get mtd device

cat /proc/mtd

dev:  size   erasesize  name

mtd0: 00800000 00010000 "ALL"

mtd1: 00030000 00010000 "Bootloader"

mtd2: 00010000 00010000 "Config"

mtd3: 00010000 00010000 "Factory"

mtd4: 007b0000 00010000 "firmware"

mtd5: 0067ac57 00010000 "rootfs"

mtd6: 003a0000 00010000 "rootfs_data"

size is 0x00010000 = 65536 = 512*1024

how to use hexdump

hexdump -help

hexdump: invalid option -- h

BusyBox v1.22.1 (2017-02-25 15:19:37 CST) multi-call binary.

Usage: hexdump [-bcCdefnosvx] [FILE]...

Display FILEs (or stdin) in a user specified format

        -b              One-byte octal display

        -c              One-byte character display

        -C              Canonical hex+ASCII, 16 bytes per line

        -d              Two-byte decimal display

        -e FORMAT_STRING

        -f FORMAT_FILE

        -n LENGTH       Interpret only LENGTH bytes of input

        -o              Two-byte octal display

        -s OFFSET       Skip OFFSET bytes

        -v              Display all input data

        -x              Two-byte hexadecimal display

just use hexdump -C “FILE” to observe file content

Observe mtd3 file

hexdump -C /dev/mtd3

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ....q.]s.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

Mac: 60 08 71 85 5d 73

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00

Copy file from mtd3

shell

dd if=/dev/mtd3 of=/tmp/test_1.bin bs=512 count=1024 conv=sync

shell

hexdump -C test_1.bin

offset is:

0x00000000+4 = 4

0x00000020+9 = 41

00000000  28 76 06 00 60 08 71 85  5d 73 00 00 00 00 00 00  |(v..`.q.]s......|

00000010  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

00000020  00 00 00 00 20 00 00 00  60 08 71 85 5d 73 60 08  |.... ...`.q.]s`.|

00000030  71 85 5d 71 11 34 00 20  ff ff 00 01 00 00 00 00  |q.]q.4. ........|

00000040  00 00 22 00 00 00 00 00  30 00 00 00 00 00 00 00  |..".....0.......|

00000050  82 00 00 94 40 b2 c0 ca  21 83 82 81 40 ca 21 80  |....@...!...@.!.|

00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000a0  c6 c6 c6 c4 c4 c0 c0 c6  c4 c6 c4 c4 c0 c0 00 00  |................|

000000b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

000000e0  11 1d 11 1d 1c 35 1c 35  1e 35 1e 35 17 19 17 19  |.....5.5.5.5....|

000000f0  02 00 00 00 d8 80 80 88  00 00 00 00 00 00 00 00  |................|

00000100  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000120  00 00 00 00 00 00 00 00  00 00 00 00 00 00 77 00  |..............w.|

00000130  11 1d 11 1d 15 7f 15 7f  17 7f 17 7f 10 3b 10 3b  |.............;.;|

00000140  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

*

00000400  ff ff ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |................|

*

00010000

CGI code

#!/bin/sh

[ "$REQUEST_METHOD" = "GET"] && read QUERY_STRING

echo "Content-type: text/html;charset=UTF-8"

echo "posted data is $QUERY_STRING" >&2

echo

echo "<HTML><BODY>"

echo "<CENTER>Today is:</CENTER>"

echo "<CENTER><B>"

date

echo "</B></CENTER>"

#echo "Mac Address"

echo "<br>"

echo "<center>please input mac such as:FF.FF.FF.FF.FF.FF</center>"

echo "<br>"

echo "<center>Mac Address:<input type=\"text\" name=\"firstname\" id=\"mac\" value="">"

echo ""

echo "<input type=\"button\" value=\"OK\" id=\"btm\" οnclick=\"getValue()\"></center>"

echo ''

echo "<script>"

echo "function getValue() {"

echo "var msg = document.getElementById(\"mac\").value;"

#echo "document.getElementById(\"mac\").innerHTML=msg;"

echo "alert(\"Ready to write Mac \" + msg + \" to camera\")"

echo "}"

echo "</script>"

echo "</BODY></HTML>"

Final

get binary file “test_1.bin” from mtd device

shell

dd if=/dev/mtd3 of=test_1.bin ibs=512 obs=512 count=1024 skip=0 seek=0 conv=notrunc

write mac address to temp.bin

shell

echo -e -n "\x60\x08\x71\x85\x5d\x70" > temp.bin

overwrite file “temp.bin” to test_1.bin, offset is 4 and 41

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=4 conv=notrunc

shell

dd if=temp.bin of=test_1.bin ibs=1 obs=1 count=6 skip=0 seek=41 conv=notrunc

Openwrt:逆向永久修改Flash中的Mac地址的更多相关文章

  1. Android中通过进程注入技术修改系统返回的Mac地址

    致谢 感谢看雪论坛中的这位大神,分享了这个技术:http://bbs.pediy.com/showthread.php?t=186054,从这篇文章中学习到了很多内容,如果没有这篇好文章,我在研究的过 ...

  2. 【转】busybox分析——arp设置ARP缓存表中的mac地址

    [转]busybox分析——arp设置ARP缓存表中的mac地址 转自:http://blog.chinaunix.net/uid-26009923-id-5098083.html 1. 将arp缓存 ...

  3. 【转载】取得系统中网卡MAC地址的三种方法

    From:http://blog.csdn.net/zhangting1987/article/details/2732135 网卡地址这个概念有点混淆不清.因为实际上有两个地址,mac地址和物理地址 ...

  4. 在Web中获取MAC地址

    很多时候都很难琢磨客户在想什么,也许是自己业务经验不足,也许是客户要显示出他在软件方面也非常的专业.记得以前听过一个故事,说一个富人想娶个媳妇,然后他比较钟意的有三个女人,然后就想从三个女人中选一个, ...

  5. 深度技术W10系统中绑定MAC地址和IP地址的设置技巧

    深度技术W10系统中绑定MAC地址和IP地址的设置技巧分享给大家,感兴趣的用户,请一起来了解下,以备以后作参考,具体如下:1.点击“开始——搜索”,输入CMD命令,然后在CMD上右键选择以管理员身份运 ...

  6. 修改pc机的mac地址 以及 mac地址的组成

    在"开始"菜单的"运行"中输入regedit,打开注册表编辑器,展开注册表到:HKEY_LOCAL_ MACHINE/System/CurrentControl ...

  7. 修改centos7/osx的MAC地址

    change MAC Address in CentOS 7: nano /etc/sysconfig/network-scripts/ifcfg-ens160 systemctl restart n ...

  8. Linux/CentOS下修改MAC地址

    Linux/CentOS下修改MAC地址 摘自:https://blog.csdn.net/qq_33233768/article/details/64906265 2017年03月22日 11:06 ...

  9. linux/Centos下查看和修改网卡Mac地址(ifconfig命令)

    本文转载自http://www.169it.com/article/14360294838474691537.html linux/Centos下查看网卡Mac地址,输入命令: #ifconfig - ...

随机推荐

  1. R语言kohonen包主要函数介绍

    最近准备写一篇关于自组织映射 (Self-organizing map)的文章.SOM的代码很多,研究了一圈之后目前使用最顺手的是R语言的kohonen包. 这个kohonen包功能很丰富,但是接口不 ...

  2. BeanShell计算支付价格

    问题:需要获取支付价格,而支付价格是商品价格*折扣 解决:先将商品价格和折扣获取出来,然后使用BeanShell将两个值相乘,获得最后的支付价格 1.使用json提取器提取商品的价格 2.使用正则表达 ...

  3. java实现自定义哈希表

    哈希表实现原理 哈希表底层是使用数组实现的,因为数组使用下标查找元素很快.所以实现哈希表的关键就是把某种数据类型通过计算变成数组的下标(这个计算就是hashCode()函数 比如,你怎么把一个字符串转 ...

  4. java Int类型转为double 类型;string转double

    int a=12; double b=(double)a; or double c=Double.valueOf((double)a); string a_s="12"; doub ...

  5. php continue 跳出多重循环

    来源参考:https://blog.csdn.net/xyy94813/article/details/50834938 /* * 在PHP中break语句不仅可以跳出当前循环,还可以指定跳出几层循环 ...

  6. Openstack object list 一次最多有一万个 object

    When you request a list of containers or objects, Object Storage returns a maximum of 10,000 names f ...

  7. Hexo博客插入图片的方法

    Hexo博客插入图片的方法 hexo图片blog hexo blog 插入图片的方法总结 hexo 的blog 内容是根据 markdown 文件的内容生成的html文件, 生成的文件全部在 /pub ...

  8. rabbitMQ安装docker版 /权限管理命令

    1.进入docker hub镜像仓库地址:https://hub.docker.com/ 2.搜素rabbitMQ 查询镜像,可以看到多种类型,选择带有web页面的(managment) 3.拉取镜像 ...

  9. 【Linux常见命令】find命令

    find - search for files in a directory hierarchy find命令用来在指定目录下查找文件. 任何位于参数之前的字符串都将被视为欲查找的目录名. 如果使用该 ...

  10. Angular 7开发环境配置

    目录 前言 一.搭建项目  1.安装Angular CLI  2.创建项目  3.集成Element Angular 二.设置路由  1.创建路由模块  2.导入.导出RouterModule类  3 ...