TL-WR1043ND Mass Firmware Flashing (DD-WRT/OpenWRT)

With the latest version of the stock TP-Link TL-WR1043ND firmware it changed its way of authenticating users to the router’s administration page, from Basic AUTH to Form base authentication. This meant that the previous solution for mass flashing these routers from stock to 3rd party wasn’t the same.
Old way : http://wiki.openwrt.org/toh/tp-link/tl-wr1043nd#oem.mass.flashing

After further examing the new firmware’s GUI it seemed they now added two new variables to the authentication process. Variable cmp and session.

My task was to find a way to mass flash many of these as fast as possible, I wrote a small bash script that would do just that. All you need to do is save this script as something like “script.sh” and run through CLI

sh script.sh factory-to-ddwrt.bin

Cookie explanation:

Cookie is composed of a base64-URLEncoded username and password

cookie = "Authorization="+URLencode("Basic "+BASE64("admin:admin"))+";domain=192.168.1.1;path=/";

Script

#!/bin/bash

curl -v
--cookie "Authorization=Basic%20YWRtaW46YWRtaW4%3D;domain=192.168.1.1;path=/"
--header "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0"
http://192.168.1.1 > "first_output.txt"

cmp = `sed -n 18p "first_output.txt" | awk -F '"' '{print $2}'`
session = `sed -n 18p "first_output.txt" | awk -F '"' '{print $4}'`

curl -v
--cookie "Authorization=Basic%20YWRtaW46YWRtaW4%3D;domain=192.168.1.1;path=/"
--header "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0"
--referer 'http://192.168.1.1/userRpm/SoftwareUpgradeRpm.htm'
--form "Filename=@$1" -F 'Upgrade=Upgrade' -F 'cmp=$cmp' -F 'session=$session'
http://192.168.1.1/incoming/Firmware.htm > /dev/null

sleep 1

curl -v
--max-time 2
--cookie "Authorization=Basic%20YWRtaW46YWRtaW4%3D;domain=192.168.1.1;path=/"
--header "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0"
--referer 'http://192.168.1.1/incoming/Firmware.htm'
http://192.168.1.1/userRpm/FirmwareUpdateTemp.htm > /dev/null

Read More