Decrypt TP-Link config.bin Configuration Backup File

Configuration backup file can be downloaded from certain TP-Link devices by clicking Backup button on System Tools > Backup & Restore page. The downloaded configuration file, config.bin is encrypted.

To decrypt the config.bin file, use key 478DA50BF9E3D2CF.

openssl enc -d -des-ecb -nopad -K 478DA50BF9E3D2CF -in config.bin -out dec_config.bin

First 16 bytes of the output file, dec_config.bin is the MD5 hash of configuration text file.


Decrypted file may also contain null byte padding at the end. In this case there are 4 null bytes at the end of file.


To extract configuration text file, remove MD5 hash (First 16 bytes) and padding (Last 4 bytes). 

dd if=dec_config.bin of=config.txt bs=1 skip=16

truncate -s -4 config.txt

Output file, config.txt contains the configurations. Its MD5 hash should match the MD5 given in dec_config.bin.


Demo

Comments

  1. AnonymousJuly 10, 2023 at 1:00 AM


    Error setting cipher DES-ECB
    80BB7A91157F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (DES-ECB : 1), Properties ()

    ReplyDelete
    Replies
    1. al13December 23, 2023 at 5:40 PM

      Late here but hope you solved it. Just using an old version of SSL will fix that. OpenSSL 1.0.2 for example. This is because DES-ECB is an obsolete and insecure algorithm and newer versions of OpenSSL 'don't like' 50-year-old encryption standard.

      Delete
    2. Jack SlatteryFebruary 21, 2024 at 11:54 AM

      Just add `-provider legacy -provider default` at the end

      Delete
  2. AnonymousFebruary 11, 2024 at 8:44 PM

    It's a shame that my Archer AX73 AX4500 now uses aes-cbc. So this guide have no use for me. Please make a new guide showing how to decrypt it

    ReplyDelete
  3. AnonymousJune 4, 2024 at 3:43 AM

    Hello sir. I have Dasan H660GM. Firmware. I want to know super user password please help me 🙏🏻

    ReplyDelete

Post a Comment

Popular posts from this blog

Firmadyne Installation & Emulation of Firmware

Image
   Introduction Firmadyne can be used to perform emulation and analysis of Linux based firmware. Installation Install Ubuntu 18.04 LTS and upgrade all packages: sudo apt update sudo apt upgrade Install and configure other packages: sudo apt-get install busybox-static fakeroot git dmsetup kpartx netcat-openbsd nmap python3-psycopg2 snmp uml-utilities util-linux vlan python3-pip python3-magic sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10 git clone --recursive https://github.com/firmadyne/firmadyne.git git clone https://github.com/ReFirmLabs/binwalk.git cd binwalk sudo ./deps.sh sudo python ./setup.py install cd .. sudo apt-get install postgresql sudo -u postgres createuser -P firmadyne Give firmadyne as password. sudo -u postgres createdb -O firmadyne firmware sudo -u postgres psql -d firmware < ./firmadyne/database/schema cd firmadyne ./download.sh sudo apt-get install qemu-system-arm qemu-system-mips qemu-system-x86 qemu-utils nano firmadyne....
Read more

Extract / Create Cramfs File System from Ubuntu 20.04

Image
  Extract Cramfs Check the endianness of the Cramfs file: file cramfs  This is a big endian file. Convert  cramfs   file to little endian file  cramfs_le  using cramfsswap. cramfsswap cramfs cramfs_le Extract the little endian file  cramfs_le  to folder  fs  using fsck.cramfs. sudo fsck.cramfs --extract=fs cramfs_le Create Cramfs Use mkfs.cramfs to create Cramfs file system from the contents of folder  fs .To create a little endian file system: sudo mkfs.cramfs fs cramfs_new For big endian Cramfs file system: sudo mkfs.cramfs -N big fs cramfs_new Demo
Read more