Where are the default credentials coming from?

Installing and Using OpenWrt
1

so,
i wanna know how my router manged to get the default credentials (that sticker in the back) even after i installed a new firmware file, i am new this area, to my knowledge in that firmware bin file it have SquashFS, kernel and the overlay fs. so after i flashed the firmware, passwords should be removed from the system right, but after i do factory reset, my credentials coming back. i wanna know how :frowning:

this is binwalk output from the firmware

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DECIMAL                            HEXADECIMAL                        DESCRIPTION
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
0                                  0x0                                uImage firmware image, header size: 64 bytes, data size: 2191384 bytes, compression: lzma, CPU: MIPS32, OS: Linux, image type: OS Kernel 
                                                                      Image, load address: 0x80001000, entry point: 0x80001000, creation time: 2022-01-12 05:55:32, image name: "MIPS OpenWrt Linux-4.14.148"
2191448                            0x217058                           SquashFS file system, little endian, version: 4.0, compression: xz, inode count: 2680, block size: 1048576, image size: 10493064 bytes, 
                                                                      created: 2022-07-20 19:41:46
12713984                           0xC20000                           JFFS2 filesystem, little endian, nodes: 2257, total size: 3670028 bytes
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Analyzed 1 file for 85 file signatures (187 magic patterns) in 18.0 milliseconds

and this is the partition layout in my router

root@tz:/# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00030000 00010000 "u-boot"
mtd1: 00008000 00008000 "u-boot-env"
mtd2: 00010000 00010000 "factory"
mtd3: 00fb0000 00010000 "firmware"
mtd4: 00217058 00010000 "kernel"
mtd5: 00d98fa8 00010000 "rootfs"
mtd6: 00390000 00010000 "rootfs_data"
mtd7: 00008000 00008000 "tozed-conf"
root@tz:/#

i am sorry if i use wrong terms, i am still learning.
so my suspect is they are storing those default credentials in factory or tozed-conf maybe i am completely wrong. can some one help me to identify this, and if they do, how i can see em? i already have the bin files downloaded.
thank youuu...
:slight_smile:

2

what firmware file ?

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

2 Likes
3

ooh got it...
thank youuu...

i can post the binwalked unpacked firmware files, does that help?
:frowning:

4

that wouldn't be the source code ...

5

As a general comment, manufacturers generally store stuff in ubootenv or a special partition.
I would look there.