Decrypting D-Link Encrypted Firmware (SHRS)
Introduction D-Link firmware with SHRS magic bytes contain firmware encrypted using AES 128 CBC with key as 0xC05FBF1936C99429CE2A0781F08D6AD8. Original firmware can be obtained by extracting the encrypted block from the firmware and then decrypting using this key. Header Structure Header structure of firmware along with corresponding values for a sample firmware DIR-867_FW1.30B07.bin is given in table. Offset Size (Bytes) Item Value (DIR-867_FW1.30B07) 0 4 Magic Bytes SHRS 4 4 Decrypted FW Size 0x9D2AF9 8 4 Encrypted Block Size 0x9D2B00 0xC 16 IV 0x67C6697351FF4AEC29CDBAABF2FBE346 0x1C 64 SHA512(Decrypted FW + Key) 0x7139.......AA94 0x5C 64 SHA512(Decrypted FW) 0xDAC3.......5DA7 0x9C 64 SHA512(Encrypted Block) 0x7D3F.......12D2 0xDC 512 Unused 00