pls groot genoeg

readme.md

@@ -0,0 +1,204 @@
+school project
+
+
+stap 1 firmware downloaden
+stap 2 extract de binary met binwalk
+stap3:
+de geextracte binary had enkele files die html documents bleken te zijnn en dan een zip file
+de files hielden in:
+19BD0
+19D34
+19E9C
+50040
+en 50040.7z
+
+
+stap 4:
+ik besloot om de files elk om beurt wat beter te bekijken en te eindigen met de 7zip file omdat deze het interessants leek. Uit de extractie van binwalk daarnet heb ik ook gezien dat meerdere van deze files geclassificeerd werden als html headers. nu als ik een cat zou uitvoeren op een van deze files zou dit een tijdje duren, dus er is waarschijnlijk een groot deel data waar ik niets mee ben. Ik heb dus de tool strings gebruikt op deze file en de uitkomst gepiped naar de naam van het
+bestand met een achtervoegsel .strings
+ik heb hiermee uitgevonden dat 19BD0 een stuk html bezit die gemaakt blijkt te zijn voor het updaten van de firmware:
+
+
+<html><head><title>Emergency Room</title></head><body><center><h1>UPDATING FIRMWARE</h1><p>This page can be used to update the firmware of this device.</p><form name=upload method=post enctype=multipart/form-data><p><input type=file name=firmware size=30></p><p><input type=submit name=post value='Upload firmware NOW'></p></form></center></body></html>
+<html><head><title>FAILED</title></head><body><center><h1>FAILED TO UPLOAD IMAGE</h1><p>Unable to upload the image, please make sure the uploaded file is the correct image.</p></center></body></html>
+
+
+
+daarna volgde wat ik verwacht een config te zijn voor een html server, of een http header:
+
+
+HTTP/1.1 200 OK
+Date: Fri, 11 Jul 2008 12:00:00 GMT
+Content-Type: text/html; charset=utf-8
+Content-Length: %d
+Server: Emergency Room
+Conection: Close
+
+
+en dan meer html
+
+
+<html><head><title>SUCCESS</title><script>
+var count = 90;
+function init() { countdown(); }
+function countdown()
+        count--;
+        document.getElementById('WaitInfo').value = count;
+        if (count >= 1) setTimeout('countdown()',1000);
+        else top.location.href="";
+</script></head><body onload='init()'><center><h1>IMAGE UPLOADED SUCCESSFULLY</h1><p>%d bytes uploaded.</p><p>The WEB server is shuting down and the firmware updating will start immediately. Please <font color=red><strong>DO NOT POWER OFF</strong></font> the device. And please wait for <input type='Text' readonly id='WaitInfo' value='90' size='3' style='border-width:0; color:#FF3030; text-align:center'> seconds...</p></center></body></html>
+
+
+
+hier kunnen we zien dat er een script runnned dat een countdown doet van 90 naar 1 met een timeout van 1000 ms?
+
+
+dan volgt een stuk config file:
+
+bootcmd=tftp
+bootdelay=5
+baudrate=57600
+ethaddr="00:AA:BB:CC:DD:10"
+ipaddr=192.168.0.20
+serverip=192.168.0.3
+
+dan enkele lijnen van chars en dan een linux kernel image
+
+
+de volgende file is 19D34.strings
+
+ik denk dat binwalk gewoon alles geextract heeft maar meerdere keren, want deze fil is gewoon hetzelfde als de vorige maar zonder de eerste html pagina
+
+dit blijkt ook zo te zijn voor 19e9C, wat ook begint met de html tag maar nu van het laatste stuk html
+
+de laatste strings file lijkt gewoon data te zijn, er is niks van code te vinden met enkele greps naar belangrijke woorden, zoals server, html, etc
+
+
+
+nu komen we aan de zip file, specifiek een 7zip, jammer genoeg is dit extracten niet doenbaar, 7zip geeft een error, binwalk heeft dit dus jammer genoeg niet geweldig geextract. Na terug te kijken in de binwalk output zie ik dat er ook nog een stuk compressed data is van het LZMA formaat. en na wat googelen kwam ik een manier tegen om dit te extracten. door eerst het stuk van de lzma uit te knippen (wat gelukkig aan het einde van mijn binary zit) kan ik dit dan extracten. Dit
+kan ik doen door een tool die dd noemt te gebruiken.
+na dd te gebruiken heb ik dus de juiste chunk eruit geknipt, en voor de veiligheid heb ik ook de kernel eruit geknipt. Jammer genoeg geeft lzma een error wanneer ik dit probeer te extracten. Na opnieuw wat te googelen kwam ik op een stackoverflow die zei dat dit kwam omdat je het inleest als een bestand ipv een stream, de oplossing was dus om het in te lezen met een stream wanneer je het probeert te extracten. dit zal nog altijd een error geven, maar je zult je bestand hebben om op voort
+te werken.
+
+hierna voerde ik een binwalk uit op het bestand aangezien het veel groter is en daarna ook een strings: 
+
+output binwalk:
+DECIMAL       HEXADECIMAL     DESCRIPTION
+--------------------------------------------------------------------------------
+2100864       0x200E80        MySQL MISAM compressed data file Version 8
+3260492       0x31C04C        Linux kernel version "2.6.21 (andy@ipcam-linux.alphanetworks.com) (gcc version 3.4.2) #537 Tue Jul 3 11:17:25 CST 2018"
+3261504       0x31C440        CRC32 polynomial table, little endian
+3289600       0x323200        SHA256 hash constants, little endian
+3354536       0x332FA8        Copyright string: "Copyright (c) 2010 Alpha Networks Inc."
+3365554       0x335AB2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/mlme.c:%d assert SupRateLen <= MAX_LEN_OF_SUPPORTED_RATESfailed
+3365678       0x335B2E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/mlme.c:%d assert ExtRateLen <= MAX_LEN_OF_SUPPORTED_RATESfailed
+3368674       0x3366E2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/action.c:%d assert pAd->BATable.BAOriEntry[i].Wcid < MAX_LEN_OF_MAC_TABLEfailed
+3368814       0x33676E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/action.c:%d assert pBAEntry->Wcid < MAX_LEN_OF_MAC_TABLEfailed
+3369298       0x336952        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert mpdu_blkfailed
+3369394       0x3369B2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert listfailed
+3369486       0x336A0E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert mpdu_blk->pPacketfailed
+3369590       0x336A76        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pBAEntry->list.qlen == 0failed
+3369874       0x336B92        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert TID < NUM_OF_TIDfailed
+3370370       0x336D82        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pEntryfailed
+3370462       0x336DDE        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pAd->BATable.numAsOriginator != 0failed
+3370654       0x336E9E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pAd->BATable.numAsRecipient != 0failed
+3371190       0x3370B6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pAd->MacTab.Content[Elem->Wcid].Sst == SST_ASSOCfailed
+3371690       0x3372AA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pRxBlk->pRxPacketfailed
+3371842       0x337342        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert (0<= pBAEntry->list.qlen) && (pBAEntry->list.qlen <= pBAEntr
+3372002       0x3373E2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert pBAEntryfailed
+3372146       0x337472        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert 0failed
+3372234       0x3374CA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/ba_action.c:%d assert (pBAEntry->list.qlen == 0) && (pBAEntry->list.next == NULL)f
+3372382       0x33755E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pEntryfailed
+3372678       0x337686        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert Length <= MGMT_DMA_BUFFER_SIZEfailed
+3372850       0x337732        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pTxWIfailed
+3373206       0x337896        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pProbeEntry != NULLfailed
+3373346       0x337922        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pProbeEntryfailed
+3373458       0x337992        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert (pktLen > 34)failed
+3373558       0x3379F6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pSrcBuffailed
+3373650       0x337A52        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pRxBlk->pRxPacketfailed
+3373882       0x337B3A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pAd->FragFrame.LastFrag == 0failed
+3373998       0x337BAE        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pHeaderfailed
+3374154       0x337C4A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data.c:%d assert pAd->FragFrame.pFragPacketfailed
+3375390       0x33811E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/rtmp_init.c:%d assert (Length==0) || (pDest && pSrc)failed
+3396606       0x33D3FE        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_asic.c:%d assert BssIndex < 4failed
+3396706       0x33D462        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_asic.c:%d assert KeyIdx < 4failed
+3401182       0x33E5DE        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data_pci.c:%d assert QueIdx < NUM_OF_TX_RINGfailed
+3401362       0x33E692        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/cmm_data_pci.c:%d assert pAd->ate.QID == 0failed
+3410462       0x340A1E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert 0failed
+3410546       0x340A72        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert pRxWI->WirelessCliID == BSSID_WCIDfailed
+3411058       0x340C72        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert pAd->SharedKey[BSS0][0].CipherAlg <= CIPHER_CKIP128failed
+3411194       0x340CFA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert pTxBlk->MpduHeaderLen >= 24failed
+3411306       0x340D6A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert pTxBlkfailed
+3411398       0x340DC6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert (pTxBlk->TxPacketList.Number > 1)failed
+3411514       0x340E3A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert (pTxBlk->TxPacketList.Number == 2)failed
+3411634       0x340EB2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert TX_BLK_TEST_FLAG(pTxBlk, fTX_bAllowFrag)failed
+3411758       0x340F2E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/rtmp_data.c:%d assert pTxBlk->TxPacketList.Numberfailed
+3411990       0x341016        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/sta/connect.c:%d assert SsidLen <= MAX_LEN_OF_SSIDfailed
+3430642       0x3458F2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert memfailed
+3430774       0x345976        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert DataLenfailed
+3430870       0x3459D6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert pDatafailed
+3431114       0x345ACA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert pPacketfailed
+3431210       0x345B2A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert DataSize < 1530failed
+3431314       0x345B92        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert pHeader802_3failed
+3431570       0x345C92        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert pNetDevfailed
+3431858       0x345DB2        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert (prefixLen < IFNAMSIZ)failed
+3431970       0x345E22        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert ((slotNameLen + prefixLen) < IFNAMSIZ)failed
+3432590       0x34608E        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_linux.c:%d assert pTaskfailed
+3432682       0x3460EA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_profile.c:%d assert pPacketfailed
+3432778       0x34614A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_profile.c:%d assert dev_pfailed
+3432906       0x3461CA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_profile.c:%d assert pRxBlk->pRxPacketfailed
+3433382       0x3463A6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/os/linux/rt_main_dev.c:%d assert pAdfailed
+3435026       0x346A12        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/ate/common/rt_ate.c:%d assert (BbpValue == 0x04)failed
+3435450       0x346BBA        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/ate/common/rt_ate.c:%d assert RestoreRfICType != 0failed
+3441134       0x3481EE        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/ate/common/rt_qa.c:%d assert bbp_data == valuefailed
+3445578       0x34934A        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/rt_rf.c:%d assert (regID <= pAd->chipCap.MaxNumOfRfId)failed
+3450854       0x34A7E6        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/wsc.c:%d assert DataLen < MGMT_DMA_BUFFER_SIZEfailed
+3452768       0x34AF60        Unix path: /etc/Wireless/RT2860STA/RT2860STA.dat
+3452904       0x34AFE8        Unix path: /etc/Wireless/RT2860/RT2860.dat
+3454578       0x34B672        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/wsc.c:%d assert pWscPeer != NULLfailed
+3458626       0x34C642        Unix path: /net/wireless/rt2860v2_sta/../rt2860v2/common/wsc_v2.c:%d assert pEntry!=NULLfailed
+3520063       0x35B63F        Neighborly text, "neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)(%s)"
+3637728       0x3781E0        CRC32 polynomial table, little endian
+3850240       0x3AC000        LZMA compressed data, properties: 0x5D, dictionary size: 1048576 bytes, uncompressed size: 7787520 bytes
+
+>
+
+als we hiernaar kijken zien we opnieuw een lzma file onderaan die we kunnen extracten, daarboven staat een pak data over unix filesystems met enkele links naar os/linux etc. dit zal dus hetgeen zijn dat de linux kernel start. en de lzma data onderaan is dan hopelijk ons linux fs.
+
+nu na dit te extracten was het nog altijd een volledige file, en na het file command hierop te runnen blijkt dit een ASCII cpio archive "(SVR4 with no CRC)" te zijn
+
+gelukkig kwam ik op enkele video's die hierover uitleg gaven om het te extracten, aangezien dit een linux filesystem is kan dit problemen geven met uitpakken en mijn fs te overschrijven (paths op deze filesystem zouden niet moeten verwijzen naar de mijne en zo problemen te geven)
+
+dit gaf enkele fouten:
+Cannot mknod: Operation not permitted
+deze error kwam voor bij veel van de files in de dev filesystem, dit zal ik later uit moeten zoeken, want als ik hier zelf mee begin te experimenteren dan kan ik mss mijn eigen filesystem wrecken
+
+een ls command van de folder struct:
+
+cpio git:(master) ✗ ls
+bin  dev  etc  etc_ro  home  init  lib  media  mnt  mydlink  proc  sbin  sys  tmp  usr  var
+
+
+
+en nu kan het interessante beginnen. Ik het toegang tot een linux filesystem waar ik kan zoeken naar verschillende vulnerabilities, bv als men een vaste user account instelt dan kan ik deze hierin vinden. en als men dit niet doet maar wel een reset mogelijkheid geeft zonder dat je ingelogt moet zijn wat kan leiden tot de standaart account die terug komt kan dit ook een vulnerability zijn, demogelijkheden zijn eindeloos.
+
+de eerste folder die mijn aandacht trok was een folder genaamt:
+
+
+mydlink
+
+het was vindbaar op de root van het fs en bevatte enkele scripts
+
+d
+
+een van de eerste scripts of executables was een binary file(dcp) waar ik een grep gedaan had op een strings naar username, en ik kreeg enkele items maar geen aanduidingen, nog geen idee wat deze file doet
+
+de tweede file die mij interesseerde was een file genaamt
+mydlink-watch-dog.sh
+
+hierin vond ik enkele dingen uit: het systeem gebruikt een apache webserver en 
+
+
+
+
+

verb/binary/attemp2/fs/cpio/bin/ash

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/cat

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/chmod

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/cp

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/date

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/echo

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/grep

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/kill

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/login

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/ls

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/mkdir

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/mknod

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/mount

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/netstat

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/nvram_get

@@ -0,0 +1 @@
+ralink_init

verb/binary/attemp2/fs/cpio/bin/nvram_set

@@ -0,0 +1 @@
+ralink_init

verb/binary/attemp2/fs/cpio/bin/ping

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/ps

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/pwd

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/rm

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/sed

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/sh

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/sleep

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/sync

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/touch

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/bin/umount

@@ -0,0 +1 @@
+busybox

verb/binary/attemp2/fs/cpio/etc/fstab

@@ -0,0 +1,8 @@
+proc            /proc           proc    defaults 0 0
+none            /var            ramfs   defaults 0 0
+none            /etc            ramfs   defaults 0 0
+none            /tmp            ramfs   defaults 0 0
+none            /media          ramfs   defaults 0 0
+none            /sys            sysfs   default  0 0
+none            /dev/pts        devpts  default  0 0
+none            /proc/bus/usb   usbfs   defaults 0 0

verb/binary/attemp2/fs/cpio/etc_ro/Wireless/RT2860AP/RT2860_default_novlan

@@ -0,0 +1,187 @@
+#The word of "Default" must not be removed
+Default
+WebInit=1
+HostName=ralink
+Login=admin
+Password=admin
+OperationMode=0
+Platform=RT5350
+wanConnectionMode=STATIC
+wan_ipaddr=10.10.10.254
+wan_netmask=255.255.255.0
+wan_gateway=10.10.10.253
+wan_primary_dns=168.95.1.1
+wan_secondary_dns=8.8.8.8
+wan_pppoe_user=pppoe_user
+wan_pppoe_pass=pppoe_passwd
+wan_l2tp_server=l2tp_server
+wan_l2tp_user=l2tp_user
+wan_l2tp_pass=l2tp_passwd
+wan_l2tp_mode=0
+wan_l2tp_ip=10.10.10.254
+wan_l2tp_netmask=255.255.255.0
+wan_l2tp_gateway=10.10.10.253
+wan_pptp_server=pptp_server
+wan_pptp_user=pptp_user
+wan_pptp_pass=pptp_passwd
+wan_pptp_mode=0
+wan_pptp_ip=10.10.10.254
+wan_pptp_netmask=255.255.255.0
+wan_pptp_gateway=10.10.10.253
+lan_ipaddr=10.10.10.254
+lan_netmask=255.255.255.0
+dhcpEnabled=1
+dhcpStart=10.10.10.100
+dhcpEnd=10.10.10.200
+dhcpMask=255.255.255.0
+dhcpPriDns=168.95.1.1
+dhcpSecDns=8.8.8.8
+dhcpGateway=10.10.10.254
+dhcpLease=86400
+stpEnabled=0
+lltdEnabled=0
+igmpEnabled=0
+natEnabled=1
+IPPortFilterEnable=0
+IPPortFilterRules=
+PortForwardEnable=0
+PortForwardRules=
+MacFilterEnable=0
+MacFilterRules=
+DefaultFirewallPolicy=1
+DMZEnable=0
+DMZIPAddress=
+TZ=
+NTPServerIP=
+NTPSync=
+DDNSProvider=
+DDNS=
+DDNSAccount=
+DDNSPassword=
+CountryRegion=5
+CountryRegionABand=7
+CountryCode=
+BssidNum=1
+SSID1=RT5350_AP
+WirelessMode=9
+TxRate=0
+Channel=1
+BasicRate=15
+BeaconPeriod=100
+DtimPeriod=1
+TxPower=100
+DisableOLBC=0
+BGProtection=0
+TxAntenna=
+RxAntenna=
+TxPreamble=1
+RTSThreshold=2347
+FragThreshold=2346
+TxBurst=1
+PktAggregate=1
+TurboRate=0
+WmmCapable=1
+APAifsn=3;7;1;1
+APCwmin=4;4;3;2
+APCwmax=6;10;4;3
+APTxop=0;0;94;47
+APACM=0;0;0;0
+BSSAifsn=3;7;2;2
+BSSCwmin=4;4;3;2
+BSSCwmax=10;10;4;3
+BSSTxop=0;0;94;47
+BSSACM=0;0;0;0
+AckPolicy=0;0;0;0
+APSDCapable=0
+DLSCapable=0
+NoForwarding=0
+NoForwardingBTNBSSID=0
+HideSSID=0
+ShortSlot=1
+AutoChannelSelect=0
+SecurityMode=0
+VLANEnable=0
+VLANName=
+VLANID=0
+VLANPriority=0
+WscConfMode=0
+WscConfStatus=2
+WscAKMP=1
+WscConfigured=0
+WscModeOption=0
+WscActionIndex=9
+WscPinCode=
+WscRegResult=1
+WscUseUPnP=1
+WscUseUFD=0
+WscSSID=RalinkInitialAP
+WscKeyMGMT=WPA-EAP
+WscConfigMethod=138
+WscAuthType=1
+WscEncrypType=1
+WscNewKey=scaptest
+IEEE8021X=0
+IEEE80211H=0
+CSPeriod=6
+PreAuth=0
+AuthMode=OPEN
+EncrypType=NONE
+RekeyInterval=3600
+RekeyMethod=DISABLE
+PMKCachePeriod=10
+WPAPSK1=12345678
+DefaultKeyID=1
+Key1Type=0
+Key1Str1=
+Key2Type=0
+Key2Str1=
+Key3Type=0
+Key3Str1=
+Key4Type=0
+Key4Str1=
+WapiPskType=0
+HSCounter=0
+HT_HTC=1
+HT_RDG=1
+HT_LinkAdapt=0
+HT_OpMode=0
+HT_MpduDensity=5
+HT_EXTCHA=1
+HT_BW=1
+HT_AutoBA=1
+HT_BADecline=0
+HT_AMSDU=0
+HT_BAWinSize=64
+HT_GI=1
+HT_STBC=1
+HT_MCS=33
+HT_PROTECT=1
+HT_MIMOPS=3
+HT_40MHZ_INTOLERANT=0
+HT_TxStream=1
+HT_RxStream=1
+HT_DisallowTKIP=1
+HT_BSSCoexistence=1
+NintendoCapable=0
+AccessPolicy0=0
+AccessControlList0=
+AccessPolicy1=0
+AccessControlList1=
+AccessPolicy2=0
+AccessControlList2=
+AccessPolicy3=0
+AccessControlList3=
+WdsEnable=0
+WdsEncrypType=NONE
+WdsList=
+WdsKey=
+WirelessEvent=0
+RADIUS_Server=
+RADIUS_Port=1812
+RADIUS_Key=
+RADIUS_Acct_Server=
+RADIUS_Acct_Port=1813
+RADIUS_Acct_Key=
+session_timeout_interval=0
+idle_timeout_interval=0
+staWirelessMode=9

verb/binary/attemp2/fs/cpio/etc_ro/Wireless/RT2860AP/RT2860_default_vlan

@@ -0,0 +1,564 @@
+#The word of "Default" must not be removed
+Default
+WebInit=1
+#WiFiTest=0
+#HostName=ralink
+#Login=admin
+#Password=admin
+OperationMode=0
+Platform=RT5350
+Telnet=0
+CountryRegion=5
+CountryRegionABand=7
+CountryCode=NA
+#wanConnectionMode=DHCP
+#wan_ipaddr=192.168.1.1
+#wan_netmask=255.255.255.0
+#wan_gateway=192.168.1.254
+#wan_primary_dns=192.168.1.5
+#wan_secondary_dns=168.95.1.1
+#wan_pppoe_user=pppoe_user
+#wan_pppoe_pass=pppoe_passwd
+#wan_l2tp_server=l2tp_server
+#wan_l2tp_user=l2tp_user
+#wan_l2tp_pass=l2tp_passwd
+#wan_l2tp_mode=0
+#wan_l2tp_ip=192.168.1.1
+#wan_l2tp_netmask=255.255.255.0
+#wan_l2tp_gateway=192.168.1.254
+#wan_pptp_server=pptp_server
+#wan_pptp_user=pptp_user
+#wan_pptp_pass=pptp_passwd
+#wan_pptp_mode=0
+#wan_pptp_ip=192.168.1.1
+#wan_pptp_netmask=255.255.255.0
+#wan_pptp_gateway=192.168.1.254
+#lan_ipaddr=2.65.87.200
+#lan_netmask=255.0.0.0
+#dhcpEnabled=0
+#dhcpStart=10.10.10.100
+#dhcpEnd=10.10.10.200
+#dhcpMask=255.255.255.0
+#dhcpPriDns=10.10.10.251
+#dhcpSecDns=168.95.1.1
+#dhcpGateway=10.10.10.254
+#dhcpLease=86400
+#stpEnabled=0
+#lltdEnabled=0
+#igmpEnabled=0
+#natEnabled=0
+#IPPortFilterEnable=0
+#IPPortFilterRules=
+#PortForwardEnable=0
+#PortForwardRules=
+#MacFilterEnable=0
+#MacFilterRules=
+#DefaultFirewallPolicy=1
+#DMZEnable=0
+#DMZIPAddress=
+#TZ=
+#NTPServerIP=
+#NTPSync=
+#DDNSProvider=
+#DDNS=
+#DDNSAccount=
+#DDNSPassword=
+BssidNum=1
+#SSID1=RT305x_AP_andy
+#WirelessMode=9
+#TxRate=0
+#Channel=6
+BasicRate=15
+#BeaconPeriod=100
+DtimPeriod=1
+TxPower=100
+DisableOLBC=0
+BGProtection=0
+#TxAntenna=
+#RxAntenna=
+#TxPreamble=0
+RTSThreshold=2347
+FragThreshold=2346
+TxBurst=1
+PktAggregate=1
+#TurboRate=0
+WmmCapable=1
+APAifsn=3;7;1;1
+APCwmin=4;4;3;2
+APCwmax=6;10;4;3
+APTxop=0;0;94;47
+APACM=0;0;0;0
+BSSAifsn=3;7;2;2
+BSSCwmin=4;4;3;2
+BSSCwmax=10;10;4;3
+BSSTxop=0;0;94;47
+BSSACM=0;0;0;0
+AckPolicy=0;0;0;0
+APSDCapable=0
+DLSCapable=0
+NoForwarding=0
+NoForwardingBTNBSSID=0
+#HideSSID=0
+ShortSlot=1
+AutoChannelSelect=0
+#SecurityMode=0
+#VLANEnable=0
+#VLANName=
+#VLANID=0
+#VLANPriority=0
+
+#########################################
+# Cannot remove these WscXXX Parameters #
+#########################################
+WscConfMode=0
+WscConfStatus=2
+WscAKMP=1
+WscConfigured=0
+WscModeOption=0
+WscActionIndex=9
+WscPinCode=
+WscRegResult=1
+WscUseUPnP=1
+WscUseUFD=0
+WscSSID=RalinkInitialAP
+WscKeyMGMT=WPA-EAP
+WscConfigMethod=138
+WscAuthType=1
+WscEncrypType=1
+WscNewKey=scaptest
+
+IEEE8021X=0
+IEEE80211H=0
+CSPeriod=6
+PreAuth=0
+#AuthMode=OPEN
+#EncrypType=NONE
+RekeyInterval=3600
+RekeyMethod=DISABLE
+PMKCachePeriod=10
+#WPAPSK1=12345678
+#DefaultKeyID=1
+#Key1Type=0
+#Key1Str1=
+#Key2Type=0
+#Key2Str1=
+#Key3Type=0
+#Key3Str1=
+#Key4Type=0
+#Key4Str1=
+#HSCounter=0
+HT_HTC=0
+HT_RDG=0
+#HT_LinkAdapt=0
+HT_OpMode=0
+HT_MpduDensity=5
+HT_EXTCHA=1
+#HT_BW=0
+HT_AutoBA=1
+HT_BADecline=0
+HT_AMSDU=0
+HT_BAWinSize=64
+HT_GI=1
+HT_STBC=1
+HT_MCS=33
+HT_PROTECT=1
+#HT_MIMOPS=3
+HT_40MHZ_INTOLERANT=0
+HT_TxStream=1
+HT_RxStream=1
+#NintendoCapable=0
+#AccessPolicy0=0
+#AccessControlList0=
+#AccessPolicy1=0
+#AccessControlList1=
+#AccessPolicy2=0
+#AccessControlList2=
+#AccessPolicy3=0
+#AccessControlList3=
+#WdsEnable=0
+#WdsEncrypType=NONE
+#WdsList=
+#WdsKey=
+WirelessEvent=0
+RADIUS_Server=
+RADIUS_Port=1812
+RADIUS_Key=
+#RADIUS_Acct_Server=
+#RADIUS_Acct_Port=1813
+#RADIUS_Acct_Key=
+session_timeout_interval=0
+#idle_timeout_interval=0
+#staWirelessMode=9
+###################################
+## ED CCA Profile                ##
+###################################
+EDCCA_AP_STA_TH=1
+EDCCA_AP_AP_TH=1
+EDCCA_STA_SCANED_AP_TH=5
+EDCCA_STA_CURRENT_CH_APS_TH=1
+EDCCA_STA_RSSI_TH=-100
+EDCCA_ED_TH=90
+EDCCA_FALSE_CCA_TH=180
+EDCCA_BLOCK_CHECK_TH=2
+###################################
+### IPCam Default Configuration ###
+### Company: D-Link             ###
+### Model  : DCS-930L           ###
+###################################
+# System #
+CameraName=DCS-930L
+Location=
+AdminID=admin
+AdminPassword=
+LEDControl=0
+SnapshotURLAuthentication=0
+# Date and Time #
+DateTimeMode=1
+TimeServerIPAddress=
+TimeServerProtocol=0
+TimeZone=0
+TimeZoneIndex=0
+Date=2014-01-01
+Time=00:00:00
+# User Access Control # ### UserValue=UserName/Password/Privilege ###
+AccessControlEnable=0
+User1=
+User2=
+User3=
+User4=
+User5=
+User6=
+User7=
+User8=
+User9=
+User10=
+User11=
+User12=
+User13=
+User14=
+User15=
+User16=
+User17=
+User18=
+User19=
+User20=
+User21=
+User22=
+User23=
+User24=
+User25=
+User26=
+User27=
+User28=
+User29=
+User30=
+User31=
+User32=
+User33=
+User34=
+User35=
+User36=
+User37=
+User38=
+User39=
+User40=
+User41=
+User42=
+User43=
+User44=
+User45=
+User46=
+User47=
+User48=
+User49=
+User50=
+User51=
+User52=
+User53=
+User54=
+User55=
+User56=
+User57=
+User58=
+User59=
+User60=
+User61=
+User62=
+User63=
+User64=
+# Image #
+VideoResolution=1
+CompressionRate=2
+FrameRate=0
+BrightnessControl=64
+ContrastControl=64
+SaturationControl=64
+SharpnessControl=32
+LightFrequency=1
+Mirror=0
+AntiFlickerEnable=0
+ViewMode=0
+VideoResolution264=3
+FrameRate264=30
+BitRate264=8
+# Network # #IP Mode: 1-(Fixed), 4-(DHCP), 5-(PPPoE)#
+IPAddressMode=1
+IPAddress=2.65.87.200
+SubnetMask=255.0.0.0
+DefaultGateway=
+PPPoEUserID=
+PPPoEPassword=
+DNSIPAddress1=
+DNSIPAddress2=
+DDNSEnable=0
+DDNSProvider=
+DDNSHostName=
+DDNSUserName=
+DDNSPassword=
+DDNSTimeout=576
+SecondHTTPPortEnable=3
+SecondHTTPPort=80
+UPnPEnable=1
+UPnPPortForwarding=0
+HTTPAuthentication=0
+# Wireless #
+ConnectionMode=0
+SSID=Test-WPS-andy
+WirelessChannel=6
+TransmissionRate=0
+WEPEncryption=4
+WEPKeyFormat=0
+Key1=
+Key2=
+Key3=
+Key4=
+TxKey=1
+BeaconInterval=100
+Preamble=0
+AuthenticationType=2
+PreSharedKey=PSK12345
+WirelessDisable=0
+WirelessMode=0
+WirelessBW=0
+APExtendName=0
+APSSID=Test-Repeater-Andy
+APSSIDHidden=0
+APWEPEncryption=0
+APWEPKeyFormat=0
+APKey1=
+APAuthenticationType=0
+APPreSharedKey=PSK12345
+APMaxClient=3
+# FTP #
+FTPHostAddress=
+FTPPortNumber=21
+FTPUserName=
+FTPPassword=
+FTPDirectoryPath=/
+FTPPassiveMode=0
+FTPScheduleEnable=0
+FTPScheduleMode=0
+FTPScheduleDay=
+FTPScheduleTimeStart=00:00:00
+FTPScheduleTimeStop=00:00:00
+FTPScheduleVideoFrequencyMode=0
+FTPScheduleFramePerSecond=1
+FTPScheduleSecondPerFrame=1
+FTPScheduleBaseFileName=
+FTPScheduleFileMode=1
+FTPScheduleMaxFileSequenceNumber=1024
+FTPCreateFolderInterval=0
+#FTPManualEnable=0
+#FTPManualBaseFileName=
+#FTPManualFileMode=
+#FTPManualMaxFileSequenceNumber=
+# E-Mail #
+EmailSMTPServerAddress=
+EmailSMTPPortNumber=25
+EmailSenderAddress=
+EmailReceiverAddress=
+EmailUserName=
+EmailPassword=
+EmailTLSAuthentication=0
+EmailScheduleEnable=0
+EmailScheduleMode=0
+EmailScheduleDay=
+EmailScheduleTimeStart=00:00:00
+EmailScheduleTimeStop=00:00:00
+EmailScheduleInterval=300
+EmailMotionMode=1
+EmailMotionFrameInterval=1
+#EmailManualEnable=0
+#EmailManualInterval=300
+# Audio #
+AudioEnable=1
+AudioVolume=80
+AudioCodec=0
+AudioSampleBit=1
+AudioSampleRate=1
+SpeakerEnable=1
+SpeakerVolume=80
+# MotionDetection #
+MotionDetectionEnable=0
+MotionDetectionBlockSet=0000000000000000000000000
+MotionDetectionSensitivity=90
+MotionDetectionScheduleMode=0
+MotionDetectionScheduleDay=
+MotionDetectionScheduleTimeStart=00:00:00
+MotionDetectionScheduleTimeStop=00:00:00
+# SoundDetection #
+SoundDetectionEnable=0
+SoundDetectionDB=90
+SoundDetectionScheduleMode=0
+SoundDetectionScheduleDay=
+SoundDetectionScheduleTimeStart=00:00:00
+SoundDetectionScheduleTimeStop=00:00:00
+# DLink15 #
+DLink15Register=0
+DLink15Enable=1
+DLink15Remote=0
+DLink15Argv1=1
+# PanTilt #  ### Value=PositionName/Pan/Tilt ###
+SetPosition1=
+SetPosition2=
+SetPosition3=
+SetPosition4=
+SetPosition5=
+SetPosition6=
+SetPosition7=
+SetPosition8=
+SetPosition9=
+SetPosition10=
+SetPosition11=
+SetPosition12=
+SetPosition13=
+SetPosition14=
+SetPosition15=
+SetPosition16=
+SetPosition17=
+SetPosition18=
+SetPosition19=
+SetPosition20=
+SetPosition21=
+SetPosition22=
+SetPosition23=
+SetPosition24=
+HomePosition=
+PanSingleMoveDegree=5
+TiltSingleMoveDegree=5
+DwellingTime=5
+PatrolTimes=1
+# Web Language #
+DefaultLanguage=0
+CurrentLanguage=0
+# Day/Night Mode #
+DayNightMode=0
+IRLedScheduleSunStart=00:00
+IRLedScheduleSunEnd=00:00
+IRLedScheduleMonStart=00:00
+IRLedScheduleMonEnd=00:00
+IRLedScheduleTueStart=00:00
+IRLedScheduleTueEnd=00:00
+IRLedScheduleWedStart=00:00
+IRLedScheduleWedEnd=00:00
+IRLedScheduleThuStart=00:00
+IRLedScheduleThuEnd=00:00
+IRLedScheduleFriStart=00:00
+IRLedScheduleFriEnd=00:00
+IRLedScheduleSatStart=00:00
+IRLedScheduleSatEnd=00:00
+# LinknLook #
+#LnLEnable=1
+#LnLLLSrvIP=0.0.0.0
+#LnLLLDomain=cam.linknlook.net
+#LnLLLAudioCodec=5
+#LnLhid=00000000
+#LnLDbgLevel=0
+#LnLDbgSrvIP=0.0.0.0
+#LnLDbgToken=
+#LnLAliasStatus=0
+#LnLAliasName=null
+#LnLLastAliasName=null
+#LnLPxySrvName=null
+#LnLPxySrvPort=8080
+# Facebook #
+#FacebookEmail=
+# Local Recording #
+#LocalRecordPath=
+#LocalRecordMaxTime=5
+# SD Card Recording #
+#SDCardScheduleEnable=0
+#SDCardScheduleMode=0
+#SDCardScheduleDay=
+#SDCardScheduleTimeStart=00:00:00
+#SDCardScheduleTimeStop=00:00:00
+#SDCardScheduleInterval=60
+#SDCardFullAction=0
+#SDCardScheduleEnableVideo=0
+#SDCardScheduleModeVideo=0
+#SDCardScheduleDayVideo=
+#SDCardScheduleTimeStartVideo=00:00:00
+#SDCardScheduleTimeStopVideo=00:00:00
+#SDCardMaxRecordTimeVideo=5
+#SDCardFullActionVideo=0
+#SDCardRecordingFormatVideo=0
+# Cifs Recording #
+#CifsServerFolder=
+#CifsUserName=
+#CifsPassword=
+#CifsScheduleEnable=0
+#CifsScheduleMode=0
+#CifsScheduleDay=
+#CifsScheduleTimeStart=00:00:00
+#CifsScheduleTimeStop=00:00:00
+#CifsMaxRecordTime=5
+#CifsFullAction=0
+# OSD #
+OSDEnable=0
+OSDColorY=59
+OSDColorU=99
+OSDColorV=250
+# Bonjour #
+BonjourEnable=1
+BonjourName=DCS-930L
+# Daylight saving time DST #
+DSTEnable=0
+DSTOffset=5
+DSTStartMonth=0
+DSTStartWeek=0
+DSTStartDay=0
+DSTStartTime=0
+DSTEndMonth=0
+DSTEndWeek=0
+DSTEndDay=0
+DSTEndTime=0
+# 3G Internet
+#Internet3GAutoConfig=0
+#Internet3GUserName=
+#Internet3GPassword=
+#Internet3GDialNumber=
+#Internet3GAPN=
+#Internet3GAuthentication=0
+#Internet3GPINCode=
+#Internet3GMTU=1500
+# Upgrade F/W Status
+LastDownloadStatus=0
+# FPS Control
+FPSEnable=0
+# Low Light Control
+LowLightEnable=1
+# H264 Stream Mode
+H264StreamMode=1
+# PT Test
+PTTestTimer=0
+PTTestResultPanLimit=0
+PTTestResultTiltLimit=0
+PTTestResultPanLost=0
+PTTestResultTiltLost=0
+# SSL Certificate
+SSLCertificate1=
+SSLCertificate2=
+# Light Sensor Control
+LightSensorControl=3
+# UPnPuuid
+UPnPuuid=ae67e622-7a66-465e-bab0-00ff32654199

verb/binary/attemp2/fs/cpio/etc_ro/build

@@ -0,0 +1 @@
+1530587680

verb/binary/attemp2/fs/cpio/etc_ro/gensslkey.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+# re-generate SSL Server Keys
+cd /etc_ro
+mkdir /usr/local
+mkdir /usr/local/ssl
+cp openssl.cnf /usr/local/ssl
+openssl genrsa -out serverkey.pem 1024
+openssl req -new -sha256 -x509 -keyout serverkey.pem -out servercert.pem -days 1825 -newkey rsa:1024 -nodes -subj "/C=TW/ST=Taiwan/L=Taipie/O=D-LINK/OU=DHPD Dept./CN=www.dlink.com"
+#export SAN=DNS:127.0.0.1,DNS:Current's IP,DNS=DDNS Host Name
+#openssl req -new -sha256 -x509 -extensions v3_req -keyout serverkey.pem -out servercert.pem -days 1825 -newkey rsa:1024 -nodes -subj "/C=TW/ST=Taiwan/L=Taipie/O=D-LINK/OU=DHPD Dept./CN=www.dlink.com"
+#openssl x509 -text -in /etc_ro/servercert.pem
+cd /

verb/binary/attemp2/fs/cpio/etc_ro/inittab

@@ -0,0 +1,3 @@
+::sysinit:/etc_ro/rcS
+#ttyS1::respawn:/bin/sh
+ttyS1::respawn:/bin/login

verb/binary/attemp2/fs/cpio/etc_ro/linuxigd/upnpd.conf

@@ -0,0 +1,75 @@
+# To change the interfaces used edit:
+#   /etc/sysconfig/upnpd
+
+#
+# The full path and name of the iptables executable,
+# (enclosed in quotes).
+#
+iptables_location = "/bin/iptables"
+
+#
+# Daemon debug level. Messages are logged via syslog to debug.
+# 0 - no debug messages
+# 1 - log errors
+# 2 - log errors and basic info
+# 3 - log errors and verbose info
+# default = 0
+debug_mode = 2
+
+#
+# Should the daemon insert rules in the forward chain
+# This is necessary if your firewall has a drop or reject
+# policy in your forward chain.
+# allowed values: yes,no
+# default = no
+insert_forward_rules = yes
+
+#
+# The name of the chain to put the forward rules in.
+# This directive is only activ if "insert_forward_rules = yes"
+# above.
+# allowed values: a-z, A-Z, _, -
+# default = FORWARD
+#
+forward_chain_name = FORWARD
+
+#
+# The name of the chain to put prerouting rules in.
+# allowed values: a-z, A-Z, _, -
+# default = PREROUTING
+prerouting_chain_name = PREROUTING 
+
+#
+# The internet line upstream bit rate reported from
+# the daemon. Value in bits per second
+# default = 0
+upstream_bitrate = 800000000
+
+#
+# The internet line downstream bit rate reported from
+# the daemon. Value in bits per second
+# default = 0
+downstream_bitrate = 800000000
+
+#
+# The default duration of port mappings, used when the client
+# doesn't specify a duration.
+# Can have the following values:
+# 0 - no default duration specified
+# seconds | HH:MM - duration from the time of addition
+# @seconds | @HH:MM - expire mapping at the specified time of day
+# default = 0
+duration = 86400 # One day
+
+# The name of the igd device xml description document
+# default = gatedesc.xml
+description_document_name = gatedesc.xml
+
+# The path to the xml documents
+# Do not include the trailing "/"
+# default = /etc/linuxigd
+# WARNING! The make install does put the xml files
+# in /etc/linuxigd, if you change this variable
+# you have to make sure the xml docs are in the
+# right place
+xml_document_path = /etc/linuxigd

verb/binary/attemp2/fs/cpio/etc_ro/lld2d.conf

@@ -0,0 +1,3 @@
+icon = /etc_ro/icon.ico
+jumbo-icon = /etc_ro/icon.large.ico
+wl-interface = ra0

verb/binary/attemp2/fs/cpio/etc_ro/motd

@@ -0,0 +1,9 @@
+Welcome to
+     _______  _______  ___     __  ____   _  _   ___
+    |  ___  \|   __  ||   |   |__||    \ | || | /  /
+    | |___| ||  |__| ||   |__  __ |     \| || |/  /
+    |   _   /|   _   ||      ||  || |\     ||     \
+    |__| \__\|__| |__||______||__||_| \____||_|\___\
+
+   	             =System Architecture Department=
+

verb/binary/attemp2/fs/cpio/etc_ro/openssl.cnf

@@ -0,0 +1,315 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+SAN				= "DNS:127.0.0.1"
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= /etc_ro		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = ${ENV::SAN}
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

verb/binary/attemp2/fs/cpio/etc_ro/rcS

@@ -0,0 +1,64 @@
+#!/bin/sh
+
+file_nvramd=/var/run/nvramd.pid
+
+mount -a
+mkdir -p /var/run
+cat /etc_ro/motd
+
+# generate Dev Node
+# Linux 2.6 uses udev instead of devfs, we have to create static dev node by myself
+###mounted=`mount | grep mdev | wc -l`
+###if [ $mounted -eq 0 ]; then
+###mount -t ramfs mdev /dev
+###mkdir /dev/pts
+###mount -t devpts devpts /dev/pts
+mdev -s
+###fi
+
+###mknod   /dev/spiS0       c       217     0
+###mknod   /dev/i2cM0       c       218     0
+###mknod   /dev/rdm0        c       254     0
+###mknod   /dev/flash0      c       200     0
+###mknod   /dev/swnat0      c       210     0
+###mknod   /dev/hwnat0      c       220     0
+###mknod   /dev/acl0        c       230     0
+###mknod   /dev/ac0         c       240     0
+###mknod   /dev/mtr0        c       250     0
+###mknod   /dev/gpio        c       252     0
+###mknod   /dev/PCM         c       233     0
+###mknod   /dev/I2S         c       234     0
+
+echo "# <device regex> <uid>:<gid> <octal permissions> [<@|$|*> <command>]" > /etc/mdev.conf
+echo "# The special characters have the meaning:" >> /etc/mdev.conf
+echo "# @ Run after creating the device." >> /etc/mdev.conf
+echo "# $ Run before removing the device." >> /etc/mdev.conf
+echo "# * Run both after creating and before removing the device." >> /etc/mdev.conf
+echo "sd[a-z][1-9] 0:0 0660 */sbin/automount.sh \$MDEV" >> /etc/mdev.conf
+echo "sd[a-z] 0:0 0660 */sbin/automount.sh \$MDEV" >> /etc/mdev.conf
+
+#enable usb hot-plug feature
+echo "/sbin/mdev" > /proc/sys/kernel/hotplug
+
+nvram_daemon &
+#sleep 9	#change from 3 to 9 sec. -> wait prepareSSLKey() on nvram_daemon() when on f/w upgrade or factory reset case.
+
+while [ 1 ]
+do
+    if [ ! -e $file_nvramd ]; then
+        echo "wait nvram_daemon ..."    
+        sleep 2
+        continue
+    fi
+    break
+done
+
+internet.sh
+
+#for telnet debugging
+#security issue - don't run telnetd here -- andy 2012-07-03
+#telnetd
+
+#for syslogd
+mkdir -p /var/log
+

verb/binary/attemp2/fs/cpio/etc_ro/release

@@ -0,0 +1 @@
+2018-07-03

verb/binary/attemp2/fs/cpio/etc_ro/servercert.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCApSgAwIBAgIJALg9lakRdkkkMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
+BAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xDzANBgNVBAcTBlRhaXBlaTEPMA0GA1UE
+ChMGRC1MaW5rMRMwEQYDVQQLEwpESFBEIERlcHQuMRYwFAYDVQQDEw13d3cuZGxp
+bmsuY29tMB4XDTEzMDgxNjAxMDgwN1oXDTE4MDgxNTAxMDgwN1owbTELMAkGA1UE
+BhMCVFcxDzANBgNVBAgTBlRhaXdhbjEPMA0GA1UEBxMGVGFpcGVpMQ8wDQYDVQQK
+EwZELUxpbmsxEzARBgNVBAsTCkRIUEQgRGVwdC4xFjAUBgNVBAMTDXd3dy5kbGlu
+ay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMcIBnEnazzeN7juQhga
+fI/L/ECqqNOdOu/DZSLgZA0Zyh1qMb+Pr7IWYYHp9SicBKnzDuYMTEOglbJMlfwi
+ZMR4RQAZZ5fRRJPPsn8xNiR4Pu3e7S0sXTP1A/rM+fgbpjdnGVTtWSHM4JChgji6
+dH8T5El2PWY96uj0LdIhBEgVAgMBAAGjgdIwgc8wHQYDVR0OBBYEFHHNq2mugFMp
+0oCRhAX+ka4J5O8aMIGfBgNVHSMEgZcwgZSAFHHNq2mugFMp0oCRhAX+ka4J5O8a
+oXGkbzBtMQswCQYDVQQGEwJUVzEPMA0GA1UECBMGVGFpd2FuMQ8wDQYDVQQHEwZU
+YWlwZWkxDzANBgNVBAoTBkQtTGluazETMBEGA1UECxMKREhQRCBEZXB0LjEWMBQG
+A1UEAxMNd3d3LmRsaW5rLmNvbYIJALg9lakRdkkkMAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADgYEAw/gEvPo2TwTRsMHaL3R5onuT50lCJZcQ5L+pfXWPlt52
+1CFMRFXa4xrIvabG6k/lFAN1ppQTg73rKwDxASWyLVKfYOCs/urR+CHvlqWFlMrH
+uR64LwxFnFcIEPr2AAHPXYbQlrsiG0vXc4Je9OysTQ36vwHedmt4BTMHS8sE2As=
+-----END CERTIFICATE-----

verb/binary/attemp2/fs/cpio/etc_ro/serverkey.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDHCAZxJ2s83je47kIYGnyPy/xAqqjTnTrvw2Ui4GQNGcodajG/
+j6+yFmGB6fUonASp8w7mDExDoJWyTJX8ImTEeEUAGWeX0USTz7J/MTYkeD7t3u0t
+LF0z9QP6zPn4G6Y3ZxlU7VkhzOCQoYI4unR/E+RJdj1mPero9C3SIQRIFQIDAQAB
+AoGAdqJ59Iiiiy2J2VlrXCKtjKjyOzl+WGSn9LJrXlaSTJzKtK3P6XckKurcRCvI
+TeRxgzu17bn223ikwhqUbC20Ebn7YoPJcx1jCi22Hg/Jo73PYGd0Q6mDoVvBgp1I
+NGNtLjGNcj27+lLsoti899wWYtvXiUXxzh65qedwvlD47yECQQD1JCHDD1L9BVPD
+zyb4QpEInBJq4Va2RAOEkNKvKhUNKLj1MDIvN+0c8lyfm1ml9BH8kmPq4z/NkG5c
+Jc9wzBpDAkEAz9kDq6tsyTJ1/RoNr3AebFAWSKigNtLrIpPG32fcer3CME0JS3vn
+XWrjf0FolrBZ42bVd0Ck44lYJGmyQSHKxwJAIpp2FZW9LjApUdOU+ahT1rZJN0MV
+vWa+ZGEZDFbRX+kmqp2iB95KHzLq9jC0p+NbAp8bcZWgdQD1QxanQJHfBwJBAKVC
+G1UHe/uND5sqd+8h6k6cbttel+R/V02qydkfr4I4Fopo9hb6cT8pmbC4xPvrQ803
+GkszLudrcJWjJIP85kkCQAIXSTvC1QGzKIQOkfRDvuYO+CiV0hEYn+mnq3owCt/W
+1iKgGXs+3RSaPHT+Ol7GMyNefOeW3deBNH07oa2Il7U=
+-----END RSA PRIVATE KEY-----

verb/binary/attemp2/fs/cpio/etc_ro/web/cgi/audiocfg.cgi

@@ -0,0 +1,2 @@
+AudioEnable=%%AudioEnable();%%
+AudioVolume=%%AudioVolume();%%

verb/binary/attemp2/fs/cpio/etc_ro/web/cgi/cgiversion.cgi

@@ -0,0 +1 @@
+CGIVersion=%%CGIVersion();%%

verb/binary/attemp2/fs/cpio/etc_ro/web/cgi/common.cgi

@@ -0,0 +1,17 @@
+model=%%ModelName();%%
+brand=%%Company();%%
+version=%%FirmwareVersion();%%
+build=%%FirmwareVersion(2);%%
+hw_version=%%HardwareVersion(2);%%
+name=%%CameraName();%%
+location=%%Location();%%
+macaddr=%%MACAddress(2);%%
+ipaddr=%%CurrentIPAddress();%%
+netmask=%%CurrentSubnetMask();%%
+gateway=%%CurrentDefaultGateway();%%
+wireless=%%WirelessSupport();%%
+ptz=%%PTZSupport();%%
+inputs=0
+outputs=0
+speaker=no
+videoout=no

verb/binary/attemp2/fs/cpio/etc_ro/web/cgi/datetime.cgi

@@ -0,0 +1,17 @@
+DateTimeMode=%%DateTimeMode();%%
+TimeServerIPAddress=%%TimeServerIPAddress();%%
+TimeServerProtocol=%%TimeServerProtocol();%%
+TimeZone=%%TimeZone();%%
+TimeZoneIndex=%%TimeZoneIndex();%%
+Date=%%Date();%%
+Time=%%Time();%%
+DSTEnable=%%DSTEnable();%%
+DSTOffset=%%DSTOffset();%%
+DSTStartMonth=%%DSTStartMonth();%%
+DSTStartWeek=%%DSTStartWeek();%%
+DSTStartDay=%%DSTStartDay();%%
+DSTStartTime=%%DSTStartTime();%%
+DSTEndMonth=%%DSTEndMonth();%%
+DSTEndWeek=%%DSTEndWeek();%%
+DSTEndDay=%%DSTEndDay();%%
+DSTEndTime=%%DSTEndTime();%%