I do it in an informal way
(Because of solder workstation failure and no corresponding FLASH programmer)
Suggest not to follow up
You need a FLASH programmer and solder workstation
yer they do take a while the newer the longer
I see the OEM firmware was based off LEDE
so I imagine a lot has changed
Awesome, turns out DIR-X3260 seems to use the same image format as COVR-X1860 
There is a binary /bin/imgdecrypt which is called by prog.cgi (web update), fota (auto-update) and - first time I see this with a router 
- ble_agent, so it seems we will finally be able to flash devices via bluetooth one day....
The binary imports dimgKey() from libcommon.so , which reads /etc/enk.txt (contents are different than for COVR-X1860), and performs some base64 "deinterleaving" magic... After all, this may need some time to further evaluate...
By the way, did you happen to find any way of accessing the shell on the OEM firmware on this device? Would be so cool to call the imgdecrypt binary, just to see the AES key printed to stdout 
@s_2 sorry not much input to bring here but just to point out that if you download the source code provided above you should find a few keys in one of the folder (I have no idea if that would help).
I also found the u-boot source code and dlink left the mt7621 uboot source (seems like a new version rather than the old one used in the DIR routers). It did work on my mt7621 device with a lot of features (and a different way to boot).
There is also a nice document to explain some of the main options. This is obviously not to be used by everyone as you get one shot each time (I do have an in circuit NAND programmer so I just rewrite original u-boot).
That was indeed more than expected, thanks 
Hopefully useful for other devices as well, last time I checked there were no GPL sources available for COVR-X1860... (only X1870 which is Broadcom).
Will need some time to verify and further investigate though...
now I know why I kept getting confused I was looking up DIR-x1860
doh COVR-X1860 is a different thing all together
yup, there is also DAP-X1860, a wall-plug repeater with MT7621, but seemingly neither from SGE nor Alpha Networks. Yet another Image format, encrypted.< made by Edimax, using the ELX image format like other new DAP devices (probably not encrypted... but there's no iamge available by now).
And of course DWA-X1850, worlds first USB 3.0 ax adapter, with Realtek RTL8832AU 
2 Likes
Hello all!
Sorry for the question, OpenWRT n00b here (I just have 1 device with it as of now) - was wondering, after reading all your comments ... whether or not this device can run OpenWRT; or will it be able to run it one day?
I understand it's good news it's based off Mediatek chipsets - but I also seem to understand it's complicated to dump the existing firmware and finally I'm not sure whether or not it can run "non official" firmwares.
Thanks in advance for clarifications! - looking at this offer: https://www.bestbuy.ca/en-ca/product/d-link-wireless-ax3200-dual-band-wi-fi-6-router-dir-x3260/15472215
nevermind, I just ordered https://www.bestbuy.ca/fr-ca/produit/routeur-sans-fil-wi-fi-5-bibande-ac1750-max-stream-de-linksys-ea7300-ca/12568069 - people seem to be able to run openwrt on it
Currently I am using the E8450 openwrt firmware with no modifications at all
(UBI partition includes U-BOOT dedicated to E8450 UBI partition)
X3260 can be started
Does this help with running openwrt on this machine?
Because I have a headache about doing anything on the original D-link encrypted firmware
(includes dual boot partition and firmware verification)
I want to just skip that shit
Where did you find the DIR-X3260 firmware back then?
I spent a little more time fumbling with dimgKey() and the interleaving etc., I think I can at least decrypt these now, i.e. I successfully decrypted COVR-X1860 firmware, but it seems we don't have the RSA key yet (however recovery flashing ought to be possible). Haven't checked the .pem file from X3260 source, but that GPL Code was still a great help in verifying the deinterleaving process for keys generation from /etc/enk.txt 
Basically, instead of the key1, key2 and iv hardcoded values to decrypt the actual key (that encrypts the image data itself), called vendor key in my version of dlink-sge-image.c, this key is derived from enk.txt, which is base64 decoded and then a few bytes will be swapped, according to a pattern hardcoded in libcommon.so, in blocks of 8 bytes.
While COVR-X1860 uses actual/vendor key he9-4+M!)d6=m~#$, it should be rt9-4%^+M!)d6=m~ for X3260, just as found in the GPL source (key.txt). This should allow you to decrypt it (i.e. overwrite vendor_key in main() at line 342: https://github.com/openwrt/openwrt/pull/4174/files#diff-513418fa7418f34ce09356a09cdd05145b324b70f5020b07936e5f0c38a06ebfR342)
Now I just need an OEM firmware to verify this, could not find any on various D-Link FTPs 
Did you try the dlink GPL website? It looks like it's got 3 versions of it (not sure if that's what you are after). Plus source code as a bonus.
I have the GPL code (including the keys), now I just can't find the encrypted OEM firmware download from D-Link 
I see that @Lucky1 had a DIR-X3260 folder his server back then, but it's 404 now.
// edit: Sorry, I really hadn't expected the actual firmware to be available from the GPL website as well, should have read "plus source code as a bonus" more precisely
Nevermind, I found the firmware on the Australian website, it's neither on the German nor US ftp:
http://files.dlink.com.au/products/DIR-X3260/REV_A/Firmware/DIRX3260A1_FW101B05/
Looks good so far, i.e. bootloader flashing should be possible, as long as the device responds to reset button pressed during power-on
DIRX3260A1_FW101B05_decrypted.bin
COVR-X1860_RevA_Firmware101b05_decrypted.bin
Hey guys, was just wondering if any progress was made by anyone?
The factory image encryption is supported in OpenWrt firmware-utils already, it was introduced while adding support for COVR-X1860, using the tool dlink-sge-image.
Now someone who owns this device would need to create a working .dts and try to build an image from it, personally I do not yet own this router.