Hi all,
First of all I apologize if I am posting in the wrong forum.
I have a WAG54GP2V2 router which is locked by my ISP. This router contains a DSL modem as well as 2 VoIP ports. It is very similar to the WRTP54G router.
It has the AR7 processor and 8MB of flash.
I have opened the router and dumped the flash memory using a JTAG cable.
I have managed to obtain the NVRAM information from the flash file.
I also mounted the squashfs root partition and explored in there.
The firwmare version shown in the web interface is : Firmware Version: 2.01.03
What i am trying to get is the credentials for the Voice tab. How do i go about in figuring out in which area in flash memory i should look?
I have search the memory areas indicated by the documentation for the WRTP54G but i cannot find anything.
What i found are two memory areas with identical contents which i presume are the WRTP54G corresponding areas marked as CONFIG_A and CONFIG_B
These areas are in : 0x007a1000 and 0x007b0800
I tried zlib decompressing these areas by saving to a file first but it doesnt work. Area size is 26159 bytes
Also, what is the CRYPT_KEY used for? Encrypting what values?
The ADMIN_PWD value, what is it used for ? Console access? I already have the web passwords.
There is no SSH access or anything on the box. Only telnet and its very limited. When i login these are the only commands available:
router(main)#?
access-list no access-list configure vpn voice-nmm
exit help ? iflist interface
ip dhcp ipcp parental ping reboot
restart show saveall status traceroute
upgrade
The following information is stored in the flash regading /dev/mtd mountpoints :
mtd0.0x900e0000,0x90760000
mtd1.0x9002007e:01800000,0x90760000
mtd2.0x90000000,0x90020000
mtd3.0x907e007e:01c00000,0x90800000
mtd4.0x90780000,0x907c0000
mtd5.0x9076007e:02000000,0x90780000
mtd6.0x907c0000,0x907e0000
Thank you in advance.
Michael
(Last edited by maikol on 15 Jun 2008, 17:49)