Compare commits
28 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
3207b0ccd3 | ||
|
|
65dff5204a | ||
|
|
10349947e6 | ||
|
|
2e7b31abf5 | ||
|
|
32ef5f3aeb | ||
|
|
3ba9e027e3 | ||
|
|
f6fea00c16 | ||
|
391d019a42 | ||
|
|
4c6ab80b09 | ||
|
|
098f967cfd | ||
|
e61c981f84 | ||
|
|
29663ed175 | ||
|
|
fd2baf25a0 | ||
|
|
f65a65e830 | ||
|
|
dc8118e5ab | ||
|
|
9b4d525aa2 | ||
|
|
eef9552fda | ||
|
|
2126382b54 | ||
|
|
a9eef1d574 | ||
|
|
bd097583eb | ||
|
|
23a853d585 | ||
|
|
9b6b8c7e2f | ||
|
|
4c52806821 | ||
|
|
136c1ddcd4 | ||
|
|
e5fb3ff784 | ||
|
|
9dd745578b | ||
|
|
9d06111ac5 | ||
|
|
7fdd5724bb |
15
.github/workflows/mikrotik_patch_6.yml
vendored
15
.github/workflows/mikrotik_patch_6.yml
vendored
@ -17,7 +17,7 @@ env:
|
||||
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
||||
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
||||
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
||||
MIKRO_NPK_SIGN_PUBLIC_LKEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_LKEY }}
|
||||
MIKRO_NPK_SIGN_PUBLIC_KEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_KEY }}
|
||||
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
||||
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
||||
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
||||
@ -221,17 +221,18 @@ jobs:
|
||||
- name: Upload Files
|
||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||
run: |
|
||||
mkdir -p ./publish/$LATEST_VERSION
|
||||
echo $LATEST_VERSION $BUILD_TIME > ./publish/NEWEST6.${{ matrix.channel }}
|
||||
cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||
cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||
sudo apt-get install -y lftp > /dev/null 2>&1
|
||||
sudo mkdir -p ./publish/$LATEST_VERSION
|
||||
echo $LATEST_VERSION $BUILD_TIME | sudo tee ./publish/NEWEST6.${{ matrix.channel }}
|
||||
sudo cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||
sudo cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||
sudo chown -R root:root ./publish/
|
||||
sudo apt-get install -y lftp ssh sshpass > /dev/null 2>&1
|
||||
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
||||
set sftp:auto-confirm yes
|
||||
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
||||
bye
|
||||
EOF
|
||||
|
||||
sshpass -p "${{ secrets.SSH_PASSWORD }}" ssh -o StrictHostKeyChecking=no -p ${{ secrets.SSH_PORT }} ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_SERVER }} "chown -R 32768:32768 /rw/disk/${{ secrets.SSH_DIRECTORY }}/"
|
||||
- name: Clear Cloudflare cache
|
||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||
run: |
|
||||
|
||||
27
.github/workflows/mikrotik_patch_7.yml
vendored
27
.github/workflows/mikrotik_patch_7.yml
vendored
@ -16,7 +16,7 @@ env:
|
||||
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
||||
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
||||
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
||||
MIKRO_NPK_SIGN_PUBLIC_LKEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_LKEY }}
|
||||
MIKRO_NPK_SIGN_PUBLIC_KEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_KEY }}
|
||||
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
||||
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
||||
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
||||
@ -86,6 +86,7 @@ jobs:
|
||||
ARCH='-arm64'
|
||||
echo "ARCH=$ARCH" >> $GITHUB_ENV
|
||||
fi
|
||||
sudo apt-get update > /dev/null
|
||||
|
||||
- name: Cache Squashfs
|
||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||
@ -120,12 +121,12 @@ jobs:
|
||||
sudo mksquashfs option-root option.sfs -quiet -comp xz -no-xattrs -b 256k
|
||||
sudo rm -rf option-root
|
||||
if [ "${{ matrix.arch }}" == "x86" ]; then
|
||||
sudo wget -O cpython-3.11.9.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20240713/cpython-3.11.9+20240713-x86_64-unknown-linux-gnu-install_only.tar.gz
|
||||
sudo wget -O cpython.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20241016/cpython-3.11.10+20241016-x86_64-unknown-linux-musl-install_only_stripped.tar.gz
|
||||
elif [ "${{ matrix.arch }}" == "arm64" ]; then
|
||||
sudo wget -O cpython-3.11.9.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20240713/cpython-3.11.9+20240713-aarch64-unknown-linux-gnu-install_only.tar.gz
|
||||
sudo wget -O cpython.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20241016/cpython-3.11.10+20241016-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz
|
||||
fi
|
||||
sudo tar -xf cpython-3.11.9.tar.gz
|
||||
sudo rm cpython-3.11.9.tar.gz
|
||||
sudo tar -xf cpython.tar.gz
|
||||
sudo rm cpython.tar.gz
|
||||
sudo rm -rf ./python/include
|
||||
sudo rm -rf ./python/share
|
||||
sudo mksquashfs python python3.sfs -quiet -comp xz -no-xattrs -b 256k
|
||||
@ -378,16 +379,19 @@ jobs:
|
||||
- name: Upload Files
|
||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||
run: |
|
||||
mkdir -p ./publish/$LATEST_VERSION
|
||||
echo $LATEST_VERSION $BUILD_TIME > ./publish/NEWESTa7.${{ matrix.channel }}
|
||||
cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||
cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||
sudo apt-get install -y lftp > /dev/null 2>&1
|
||||
sudo mkdir -p ./publish/$LATEST_VERSION
|
||||
echo $LATEST_VERSION $BUILD_TIME | sudo tee ./publish/NEWESTa7.${{ matrix.channel }}
|
||||
sudo cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||
sudo cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||
sudo chown -R root:root ./publish/
|
||||
sudo apt-get install -y lftp ssh sshpass > /dev/null 2>&1
|
||||
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
||||
set sftp:auto-confirm yes
|
||||
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
||||
bye
|
||||
EOF
|
||||
sudo apt-get install ssh sshpass
|
||||
sshpass -p "${{ secrets.SSH_PASSWORD }}" ssh -o StrictHostKeyChecking=no -p ${{ secrets.SSH_PORT }} ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_SERVER }} "chown -R 32768:32768 /rw/disk/${{ secrets.SSH_DIRECTORY }}/"
|
||||
|
||||
- name: Clear Cloudflare cache
|
||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||
@ -428,6 +432,5 @@ jobs:
|
||||
netinstall-${{ env.LATEST_VERSION }}.*
|
||||
install-image-${{ env.LATEST_VERSION }}.zip
|
||||
routeros-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
|
||||
option-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
|
||||
all_packages-*-${{ env.LATEST_VERSION }}.zip
|
||||
*.EFI
|
||||
|
||||
|
||||
11
mikro.py
11
mikro.py
@ -1,8 +1,7 @@
|
||||
|
||||
import random
|
||||
import struct
|
||||
from sha256 import SHA256
|
||||
from toyecc import AffineCurvePoint, getcurvebyname, FieldElement,ECPrivateKey,ECPublicKey,Tools
|
||||
from toyecc.Random import secure_rand_int_between
|
||||
|
||||
|
||||
MIKRO_BASE64_CHARACTER_TABLE = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
|
||||
@ -39,8 +38,8 @@ def mikro_softwareid_encode(id:int)->str:
|
||||
assert(isinstance(id, int))
|
||||
ret = ''
|
||||
for i in range(8):
|
||||
ret += chr(SOFTWARE_ID_CHARACTER_TABLE[id % 0x23])
|
||||
id //= 0x23
|
||||
ret += chr(SOFTWARE_ID_CHARACTER_TABLE[id % len(SOFTWARE_ID_CHARACTER_TABLE)])
|
||||
id //= len(SOFTWARE_ID_CHARACTER_TABLE)
|
||||
if i == 3:
|
||||
ret += '-'
|
||||
return ret
|
||||
@ -167,7 +166,7 @@ def mikro_kcdsa_sign(data:bytes,private_key:bytes)->bytes:
|
||||
private_key:ECPrivateKey = ECPrivateKey(Tools.bytestoint_le(private_key), curve)
|
||||
public_key:ECPublicKey = private_key.pubkey
|
||||
while True:
|
||||
nonce_secret = secure_rand_int_between(1, curve.n - 1)
|
||||
nonce_secret = random.SystemRandom().randint(1, curve.n - 1)
|
||||
nonce_point = nonce_secret * curve.G
|
||||
nonce = int(nonce_point.x) % curve.n
|
||||
nonce_hash = mikro_sha256(Tools.inttobytes_le(nonce,32))
|
||||
@ -205,4 +204,4 @@ def mikro_kcdsa_verify(data:bytes, signature:bytes, public_key:bytes)->bool:
|
||||
nonce = int((public_key * signature + curve.G * data_hash).x)
|
||||
if mikro_sha256(Tools.inttobytes_le(nonce,32))[:len(nonce_hash)] == nonce_hash:
|
||||
return True
|
||||
return False
|
||||
return False
|
||||
|
||||
18
patch.py
18
patch.py
@ -84,12 +84,22 @@ def patch_initrd_xz(initrd_xz:bytes,key_dict:dict,ljust=True):
|
||||
if old_public_key in new_initrd:
|
||||
print(f'initrd public key patched {old_public_key[:16].hex().upper()}...')
|
||||
new_initrd = new_initrd.replace(old_public_key,new_public_key)
|
||||
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": 9,}] )
|
||||
preset = 6
|
||||
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": preset }] )
|
||||
while len(new_initrd_xz) > len(initrd_xz) and preset < 9:
|
||||
print(f'preset:{preset}')
|
||||
print(f'new initrd xz size:{len(new_initrd_xz)}')
|
||||
print(f'old initrd xz size:{len(initrd_xz)}')
|
||||
preset += 1
|
||||
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": preset }] )
|
||||
if len(new_initrd_xz) > len(initrd_xz):
|
||||
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": 9 | lzma.PRESET_EXTREME,'dict_size': 32*1024*1024,"lc": 4,"lp": 0, "pb": 0,}] )
|
||||
if ljust:
|
||||
assert len(new_initrd_xz) <= len(initrd_xz),'new initrd xz size is too big'
|
||||
print(f'preset:{preset}')
|
||||
print(f'new initrd xz size:{len(new_initrd_xz)}')
|
||||
print(f'old initrd xz size:{len(initrd_xz)}')
|
||||
print(f'ljust size:{len(initrd_xz)-len(new_initrd_xz)}')
|
||||
assert len(new_initrd_xz) <= len(initrd_xz),'new initrd xz size is too big'
|
||||
new_initrd_xz = new_initrd_xz.ljust(len(initrd_xz),b'\0')
|
||||
return new_initrd_xz
|
||||
|
||||
@ -250,13 +260,13 @@ def patch_squashfs(path,key_dict):
|
||||
print(f'{file} public key patched {old_public_key[:16].hex().upper()}...')
|
||||
data = data.replace(old_public_key,new_public_key)
|
||||
open(file,'wb').write(data)
|
||||
data = open(file,'rb').read()
|
||||
url_dict = {
|
||||
os.environ['MIKRO_LICENCE_URL'].encode():os.environ['CUSTOM_LICENCE_URL'].encode(),
|
||||
os.environ['MIKRO_UPGRADE_URL'].encode():os.environ['CUSTOM_UPGRADE_URL'].encode(),
|
||||
os.environ['MIKRO_CLOUD_URL'].encode():os.environ['CUSTOM_CLOUD_URL'].encode(),
|
||||
os.environ['MIKRO_CLOUD_PUBLIC_KEY'].encode():os.environ['CUSTOM_CLOUD_PUBLIC_KEY'].encode(),
|
||||
}
|
||||
data = open(file,'rb').read()
|
||||
for old_url,new_url in url_dict.items():
|
||||
if old_url in data:
|
||||
print(f'{file} url patched {old_url.decode()[:7]}...')
|
||||
@ -331,7 +341,7 @@ if __name__ == '__main__':
|
||||
args = parser.parse_args()
|
||||
key_dict = {
|
||||
bytes.fromhex(os.environ['MIKRO_LICENSE_PUBLIC_KEY']):bytes.fromhex(os.environ['CUSTOM_LICENSE_PUBLIC_KEY']),
|
||||
bytes.fromhex(os.environ['MIKRO_NPK_SIGN_PUBLIC_LKEY']):bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PUBLIC_KEY'])
|
||||
bytes.fromhex(os.environ['MIKRO_NPK_SIGN_PUBLIC_KEY']):bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PUBLIC_KEY'])
|
||||
}
|
||||
kcdsa_private_key = bytes.fromhex(os.environ['CUSTOM_LICENSE_PRIVATE_KEY'])
|
||||
eddsa_private_key = bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PRIVATE_KEY'])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user