[OpenWrt-Devel] TP-Link v3 header format description
Mathias Kresin
openwrt at kresin.me
Sat Aug 15 05:58:01 EDT 2015
Am 14.08.2015 um 04:39 schrieb Yousong Zhou:
>
> Never played with tplink's v3 header. But I found on other devices
> that the RSA2048-SHA1 implementation there was flawed in that it used
> pubkeys from firmwares to verifying signatures. Hmm, is it possible
> that this v3 header from tplink also has such vulnerability?
>
Unfortunately, the pubkey isn't stored along with the signature in the
firmware update file. The pubkey is read from the file lib/libcmm.so of
the running firmware during image validation.
Mathias
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list