Amtec (ElsagDatamag) Argo 55/95 – Take 6: Uncompress rg_conf —
Just a quick one (thanks to purputy for pointing this out): the two configuration areas of the flash we dumped in the previous post are compressed with the deflate algorithm, and it’s quite easy to extract them.
I’ve made up a quick’n’dirty script (in php, forgive me, just because the gzinflate function was quicker to use) that you can call from command line with:
php conf_inflate.php <conf_dump> <dest_file>
In <dest_file> you’ll have the configuration in plain text.
You can get the script here.
Categorised as: Hacking
Hello Bano. As you probably knows, Fastweb have blocked connection from public IP and for internal IP so we can’t log on our Argo anymore. Do you know any workaround? Thankx.
Hi Derring,
yes, apparently Fastweb delivered an updated configuration. My router is still reachable (this seems to indicate that the hardening strategy is more or less working, at least), so I’d need someone with the new configuration and an RS232-TTL converter, that accesses to the router via the serial port and gets the new config. Having that, restore the access to the webinterface *should be* a relatively easy task – I hope.
They also did a reset of the router to the default config. So they deleted any personal config I did apply to the router (first of all, I turned upnp on and configured more than 25 ports forwarding).
Yep, they probably provisioned a new default configuration.
As I wrote, from my point of view, the easiest solution is try to access via serial port. Do you have a backup of your previous configuration?
Sadly I don’t have any backup :-(
And I also can’t turn off the router to access the internal serial port.
Hi Bano,
congratulations for the good job!
I’m in the same situation of DERRING but I have a backup of the configuration (before the update). Now there are no way to access into web interface :(
You said to gets the new config with TTL, but how (which shell commands)? and then how to upload the new modified config?
Thanks a lot!
Hi Marco,.
the commands you should look for are ‘conf upload’ and ‘conf download’, that simply gets and puts the config file via tftp. You should put online a tftp server (you can use, for example, the usual http://tftpd32.jounin.net/), and fetch the configuration with conf upload
Let me know it you need a more detailed description of the process.
I’m tempted to try to gain access again and hardening the router. Do I have to turn off and put the router offline in the same time I connect a serial cable to the port? I’m also not sure which cable use: I do have some console cables from old routers (mostly ZyXEL console port) then I’m not sure if they will work.
Err… no, a console cable isn’t going to help. Please take the time to read this post: http://goo.gl/LnN0m
In brief, you’ll need an RS232 – TTL adapter, otherwise you can seriously damage the router. If you don’t want to buy an adapter, you can also use, for example, a serial cable from an old cellphone (e.g. the DKU-5 from Nokia).
Hi Bano,
i have an argo 55+ and this week-end i want try to follow your way.
Is possible to have a detailed description of the process?
Thank You,
i will let you know
Hi masilu,
unfortunately right now the only way we have is downgrade the firmware… but I haven’t a valid firmare for the Argo 55+.
I’ve detailed the steps for the downgrade here: http://lab.algasystems.net/2012/03/amtec-elsagdatamag-argo-5595-take-8-firmware-downgrade/
As soon as I have a firmware for the 55+ I’ll update the post.
Ok. The problem is when you power off and then you restart the router. Each time he downloads the configuration from the server of Fastweb. So every time you have to enter the serial for the remake access to the WebConfig.
Must somehow make the change, ultimately.
I’d like to stress a bit on this: I’m pretty confident that, if you regain access to the web interface, and apply the steps described here
http://lab.algasystems.net/2012/01/amtec-elsagdatamag-argo-5595-take-4-hardening/
your configuration is safe also after a reboot – at least, mine hasn’t been touched right now.