{"id":13840483,"url":"https://github.com/0xricksanchez/dlink-decrypt","last_synced_at":"2025-06-15T19:34:54.080Z","repository":{"id":56658707,"uuid":"255309919","full_name":"0xricksanchez/dlink-decrypt","owner":"0xricksanchez","description":"D-Link firmware decryption PoC","archived":false,"fork":false,"pushed_at":"2023-12-21T05:03:52.000Z","size":26965,"stargazers_count":176,"open_issues_count":3,"forks_count":45,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-03-24T09:39:17.415Z","etag":null,"topics":["cryptography","decryption","dlink","encryption","firmware","firmware-analysis","firmware-security","iot"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xricksanchez.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-13T11:43:10.000Z","updated_at":"2025-03-23T21:16:32.000Z","dependencies_parsed_at":"2024-12-26T19:06:32.727Z","dependency_job_id":"212fd2ff-9343-4232-92a5-cef98d93c0fa","html_url":"https://github.com/0xricksanchez/dlink-decrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fdlink-decrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fdlink-decrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fdlink-decrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fdlink-decrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xricksanchez","download_url":"https://codeload.github.com/0xricksanchez/dlink-decrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248662546,"owners_count":21141591,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","decryption","dlink","encryption","firmware","firmware-analysis","firmware-security","iot"],"created_at":"2024-08-04T17:00:49.334Z","updated_at":"2025-04-13T04:25:47.785Z","avatar_url":"https://github.com/0xricksanchez.png","language":"C","readme":"# dlink-decrypt\n\n## ⚠️**DISCLAIMER**⚠️\n\nThe provided PoC works for the handful of devices that deploy this specific encrpytion scheme.   \nThe reversing here was done for educational purposes.  \nIf this PoC doesn't work for you and your encrypted firmware does not start with a 4-byte \"SHRS\" pattern that's expected.  \nEncryption schemes change over time.  \n\n\n## General\n\nThis is the PoC code for my [blogpost series](https://0x00sec.org/t/breaking-the-d-link-dir3060-firmware-encryption-recon-part-1/21943) about breaking encrypted D-Link firmware samples for further analysis:\n\n* [part 1](https://0x00sec.org/t/breaking-the-d-link-dir3060-firmware-encryption-recon-part-1/21943)\n* [part 2](https://0x00sec.org/t/breaking-the-d-link-dir3060-firmware-encryption-static-analysis-of-the-decryption-routine-part-2-1/22099)\n* [part 3](https://0x00sec.org/t/breaking-the-d-link-dir3060-firmware-encryption-static-analysis-of-the-decryption-routine-part-2-2/22260/)\n\n## Repo Contents\n\n* src --\u003e My re-constructed C code from the `imgdecrypt` disassembly\n* bin --\u003e Has compiled x64 versions of the `imgdecrypt` binary\n* DIR_3060 --\u003e Contains `public.pem` and the `imgdecrypt` binary from their root fs\n* DIR_882 --\u003e Analogous to *DIR_3060*\n* test --\u003e some test binaries for un-/packing\n\n# Usage\n\nFor the basic decryption of a sample you can just invoke the python script as follows:\n``` \n$ ./dlink-dec.py\nUsage: python3 ./dlink-dec.py -i \u003cin\u003e -o \u003cout\u003e\n```\n\nI've also rapidly prototypted a D-Link like encryption that mimics the original one. You can test it by adding a mode flag to the invocation:\n```\n$ ./dlink-dec.py\nUsage: python3 ./dlink-dec.py -i \u003cin\u003e -o \u003cout\u003e -m enc\n```\n\n## Alternative way:\nAs always there is also an alternative way using `openssl`:\n\n```bash\ndd if=enc.bin skip=1756 iflag=skip_bytes|openssl aes-128-cbc -d -p -nopad -nosalt -K \"c05fbf1936c99429ce2a0781f08d6ad8\" -iv \"67c6697351ff4aec29cdbaabf2fbe346\" --nosalt -in /dev/stdin -out dec.bin\n```\n","funding_links":[],"categories":["C"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fdlink-decrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xricksanchez%2Fdlink-decrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fdlink-decrypt/lists"}