TP-Link Deco
https://www.mbreviews.com/tp-link-deco-m9-plus-wifi-mesh-system-review/
Qualcomm IPQ4019 @717 MHz 512 MB of RAM (Nanya NT5CC256M16DP-DI) 4 GB of flash memory (Micron MTFC4GACAAAM-1M) Qualcomm Atheros QCA8072 switch chip Qualcomm IPQ4019 chip 2×2:2 for the 2.4GHz radio IPQ4019 chip for the first 5GHz radio along with RFMD RFPA5542 power amplifier Qualcomm Atheros QCA9886 5GHz radio CSR8811 Bluetooth 4.2 SoC (Cambridge Silicon Radio) Mighty Gecko EFR32 MG1B232GG SoC
https://www.tp-link.com/fi/support/download/deco-m9-plus/
https://blog.keane.space/tp-link-deco-m5-hardware-hacking.html
https://wikidevi.wi-cat.ru/TP-LINK_Deco_M9_Plus_V1
https://forum.openwrt.org/t/ipq4019-adding-support-for-tp-link-deco-m5/85061
Mesh
prplmesh IEEE 1905.1 mesh
layer 2.5 intel beerocks controller / agent
PrplWRT OpenWRT Cisco Linksys WRT WRT54G used Linux, FSF sued Cisco for copyright infringement GPLv2 allows the use of opensource software, but only when code changes are shared. WRT communities, OpenWRT, DD-WRT, Tomato-WRT
ETH0 internal connection, ETH1 and ETH2 for Wireless Bridged and VLAN
Network ID
D807B664CB90
binwalk m9plus.bin
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 6164 0x1814 UBI erase count header, version: 1, EC: 0x0, VID header offset: 0x800, data offset: 0x1000 22824431 0x15C45EF Boot section Start 0x57424257 End 0x42703857
/usr/src/deco/ubifs-root/m9plus.bin/img-876186469_vol-kernel.ubifs /usr/src/deco/ubifs-root/m9plus.bin/img-876186469_vol-ubi_rootfs.ubifs
opnsense
monowall, pfsense, opnsense, forks
https://docs.opnsense.org/development/architecture.html
https://docs.opnsense.org/development/workflow.html
DCS-932L
Architecture MIPS24KEc System-On-Chip Ralink RT5350F Serial yes, 57600 8N1, no hardware flow control Bootloader uBoot
http://support.dlink.com.au/download/download.aspx?product=dcs-932l
http://files.dlink.com.au/products/DCS-932L/REV_B/Firmware/dcs932lb1_v2.14.04.bin
https://tsublogs.wordpress.com/2019/12/16/emulate-d-link-dcs-932l-camera-using-qemu/
https://www.youtube.com/watch?v=GIU4yJn2-2A
https://www.youtube.com/watch?v=oqk3cU7ekag
https://secure77.de/re-d-link-dc-932l-webcam-building-the-firmware/
MediaTek Ralink RT5350F, MIPS24KEc
https://www.mips.com/products/architectures/mips32-2/
uBoot, 57600 8N1, no hardware flow control
https://en.wikipedia.org/wiki/List_of_MIPS_architecture_processors
https://www.mips.com/products/architectures/mips32-2/
dd if=dcs932lb1_v2.14.04.bin count=327680 bs=1 of=uimage
dd if=uimage skip=105424 bs=1 count=1416 of=html
dd if=dcs932lb1_v2.14.04.bin skip=327680 count=327680 bs=1 of=image
binwalk -e dcs932lb1_v2.14.04.bin
binwalk -e 50040
binwalk -e 3AC000 DECIMAL HEXADECIMAL DESCRIPTION
DECIMAL HEXADECIMAL DESCRIPTION
0 0x0 uImage header, header size: 64 bytes, header CRC: 0x233C7C32, created: 2016-09-09 14:14:13, image size: 111116 bytes, Data Address: 0x80200000, Entry Point: 0x80200000, data CRC: 0xB7373BBA, OS: Linux, CPU: MIPS, image type: Standalone Program, compression type: none, image name: "SPI Flash Image"
91040 0x163A0 U-Boot version string, "U-Boot 1.1.3"
105424 0x19BD0-0x19D2A HTML document
105780 0x19D34-0x19DF4 HTML document
106140 0x19E9C-0x1A151 HTML document
327680 0x50000 uImage header, header size: 64 bytes, header CRC: 0xAD9CC72B, created: 2016-09-09 14:14:09, image size: 3814485 bytes, Data Address: 0x80000000, Entry Point: 0x8038B000, data CRC: 0xE047CA99, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
327744 0x50040 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 6476132 bytes
binwalk -e 50040
DECIMAL HEXADECIMAL DESCRIPTION
3256396 0x31B04C Linux kernel version 2.6.21
3257408 0x31B440 CRC32 polynomial table, little endian
3285504 0x322200 SHA256 hash constants, little endian
3291456 0x323940 AES Inverse S-Box
3292224 0x323C40 AES S-Box
3339176 0x32F3A8 Unix path: /usr/gnemul/irix/
3341104 0x32FB30 Unix path: /usr/lib/libc.so.1
3350344 0x331F48 Copyright string: "Copyright (c) 2010 Alpha Networks Inc."
3355188 0x333234 Unix path: /var/run/udhcpc.pid
3437640 0x347448 Unix path: /usr/bin/killall
3447784 0x349BE8 Unix path: /etc/Wireless/RT2860STA/RT2860STA.dat
3447920 0x349C70 Unix path: /etc/Wireless/RT2860/RT2860.dat
3515079 0x35A2C7 Neighborly text, "neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)(%s)"
3637728 0x3781E0 CRC32 polynomial table, little endian
3641200 0x378F70 AES S-Box
3850240 0x3AC000 LZMA compressed data, properties: 0x5D, dictionary size: 1048576 bytes, uncompressed size: 8464896 bytes
/_dcs932lb1_v2.14.04.bin.extracted/_50040.extracted/_3AC000.extracted$ file cpio-root/bin/busybox
cpio-root/bin/busybox: ELF 32-bit LSB executable, MIPS, MIPS-II version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, stripped
http://www.techpository.com/linux-unpacking-and-repacking-u-boot-uimage-files/
dd if=dcs932lb1_v2.14.04.bin count=327680 bs=1 of=uimage
dd if=uimage skip=105424 bs=1 count=1416 of=html
dd if=dcs932lb1_v2.14.04.bin skip=327680 count=327680 bs=1 of=kernel.lzma
binwalk -e dcs932lb1_v2.14.04.bin
binwalk -Me dcs932lb1_v2.14.04.bin
binwalk -e 50040
binwalk -e 3AC000
mkimage -l uimage-ext
GP Header: Size 27051956 LoadAddr 233c7c32
7z x 3AC000.lzma
dd if=50040 skip=8400 count=$((3841840-8400)) bs=1 of=../kernel.lzma
dumpimage -l dcs932lb1_v2.14.04.bin
GP Header: Size 27051956 LoadAddr 233c7c32
CC-5E-F8-2E-82-09
RZ616 Wi-Fi 6E 160MHz
https://www.catalog.update.microsoft.com/Search.aspx?q=MediaTek%20Wi-Fi%206E%20MT7922%20(RZ616)%20160MHz%20Wireless%20LAN%20Card
https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=98287189-aa74-4b82-9876-e9ac09785645#Overview
http://192.168.0.20 admin / b....
10.0.0.242 admin / admin
Current Firmware Version : 1.10.03 Current Firmware Date : 2015-02-03 Current Agent Version : 2.0.18-b61
Aktuelle Firmware 1.16b04 Aktuelle Firmware 26.10.2016
https://docs.qnap.com/application/qvr-center/qvrcenter1.3-ug-03-en-us.pdf