Asus rt-ax53u mtd partitions integrity

Hi there!

I just successfully installed version 23.05.2 of openwrt onto my asus rt-ax53u.

However while doing so I might have accidentally exposed password-less root ssh and luci interface on a relatively insecure LAN (shared with neighbors, who knows how many of their devices are actually bots :D). Therefore I re-flashed the router just to be on the safer side (without keeping config).

However I was wondering, if a malware would have got root ssh access, what would stop it from overwriting the boot partition with something that ensures persistence even in the case of a firmware re-flash?

Albeit unlikely, I guess a similar attack is theoretically possible.

Therefore is there a way to verify the integrity of MTDs partitions? I see that my bootloader is u-boot, which is an open source project. Do you think it is possible for me to reproduce the exact same build contained in my router and compare checksums? Has anyone done something similar before?

Additionally, here are sha256sums of my MTDs backups of a freshly installed 23.05.2:

e0c84c42ede5e0701e0d6368e6eabecd835ffeacd8cb2e9bf0e23d5382d023a8  OpenWrt.mtd0.bin (u-boot)
c97fce784428a2e10cd6d4ef97ccc756f2e4c1b146a9b9dc5415d4e3e245b70a  OpenWrt.mtd1.bin (u-boot-env)
8e6e5d7f27e6b96addadd872eed9bbc75aa1ea317a335b02b3df482947b87054  OpenWrt.mtd2.bin (nvram)
8b0f36f505e6da934a1aea77dffa818291b3fdc90a91d18f2d5b8c01de405c21  OpenWrt.mtd3.bin (factory)
8b0f36f505e6da934a1aea77dffa818291b3fdc90a91d18f2d5b8c01de405c21  OpenWrt.mtd4.bin (factory2)
5be9cbf53649e326b345c5c8cd16a40bf7ed07acfc52cf711ebaccf9f4752247  OpenWrt.mtd5.bin (firmware)
92d4140335b7cb57d89c7e87cf07f509d1787e435923ed4a9a6dd42d00d20250  OpenWrt.mtd6.bin (kernel)
839ef4b6955d0309b861102ae8ae824feeef9a26e43c0b538eeb75640b190c10  OpenWrt.mtd7.bin (ubi)
5df3819981f7daaa1a4f25a7a50ca4a6bfb5e4856e3aa927c3d62fbb74be4454  OpenWrt.mtd8.bin (firmware2)
cb0851a519c233cf003a7d4807fac046d4bd5d0bdc104c6d7b5f9b617fe3a376  OpenWrt.mtd9.bin (jffs2)

If someone else has the same router, I guess at least some of the mtds hashes should match (excluding the ones where the router configuration is stored).

All this of course assuming that the "alleged malware" is not smart enough to provide fake MTDs dump that actually do not coincide with what is being ran :smiley: