DAP-1325 #10
Description
Edit: I confirmed this works for DAP-1610 as well, possibly other models :)
@devttys0 DAP-1325 firmware version 1.03 and later are encrypted with the file header DAP-1325 A1 1.03 01 encrypt. However the file DAP-1325 A1 FW v1.02 (Middle FW) is available at https://tsd.dlink.com.tw/ddgo. After extracting, we find the code that handles the firmware upload and decryption at etc_ro/web/cgi-bin/upload.cgi. It uses AES_ECB with the hardcoded key 3bae351628aed2a60bf71528c9cfdf3c
`from Crypto.Cipher import AES
KEY = bytes.fromhex("3bae351628aed2a60bf71528c9cfdf3c")
with open(“/path/to/DAP-1325A1_FW103b01.bin","rb") as f:
header = f.read(0x40)
enc = f.read()
cipher = AES.new(KEY, AES.MODE_ECB)
dec = cipher.decrypt(enc)
pad = dec[-1]
dec = dec[:-pad]
with open(“/path/to/DAP-1325A1_FW103b01_decrypt.bin","wb") as f:
f.write(header + dec)
`