Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

TL-MR3020 Serial Dump over Python Script

This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection.
DRAFT!

2016-01-10 17.02.58

2016-01-10 16.14.15

2016-01-10 17.05.32

import serial
import time

port = serial.Serial("/dev/ttyUSB0", baudrate=115200, timeout=60.0)

port.write("\n")
time.sleep(1)
port.write("root\n")
time.sleep(1)
port.write("5up\n")
time.sleep(1)

while True:
    port.flush()
    time.sleep(1)
    f = open("rootfs.img", "w")
    f.write('')
    f.close()
    f = open("rootfs.img", "a")
    port.write("cat /dev/mtdblock2\n")

    buffer = ''
    counter = 0

    while True:
        time.sleep(0.001)
        bytestoread = port.inWaiting()
        time.sleep(0.001)
        counter = counter +1
        if bytestoread > 0:
            counter = 0
            print "Bytes to read: " + str(bytestoread),
            buffer = port.read(bytestoread)
            print "Read: " + str(buffer)
            f.write(buffer)
            time.sleep(0.001)
        if counter > 1000:
            if f.tell() > 2000000L:
                print "Backup finished"
                while True:
                   pass
            print "Fatal Error! Size: " + str(f.tell()) + " Bytes"
            port.write("\x03")
            time.sleep(1)
            break

Leave a Reply

Your email address will not be published. Required fields are marked *

*