dumpkeys.c | Dump RIP key on Thomson routers

1. /**
2. * The MIT License:
3. *
4. * Copyright (c) 2012 Kevin Devine, James Hall
5. *
6. * Permission is hereby granted, free of charge, to any person obtaining a
7. * copy of this software and associated documentation files (the "Software"),
8. * to deal in the Software without restriction, including without limitation
9. * the rights to use, copy, modify, merge, publish, distribute,
10. * sublicense, and/or sell copies of the Software, and to permit persons to
11. * whom the Software is furnished to do so, subject to the following
12. * conditions:
13. *
14. * The above copyright notice and this permission notice shall be included in
15. * all copies or substantial portions of the Software.
16. *
17. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
22. * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
23. * OTHER DEALINGS IN THE SOFTWARE.
24. */
25. #include <stdio.h>
26. #include <stdlib.h>
27. #include <string.h>
28. #include <fcntl.h>
29. #include <unistd.h>
30. #include <sys/ioctl.h>
31.  
32. #define PROM_READ 0xC0044400
33. #define RIP_KEY_LEN 32
34. #define READ_RIP_KEY 263
35.  
36. typedef struct _ROM_DATA {
37. size_t size;
38. int code;
39. unsigned char data[1024];
40. } ROM_DATA, *PROM_DATA;
41.  
42. int main(void) {
43. int rip, ret, i;
44. ROM_DATA rom_dta;
45. FILE *out
46.  
47. rom_dta.size = sizeof(rom_dta.data);
48. rom_dta.code = READ_RIP_KEY; // from HomeHub 2
49.  
50. memset(rom_dta.data, 0, sizeof(rom_dta.data));
51.  
52. rip = open("/dev/nmon/rip", O_RDWR);
53.  
54. if (rip < 0) {
55. printf("\nCan't open Remote Inventory PROM device.\n");
56. return 0;
57. }
58.  
59. ret = ioctl(rip, PROM_READ, &rom_dta);
60.  
61. printf("\nioctl() returned %08x - %s - Data Size = %i",
62. ret, (ret == 0) ? "OK" : "ERROR", rom_dta.size);
63.  
64. if (ret == 0 && rom_dta.size == RIP_KEY_LEN) {
65.  
66. printf("\nRIP Key = ");
67.  
68. for (i = 0;i < RIP_KEY_LEN;i++) {
69. printf("%02x", rom_dta.data[i]);
70. }
71.  
72. out = fopen("ripkey.bin", "wb");
73.  
74. if (out != NULL) {
75. printf("\n\nSaving data to ripkey.bin...");
76. fwrite(&rom_dta.data, 1, sizeof(rom_dta.data), out);
77. fclose(out);
78. printf("done.\n");
79. } else {
80. printf("\nUnable to save data to file.\n");
81. }
82. } else {
83. printf("\nError reading data from Remote Inventory PROM device.\n");
84. }
85. close(rip);
86. return 0;
87. }