get mtd device

cat /proc/mtd

dev:  size   erasesize  name

mtd0: 00800000 00010000 "ALL"

mtd1: 00030000 00010000 "Bootloader"

mtd2: 00010000 00010000 "Config"

mtd3: 00010000 00010000 "Factory"

mtd4: 007b0000 00010000 "firmware"

mtd5: 0067ac57 00010000 "rootfs"

mtd6: 003a0000 00010000 "rootfs_data"

size is 0x00010000 = 65536 = 512*1024

how to use hexdump

hexdump -help

hexdump: invalid option -- h

BusyBox v1.22.1 (2017-02-25 15:19:37 CST) multi-call binary.

Usage: hexdump [-bcCdefnosvx] [FILE]...

Display FILEs (or stdin) in a user specified format

        -b              One-byte octal display

        -c              One-byte character display

        -C              Canonical hex+ASCII, 16 bytes per line

        -d              Two-byte decimal display

        -e FORMAT_STRING

        -f FORMAT_FILE

        -n LENGTH       Interpret only LENGTH bytes of input

        -o              Two-byte octal display

        -s OFFSET       Skip OFFSET bytes

        -v              Display all input data

        -x              Two-byte hexadecimal display

just use hexdump -C “FILE” to observe file content

Observe mtd3 file

hexdump -C /dev/mtd3

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ....q.]s.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

Mac: 60 08 71 85 5d 73

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00

Copy file from mtd3

shell

dd if=/dev/mtd3 of=/tmp/test_1.bin bs=512 count=1024 conv=sync

shell

hexdump -C test_1.bin

offset is:

0x00000000+4 = 4

0x00000020+9 = 41

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ...`.q.]s`.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

CGI code

#!/bin/sh

[ "$REQUEST_METHOD" = "GET"] && read QUERY_STRING

echo "Content-type: text/html;charset=UTF-8"

echo "posted data is $QUERY_STRING" >&2

echo

echo "<HTML><BODY>"

echo "<CENTER>Today is:</CENTER>"

echo "<CENTER><B>"

date

echo "</B></CENTER>"

#echo "Mac Address"

echo "<br>"

echo "<center>please input mac such as:FF.FF.FF.FF.FF.FF</center>"

echo "<br>"

echo "<center>Mac Address:<input type=\"text\" name=\"firstname\" id=\"mac\" value="">"

echo ""

echo "<input type=\"button\" value=\"OK\" id=\"btm\" οnclick=\"getValue()\"></center>"

echo ''

echo "<script>"

echo "function getValue() {"

echo "var msg = document.getElementById(\"mac\").value;"

#echo "document.getElementById(\"mac\").innerHTML=msg;"

echo "alert(\"Ready to write Mac \" + msg + \" to camera\")"

echo "}"

echo "</script>"

echo "</BODY></HTML>"

Final

get binary file “test_1.bin” from mtd device

shell

dd if=/dev/mtd3 of=test_1.bin ibs=512 obs=512 count=1024 skip=0 seek=0 conv=notrunc

write mac address to temp.bin

shell

echo -e -n "\x60\x08\x71\x85\x5d\x70" > temp.bin

overwrite file “temp.bin” to test_1.bin, offset is 4 and 41

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=4 conv=notrunc

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=41 conv=notrunc

Openwrt:逆向永久修改Flash中的Mac地址的更多相关文章

  1. Android中通过进程注入技术修改系统返回的Mac地址

    致谢 感谢看雪论坛中的这位大神,分享了这个技术:http://bbs.pediy.com/showthread.php?t=186054,从这篇文章中学习到了很多内容,如果没有这篇好文章,我在研究的过 ...

  2. 【转】busybox分析——arp设置ARP缓存表中的mac地址

    [转]busybox分析——arp设置ARP缓存表中的mac地址 转自:http://blog.chinaunix.net/uid-26009923-id-5098083.html 1. 将arp缓存 ...

  3. 【转载】取得系统中网卡MAC地址的三种方法

    From:http://blog.csdn.net/zhangting1987/article/details/2732135 网卡地址这个概念有点混淆不清.因为实际上有两个地址,mac地址和物理地址 ...

  4. 在Web中获取MAC地址

    很多时候都很难琢磨客户在想什么,也许是自己业务经验不足,也许是客户要显示出他在软件方面也非常的专业.记得以前听过一个故事,说一个富人想娶个媳妇,然后他比较钟意的有三个女人,然后就想从三个女人中选一个, ...

  5. 深度技术W10系统中绑定MAC地址和IP地址的设置技巧

    深度技术W10系统中绑定MAC地址和IP地址的设置技巧分享给大家,感兴趣的用户,请一起来了解下,以备以后作参考,具体如下:1.点击“开始——搜索”,输入CMD命令,然后在CMD上右键选择以管理员身份运 ...

  6. 修改pc机的mac地址 以及 mac地址的组成

    在"开始"菜单的"运行"中输入regedit,打开注册表编辑器,展开注册表到:HKEY_LOCAL_ MACHINE/System/CurrentControl ...

  7. 修改centos7/osx的MAC地址

    change MAC Address in CentOS 7: nano /etc/sysconfig/network-scripts/ifcfg-ens160 systemctl restart n ...

  8. Linux/CentOS下修改MAC地址

    Linux/CentOS下修改MAC地址 摘自:https://blog.csdn.net/qq_33233768/article/details/64906265 2017年03月22日 11:06 ...

  9. linux/Centos下查看和修改网卡Mac地址(ifconfig命令)

    本文转载自http://www.169it.com/article/14360294838474691537.html linux/Centos下查看网卡Mac地址,输入命令: #ifconfig - ...

随机推荐

  1. util.Date与sql.Date的异同以及相互转换

    Java中有两个Date类 一个是java.util.Date通常情况下用它获取当前时间或构造时间 另一个是java.sql.Date是针对SQL语句使用的,它只包含日期而没有时间部分 两个类型的时间 ...

  2. L20 梯度下降、随机梯度下降和小批量梯度下降

    airfoil4755 下载 链接:https://pan.baidu.com/s/1YEtNjJ0_G9eeH6A6vHXhnA 提取码:dwjq 梯度下降 (Boyd & Vandenbe ...

  3. [安全] Kali Linux安装TheFatRat

    一.解决访问国外网络的问题 由于字符敏感,以下所有vray的第二位都需要加上"2". 1.使用vray客户端 前提条件:拥有一个海外vray服务器提供socks5代理. 1)下载v ...

  4. asp.net core webapi Session 跨域

    在ajax 请求是也要加相应的东西 $.ajax({ url:url, //加上这句话 xhrFields: { withCredentials: true } success:function(re ...

  5. Asp.Net Core 3.0 学习3、Web Api 文件上传 Ajax请求以及跨域问题

    1.创建Api项目 我用的是VS2019 Core3.1 .打开Vs2019 创建Asp.Net Core Web应用程序命名CoreWebApi 创建选择API 在Controller文件夹下面添加 ...

  6. 2018版移动端ui规范

    计规范是一种将移动端常用控件标准化.统一化的的文档 今天整理了一篇设计规范的文章概论,讲诉中会以ios做介绍,安卓由于开源,平台相对教多不做单一阐述,实际操作的时候,我们不管是做一代还是二次的迭代产品 ...

  7. Java的自动装箱

    JDK5的新特性自动装箱:把基本类型转换为包装类类型自动拆箱:把包装类类型转换为基本类型 注意一个小问题: 在使用时,Integer x = null;代码就会出现NullPointerExcepti ...

  8. 关于go的通信通道channel——chan的一些问题

    go版本 1.8 chan类型的声明,有以下几种: var c chan int c := make(chan int) //slice.map.chan都可以通过用make来初始化,其中map.ch ...

  9. 为什么redis是单线程的以及为什么这么快?

    官网的说法 我们先来认真看一下官网的说法.翻译过来大意如下: CPU并不是您使用Redis的瓶颈,因为通常Redis要么受内存限制,要么受网络限制.例如,使用在一般Linux系统上运行的流水线Redi ...

  10. C#多线程(14):任务基础②

    目录 判断任务状态 再说父子任务 组合任务/延续任务 复杂的延续任务 并行(异步)处理任务 并行(同步)处理任务 并行任务的 Task.WhenAny 并行任务状态 循环中值变化问题 定时任务 Tas ...