Thecus NAS Firmware Decryption

IoT 4个月前 admin

56 0 0

tl;dr tl;博士

The password I’ve seen consistently used across a few different firmware images is N16000. The cipher is DES-CBC using the MIT Kerberos DES_to_string_key function for key derivation.
我在几个不同的固件映像中看到的一致使用的密码是 N16000 。密码是 DES-CBC，使用 MIT Kerberos DES_to_string_key 函数进行密钥派生。

Introduction 介绍

Back in 2018 I did some research into Thecus NAS firmware. I found that the firmware was encrypted, and I figured out how to decrypt it using parts of the filename. The firmware for Thecus NAS are encrypted with DES-CBC using the MIT Kerberos DES_string_to_key function. I wrote up some basics scripts to complete this task and posted them here.
早在 2018 年，我就对 Thecus NAS 固件进行了一些研究。我发现固件是加密的，我想出了如何使用部分文件名来解密它。Thecus NAS 的固件使用 MIT Kerberos DES_string_to_key 功能通过 DES-CBC 加密。我编写了一些基本脚本来完成此任务并将它们发布在这里。

Flash forward to earlier this week, its been six years since I looked at this research and someone online reached out to me to ask a few questions about my scripts. For whatever reason they no longer were working. Thanks to pyro_phoenix for reaching out, and also for figuring out how to enable openssl cli to decrypt the firmware.
快进到本周早些时候，自从我看这项研究以来已经六年了，网上有人联系我，问了一些关于我的剧本的问题。无论出于何种原因，他们都不再工作了。 pyro_phoenix 感谢您伸出援手，也感谢您弄清楚如何启用 openssl cli 来解密固件。

It turns out DES-CBC is deprecated and the openssl cli will no longer allow the user to use DEC-CBC or DES-ECB by default. We can work around this by using a custom openssl.cnf file that enables legacy ciphers. Thanks again to pyro_phoenix for pointing out how to make the openssl cli command work for DES-CBC. This is an example of the openssl cli output when trying to use DES-CBC as the cipher:
事实证明，DES-CBC 已被弃用，默认情况下， openssl cli 将不再允许用户使用 DEC-CBC 或 DES-ECB。我们可以通过使用启用旧密码的自定义 openssl.cnf 文件来解决此问题。再次感谢 pyro_phoenix 指出如何使 openssl cli 命令适用于 DES-CBC。这是尝试用作 DES-CBC 密码时 openssl cli 输出的示例：

hex string is too long, ignoring excess
Error setting cipher DES-CBC
4097B607E1750000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:386:Global default library context, Algorithm (DES-CBC : 8), Properties ()

However, I did end up rewriting my origin bash scripts into a python program. The python program iterates through a list of all possible model names (I used the thecus website to build a collection of model names) and attempts to use each as the key to the encrypted firmware blob.
但是，我最终确实将我的原始 bash 脚本重写为 python 程序。python 程序遍历所有可能的模型名称列表（我使用 thecus 网站构建了模型名称的集合），并尝试将每个名称用作加密固件 blob 的密钥。

New Scripts 新脚本

My new python-based scripts are available on github for those who are interested. The new script still uses the string2key program I wrote, which is included in the repository. This program utilizes the DES_string_to_key function from openssl to derive a key from a string. I looked at several difficult python re-implementations of this function and none of the python-based solutions worked properly. Thus I decided to resort to shelling out to this small c program to handle key derivation.
我的新基于 python 的脚本可在 github 上找到，供有兴趣的人使用。新脚本仍然使用我编写的 string2key 程序，该程序包含在存储库中。该程序利用 openssl DES_string_to_key 中的函数从字符串派生键。我查看了此函数的几个困难的 python 重新实现，但没有一个基于 python 的解决方案正常工作。因此，我决定求助于这个小 c 程序来处理密钥派生。

The script is able to decrypt the firmware file itself using the pyDes python-only implementation of the DES cryptographic functions. The encrypt/decrypt functions are very very slow, as the author of the library notes: 10Kb/s. The average Thecus firmware file is about 180 megabytes in size, which means it takes hours to decrypt using the pyDes library. However, with using openssl cli, the time is reduced to less than a minute.
该脚本能够使用 DES 加密函数的 pyDes python 专用实现来解密固件文件本身。加密/解密功能非常非常慢，正如该库的作者所指出的那样： 10Kb/s .Thecus 固件文件的平均大小约为 180 MB，这意味着使用该 pyDes 库解密需要数小时。但是，使用 openssl cli 后，时间减少到不到一分钟。

The example openssl_legacy.cnf file provided in the repo can be used to enable legacy ciphers such as DES-CBC. You can pass this config file path using the OPENSSL_CONF environment variable. Even the original gist scripts should work if you set this environment variable to the provided openssl_legacy.cnf file.
存储库中提供的示例 openssl_legacy.cnf 文件可用于启用旧密码，例如 DES-CBC。您可以使用 OPENSSL_CONF 环境变量传递此配置文件路径。如果将此环境变量设置为提供的 openssl_legacy.cnf 文件，即使是原始的 gist 脚本也应该可以工作。

Example 例

sudo apt install libssl-dev
gcc -o string2key string2key.c -lssl -lcrypto
OPENSSL_CONF=openssl_legacy.cnf openssl des-cbc -d -in Thecus_x86_64_FW.2.06.03.cdv_build9857_N2800_N4510U_N4800_N5550_N7510.rom -out Thecus_x86_64_FW.2.06.03.cdv_build9857_N2800_N4510U_N4800_N5550_N7510.rom.decrypted.bin -iv 00000000000000000 -K $(./string2key N16000) -nopad -nosalt

Conclusion 结论

I haven’t looked at or thought about this research in 6 years and it was fun to revisit. I can’t really remember how I figured all of this out originally, but it was fun to formalize the research into a git repository instead of gists.
我已经 6 年没有看过或想过这项研究了，重温很有趣。我真的不记得我最初是如何弄清楚这一切的，但是将研究正式化到 git 存储库而不是 gist 中很有趣。

Lastly, I want to credit pyro_phoenix for reaching out and putting this back on my radar!
最后，我要感谢pyro_phoenix伸出援手，让它重新回到我的雷达上！

If you find anything cool in the firmware images, give me a shout out!
如果您在固件映像中发现任何很酷的东西，请给我大声疾呼！