This is a python script that decompresses the rom-0 configuration for ZTE, TP-Link, ZynOS, and Huawei.
edbc541d4fd6a39f2011f02eae1cc09eeb4360235f4ccb2da21bb4abd9720abc
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Title: ZTE, TP-Link, ZynOS, Huawei rom-0 Configuration Decompressor
# Author: Osanda Malith Jayathissa (@OsandaMalith)
# Special thanks to Nick Knight
# Use this for educational purposes only
# Author takes no responsibility for any damage you cause
from __future__ import print_function
import re
import collections
import unicodedata
class BitReader:
def __init__(self, bytes):
self._bits = collections.deque()
for byte in bytes:
byte = ord(byte)
for n in xrange(8):
self._bits.append(bool((byte >> (7-n)) & 1))
def getBit(self):
return self._bits.popleft()
def getBits(self, num):
res = 0
for i in xrange(num):
res += self.getBit() << num-1-i
return res
def getByte(self):
return self.getBits(8)
def __len__(self):
return len(self._bits)
class RingList:
def __init__(self, length):
self.__data__ = collections.deque()
self.__full__ = False
self.__max__ = length
def append(self, x):
if self.__full__:
self.__data__.popleft()
self.__data__.append(x)
if self.size() == self.__max__:
self.__full__ = True
def get(self):
return self.__data__
def size(self):
return len(self.__data__)
def maxsize(self):
return self.__max__
def __getitem__(self, n):
if n >= self.size():
return None
return self.__data__[n]
print ('''[+] ZTE, TP-Link, ZynOS, Huawei rom-0 Configuration Decompressor
[+] Author: Osanda Malith Jayathissa
[+] Special thanks to Nick Knight
''')
print ('[*] Opeining rom-0 file')
fpos=8568
fend=8788
fhandle=file('rom-0')
fhandle.seek(fpos)
chunk="*"
amount=221
while fpos < fend:
if fend-fpos < amount:
amount = amount
data = fhandle.read(amount)
fpos += len(data)
reader = BitReader(data)
result = ''
window = RingList(2048)
while True:
bit = reader.getBit()
if not bit:
char = reader.getByte()
result += chr(char)
window.append(char)
else:
bit = reader.getBit()
if bit:
offset = reader.getBits(7)
if offset == 0:
break
else:
offset = reader.getBits(11)
lenField = reader.getBits(2)
if lenField < 3:
lenght = lenField + 2
else:
lenField <<= 2
lenField += reader.getBits(2)
if lenField < 15:
lenght = (lenField & 0x0f) + 5
else:
lenCounter = 0
lenField = reader.getBits(4)
while lenField == 15:
lenField = reader.getBits(4)
lenCounter += 1
lenght = 15*lenCounter + 8 + lenField
for i in xrange(lenght):
char = window[-offset]
result += chr(char)
window.append(char)
def filter_non_printable(str):
return ''.join([c for c in str if ord(c) > 31 or ord(c) == 9])
def regex(path, text):
match = re.search(path, text)
if match:
return match.group()
else:
return None
print (('[+] Dump: \r\n{0}\r\n').format(result))
result = filter_non_printable(result).decode('unicode_escape').encode('ascii','ignore');
print (('[+] Filtered Strings: {0}\n').format(result))
if 'TP-LINK' in result:
result = ''.join(result.split()).split('TP-LINK', 1)[0] + 'TP-LINK';
result = result.replace("TP-LINK", "")
result = result[1:]
if 'ZTE' in result:
result = ''.join(result.split()).split('ZTE', 1)[0] + 'ZTE';
result = result.replace("ZTE", "")
result = result[1:]
if 'tc160' in result:
result = ''.join(result.split()).split('tc160', 1)[0] + 'tc160';
result = result.replace("tc160", "")
result = result[1:]
print (('[~] Router Password is: {0}').format(result))