How D-Link Provides Firmware Source Codes

    Greetings to the Habrcans!

    At work, I have several old D-Link DI-524UP H / W Ver .: A1 routers , manufactured in 2005-2006 and inherited from the last admin. It is clear that these devices have served their purpose, become obsolete both morally and physically, and have long been on the shelf, but I was impressed by the fact that this model has a USB port, and the Linux operating system is the basis of the firmware .

    Unfortunately, the developers of the stock firmware pretty much limited their ability to work with a USB port: DI-524UP does not work with USB modems, flash drives and external HDDs. Alternative, more functional and modern firmware, such as OpenWRT or DD-WRT, exist for devices on the same processor as the DI-524UP - Realtek RTL8650B , but do not support the chip responsible for Wi-Fi RTL8185L . The prospect of abandoning the wireless Internet does not suit me, and to deal with the addition of RTL8185L support and the full compilation of DD-WRT or OpenWRT for my hardware seemed quite a challenge.

    I thought it would be nice to try a little rework of the stock firmware - add functionality, compile and install separate software packages, how much memory is enough in the device, rebuild the kernel and enable the necessary hardware support for the USB port.

    At the end of 2013 , a security vulnerability was discovered in some models of D-link routers - a software tab that allows attackers to gain control of the device. Details were discussed already earlier on Habr. Naturally, in the earlier version v.1.05 of the firmware dated November 15, 2007 and its source codes dated March 25, 2008and earlier this bookmark is present.

    After an uproar in late 2013 , D-Link released firmware updates for the DI-524UP Ax version v1.08b1 and v1.08b2 in which this vulnerability was closed. The manufacturer did not post the source codes of these firmwares for open access.

    Because Since the device’s firmware is based on the Linux kernel and free software, under the terms of the GPL , the developer must, at the request of others, provide his source codes. I requested the firmware source codes v1.08on the manufacturer’s forum. After some time, links appeared to the source codes of firmware v1.08b2.

    After downloading and unpacking the archives, I decided to file-by-file compare the source codes of versions v1.05 and v.1.08 . The result obtained puzzled me somewhat. The differences found are listed below under the spoiler:

    Differences in the contents of the source code archives of firmware versions v1.05 and v1.08b2
    diff -r ./1.05/GPL_Di524up/ ./1.08/GPL_Di524up/
    Только в ./1.08/GPL_Di524up/: D-Link
    Только в ./1.08/GPL_Di524up/: GPL
    Только в ./1.08/GPL_Di524up/: Offer
    Только в ./1.08/GPL_Di524up/user/goahead-2.1.4: original
    diff -r ./1.05/GPL_Di524up/vendors/Realtek/Di524up/Product.mk ./1.08/GPL_Di524up/vendors/Realtek/Di524up/Product.mk
    1,2c1,2
    < VERSIONPKG = v1.01
    < ALPHA_VERSION = v4.0.0b10
    ---
    > VERSIONPKG = v1.08
    > ALPHA_VERSION = v5.0.1b02
    Только в ./1.08/GPL_Di524up/: Written

    mips-toolchain:/opt/_compare# ls -la ./1.08/GPL_Di524up/D-Link ./1.08/GPL_Di524up/GPL ./1.08/GPL_Di524up/Offer ./1.08/GPL_Di524up/user/goahead-2.1.4/original ./1.08/GPL_Di524up/Written
    -rw-r--r-- 1 root root 0 2014-08-07 12:11 ./1.08/GPL_Di524up/D-Link
    -rw-r--r-- 1 root root 0 2014-08-07 12:11 ./1.08/GPL_Di524up/GPL
    -rw-r--r-- 1 root root 0 2014-08-07 12:11 ./1.08/GPL_Di524up/Offer
    -rw-r--r-- 1 root root 0 2014-08-07 12:11 ./1.08/GPL_Di524up/user/goahead-2.1.4/original
    -rw-r--r-- 1 root root 0 2014-08-07 12:11 ./1.08/GPL_Di524up/Written

    Thus, the fellow developers “cheated” and simply copied the version number from v1.05 (? 1.01) to v.1.08b2 in the firmware source codes and try to pass them off as the latest version. I asked a question about the technical support of D-link about these “manipulations” .

    UPD (12/27/2014) "source codes of version v1.05" were removed from the site , filed a request for restoration of the source codes of this version in general access - v1.05.

    UPD2 (01/19/2014) It seems that v1.01 was posted under v1.05, so it was removed from the site, in addition, if you look under the spoiler above:
    < VERSIONPKG = v1.01
    < ALPHA_VERSION = v4.0.0b10
    the versions in the code do not match the ones stated.

    To be continued...


    Also popular now: