(04-22-2025, 05:10 PM)soxrok2212 Wrote: This is a Flattened Image Tree (FIT) image. It uses the same structure as a standard device tree, but it is used to pack together a kernel, device tree, rootfs and device config into a single image. The integrity check you are referring to is not something that can be cracked/bruteforced. It is a sum across the component (kernel, rootfs, etc) to ensure nothing was modified or corrupted.
I do have a NAND dump of both a g1100 and a g3100, but I don't think I have the physical devices any more.
HOWEVER, I will tell you that it is possible to glitch the bootloader into giving you a shell; you have to short the data out pin on the flash chip to ground when it loads the bootloader environment from flash, and the short has to be very brief. The trick here is that they left the fallback config built into u-boot. I can't remember exactly what it was that let me in, maybe it was a bootdelay counter, but it is possible.
Be aware that you can damage the flash and/or its contents doing this, but you may be able to get a root shell.
OMG I can’t tell you how happy I am to see you reply to this! I have come across your name in a lot of my research. I have tagged you in my hashkiller post(https://forum.hashkiller.io/index.php?fo...acking.15/, which has just a bit more info.
Great to hear that you think the glitch will work, I actually just read about that today and it was the next thing on my list to try.
Thanks again for stopping in!
https://openwrt.org/inbox/toh/arcadyan/a...o_cfe_menu