[OpenWrt-Devel] TP-Link v3 header format description

Mathias Kresin openwrt at kresin.me
Sat Aug 15 05:58:01 EDT 2015

Am 14.08.2015 um 04:39 schrieb Yousong Zhou:
> Never played with tplink's v3 header.  But I found on other devices
> that the RSA2048-SHA1 implementation there was flawed in that it used
> pubkeys from firmwares to verifying signatures.  Hmm, is it possible
> that this v3 header from tplink also has such vulnerability?
Unfortunately, the pubkey isn't stored along with the signature in the 
firmware update file. The pubkey is read from the file lib/libcmm.so of 
the running firmware during image validation.

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list