奖 | CNCC 2017, 由中国计算机学会(CCF)主办,福州市人民政府.福州大学承办,福建师范大学.福建工程学院协办的2017中国计 ...