Thursday, October 27, 2016

Unlocking tp-link router TD-8961ND(it)


With the DirtyCow out on the wild, I decided to check if my route is part of the botnet that brought the internet down last week.  My router is an "italian" tp-link TD-8961ND v3 that tiscalli served me, 4 years ago with a firmware from 2011!. Of course it was "locked", in the sense that it rejected any new firmware-images.  In the end I managed to unlock and update it, not something fancy with JTAGs etc, but simply by setting the Certificate Authority from the "customer CA" to the "trendchip CA" with this command:

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

Password: *****
Copyright (c) 2001 - 2015 TP-LINK TECHNOLOGIES CO., LTD.
TP-LINK> sys cwmp ca
usage:sys cwmp ca  [0|1|2|display]
0: Use trendchip CA.
1: Use UNH CA.
2: Use Other Customer CA, You can download it.
display: Display the Customer's CA.
Current used CA is: 2.
TP-LINK> sys cwmp ca 0
TP-LINK> 

Note that I had to apply firmware versions one-after-the-other - not go directly to the final one.