Compare commits
22 Commits
7.17beta5-
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
3207b0ccd3 | ||
|
|
65dff5204a | ||
|
|
10349947e6 | ||
|
|
2e7b31abf5 | ||
|
|
32ef5f3aeb | ||
|
|
3ba9e027e3 | ||
|
|
f6fea00c16 | ||
|
391d019a42 | ||
|
|
4c6ab80b09 | ||
|
|
098f967cfd | ||
|
e61c981f84 | ||
|
|
29663ed175 | ||
|
|
fd2baf25a0 | ||
|
|
f65a65e830 | ||
|
|
dc8118e5ab | ||
|
|
9b4d525aa2 | ||
|
|
eef9552fda | ||
|
|
2126382b54 | ||
|
|
a9eef1d574 | ||
|
|
bd097583eb | ||
|
|
23a853d585 | ||
|
|
9b6b8c7e2f |
12
.github/workflows/mikrotik_patch_6.yml
vendored
12
.github/workflows/mikrotik_patch_6.yml
vendored
@ -17,7 +17,7 @@ env:
|
|||||||
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
||||||
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
||||||
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
||||||
MIKRO_NPK_SIGN_PUBLIC_LKEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_LKEY }}
|
MIKRO_NPK_SIGN_PUBLIC_KEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_KEY }}
|
||||||
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
||||||
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
||||||
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
||||||
@ -222,17 +222,17 @@ jobs:
|
|||||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||||
run: |
|
run: |
|
||||||
sudo mkdir -p ./publish/$LATEST_VERSION
|
sudo mkdir -p ./publish/$LATEST_VERSION
|
||||||
echo $LATEST_VERSION $BUILD_TIME > ./publish/NEWEST6.${{ matrix.channel }}
|
echo $LATEST_VERSION $BUILD_TIME | sudo tee ./publish/NEWEST6.${{ matrix.channel }}
|
||||||
cp CHANGELOG ./publish/$LATEST_VERSION/
|
sudo cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||||
cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
sudo cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||||
sudo chown -R root:root ./publish/
|
sudo chown -R root:root ./publish/
|
||||||
sudo apt-get install -y lftp > /dev/null 2>&1
|
sudo apt-get install -y lftp ssh sshpass > /dev/null 2>&1
|
||||||
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
||||||
set sftp:auto-confirm yes
|
set sftp:auto-confirm yes
|
||||||
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
||||||
bye
|
bye
|
||||||
EOF
|
EOF
|
||||||
|
sshpass -p "${{ secrets.SSH_PASSWORD }}" ssh -o StrictHostKeyChecking=no -p ${{ secrets.SSH_PORT }} ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_SERVER }} "chown -R 32768:32768 /rw/disk/${{ secrets.SSH_DIRECTORY }}/"
|
||||||
- name: Clear Cloudflare cache
|
- name: Clear Cloudflare cache
|
||||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
9
.github/workflows/mikrotik_patch_7.yml
vendored
9
.github/workflows/mikrotik_patch_7.yml
vendored
@ -16,7 +16,7 @@ env:
|
|||||||
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
|
||||||
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
|
||||||
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
|
||||||
MIKRO_NPK_SIGN_PUBLIC_LKEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_LKEY }}
|
MIKRO_NPK_SIGN_PUBLIC_KEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_KEY }}
|
||||||
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
|
||||||
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
|
||||||
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
|
||||||
@ -384,12 +384,14 @@ jobs:
|
|||||||
sudo cp CHANGELOG ./publish/$LATEST_VERSION/
|
sudo cp CHANGELOG ./publish/$LATEST_VERSION/
|
||||||
sudo cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
sudo cp ./all_packages/*.npk ./publish/$LATEST_VERSION/
|
||||||
sudo chown -R root:root ./publish/
|
sudo chown -R root:root ./publish/
|
||||||
sudo apt-get install -y lftp > /dev/null 2>&1
|
sudo apt-get install -y lftp ssh sshpass > /dev/null 2>&1
|
||||||
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
sudo -E lftp -u ${{ secrets.SSH_USERNAME }},'${{ secrets.SSH_PASSWORD }}' sftp://${{ secrets.SSH_SERVER }}:${{ secrets.SSH_PORT }} <<EOF
|
||||||
set sftp:auto-confirm yes
|
set sftp:auto-confirm yes
|
||||||
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
mirror --reverse --verbose --only-newer ./publish ${{ secrets.SSH_DIRECTORY }}
|
||||||
bye
|
bye
|
||||||
EOF
|
EOF
|
||||||
|
sudo apt-get install ssh sshpass
|
||||||
|
sshpass -p "${{ secrets.SSH_PASSWORD }}" ssh -o StrictHostKeyChecking=no -p ${{ secrets.SSH_PORT }} ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_SERVER }} "chown -R 32768:32768 /rw/disk/${{ secrets.SSH_DIRECTORY }}/"
|
||||||
|
|
||||||
- name: Clear Cloudflare cache
|
- name: Clear Cloudflare cache
|
||||||
if: steps.get_latest.outputs.has_new_version == 'true'
|
if: steps.get_latest.outputs.has_new_version == 'true'
|
||||||
@ -430,6 +432,5 @@ jobs:
|
|||||||
netinstall-${{ env.LATEST_VERSION }}.*
|
netinstall-${{ env.LATEST_VERSION }}.*
|
||||||
install-image-${{ env.LATEST_VERSION }}.zip
|
install-image-${{ env.LATEST_VERSION }}.zip
|
||||||
routeros-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
|
routeros-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
|
||||||
option-${{ env.LATEST_VERSION }}${{ env.ARCH }}.npk
|
|
||||||
all_packages-*-${{ env.LATEST_VERSION }}.zip
|
all_packages-*-${{ env.LATEST_VERSION }}.zip
|
||||||
*.EFI
|
|
||||||
|
|||||||
11
mikro.py
11
mikro.py
@ -1,8 +1,7 @@
|
|||||||
|
import random
|
||||||
import struct
|
import struct
|
||||||
from sha256 import SHA256
|
from sha256 import SHA256
|
||||||
from toyecc import AffineCurvePoint, getcurvebyname, FieldElement,ECPrivateKey,ECPublicKey,Tools
|
from toyecc import AffineCurvePoint, getcurvebyname, FieldElement,ECPrivateKey,ECPublicKey,Tools
|
||||||
from toyecc.Random import secure_rand_int_between
|
|
||||||
|
|
||||||
|
|
||||||
MIKRO_BASE64_CHARACTER_TABLE = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
|
MIKRO_BASE64_CHARACTER_TABLE = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
|
||||||
@ -39,8 +38,8 @@ def mikro_softwareid_encode(id:int)->str:
|
|||||||
assert(isinstance(id, int))
|
assert(isinstance(id, int))
|
||||||
ret = ''
|
ret = ''
|
||||||
for i in range(8):
|
for i in range(8):
|
||||||
ret += chr(SOFTWARE_ID_CHARACTER_TABLE[id % 0x23])
|
ret += chr(SOFTWARE_ID_CHARACTER_TABLE[id % len(SOFTWARE_ID_CHARACTER_TABLE)])
|
||||||
id //= 0x23
|
id //= len(SOFTWARE_ID_CHARACTER_TABLE)
|
||||||
if i == 3:
|
if i == 3:
|
||||||
ret += '-'
|
ret += '-'
|
||||||
return ret
|
return ret
|
||||||
@ -167,7 +166,7 @@ def mikro_kcdsa_sign(data:bytes,private_key:bytes)->bytes:
|
|||||||
private_key:ECPrivateKey = ECPrivateKey(Tools.bytestoint_le(private_key), curve)
|
private_key:ECPrivateKey = ECPrivateKey(Tools.bytestoint_le(private_key), curve)
|
||||||
public_key:ECPublicKey = private_key.pubkey
|
public_key:ECPublicKey = private_key.pubkey
|
||||||
while True:
|
while True:
|
||||||
nonce_secret = secure_rand_int_between(1, curve.n - 1)
|
nonce_secret = random.SystemRandom().randint(1, curve.n - 1)
|
||||||
nonce_point = nonce_secret * curve.G
|
nonce_point = nonce_secret * curve.G
|
||||||
nonce = int(nonce_point.x) % curve.n
|
nonce = int(nonce_point.x) % curve.n
|
||||||
nonce_hash = mikro_sha256(Tools.inttobytes_le(nonce,32))
|
nonce_hash = mikro_sha256(Tools.inttobytes_le(nonce,32))
|
||||||
@ -205,4 +204,4 @@ def mikro_kcdsa_verify(data:bytes, signature:bytes, public_key:bytes)->bool:
|
|||||||
nonce = int((public_key * signature + curve.G * data_hash).x)
|
nonce = int((public_key * signature + curve.G * data_hash).x)
|
||||||
if mikro_sha256(Tools.inttobytes_le(nonce,32))[:len(nonce_hash)] == nonce_hash:
|
if mikro_sha256(Tools.inttobytes_le(nonce,32))[:len(nonce_hash)] == nonce_hash:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|||||||
18
patch.py
18
patch.py
@ -84,12 +84,22 @@ def patch_initrd_xz(initrd_xz:bytes,key_dict:dict,ljust=True):
|
|||||||
if old_public_key in new_initrd:
|
if old_public_key in new_initrd:
|
||||||
print(f'initrd public key patched {old_public_key[:16].hex().upper()}...')
|
print(f'initrd public key patched {old_public_key[:16].hex().upper()}...')
|
||||||
new_initrd = new_initrd.replace(old_public_key,new_public_key)
|
new_initrd = new_initrd.replace(old_public_key,new_public_key)
|
||||||
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": 9,}] )
|
preset = 6
|
||||||
|
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": preset }] )
|
||||||
|
while len(new_initrd_xz) > len(initrd_xz) and preset < 9:
|
||||||
|
print(f'preset:{preset}')
|
||||||
|
print(f'new initrd xz size:{len(new_initrd_xz)}')
|
||||||
|
print(f'old initrd xz size:{len(initrd_xz)}')
|
||||||
|
preset += 1
|
||||||
|
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": preset }] )
|
||||||
|
if len(new_initrd_xz) > len(initrd_xz):
|
||||||
|
new_initrd_xz = lzma.compress(new_initrd,check=lzma.CHECK_CRC32,filters=[{"id": lzma.FILTER_LZMA2, "preset": 9 | lzma.PRESET_EXTREME,'dict_size': 32*1024*1024,"lc": 4,"lp": 0, "pb": 0,}] )
|
||||||
if ljust:
|
if ljust:
|
||||||
assert len(new_initrd_xz) <= len(initrd_xz),'new initrd xz size is too big'
|
print(f'preset:{preset}')
|
||||||
print(f'new initrd xz size:{len(new_initrd_xz)}')
|
print(f'new initrd xz size:{len(new_initrd_xz)}')
|
||||||
print(f'old initrd xz size:{len(initrd_xz)}')
|
print(f'old initrd xz size:{len(initrd_xz)}')
|
||||||
print(f'ljust size:{len(initrd_xz)-len(new_initrd_xz)}')
|
print(f'ljust size:{len(initrd_xz)-len(new_initrd_xz)}')
|
||||||
|
assert len(new_initrd_xz) <= len(initrd_xz),'new initrd xz size is too big'
|
||||||
new_initrd_xz = new_initrd_xz.ljust(len(initrd_xz),b'\0')
|
new_initrd_xz = new_initrd_xz.ljust(len(initrd_xz),b'\0')
|
||||||
return new_initrd_xz
|
return new_initrd_xz
|
||||||
|
|
||||||
@ -250,13 +260,13 @@ def patch_squashfs(path,key_dict):
|
|||||||
print(f'{file} public key patched {old_public_key[:16].hex().upper()}...')
|
print(f'{file} public key patched {old_public_key[:16].hex().upper()}...')
|
||||||
data = data.replace(old_public_key,new_public_key)
|
data = data.replace(old_public_key,new_public_key)
|
||||||
open(file,'wb').write(data)
|
open(file,'wb').write(data)
|
||||||
data = open(file,'rb').read()
|
|
||||||
url_dict = {
|
url_dict = {
|
||||||
os.environ['MIKRO_LICENCE_URL'].encode():os.environ['CUSTOM_LICENCE_URL'].encode(),
|
os.environ['MIKRO_LICENCE_URL'].encode():os.environ['CUSTOM_LICENCE_URL'].encode(),
|
||||||
os.environ['MIKRO_UPGRADE_URL'].encode():os.environ['CUSTOM_UPGRADE_URL'].encode(),
|
os.environ['MIKRO_UPGRADE_URL'].encode():os.environ['CUSTOM_UPGRADE_URL'].encode(),
|
||||||
os.environ['MIKRO_CLOUD_URL'].encode():os.environ['CUSTOM_CLOUD_URL'].encode(),
|
os.environ['MIKRO_CLOUD_URL'].encode():os.environ['CUSTOM_CLOUD_URL'].encode(),
|
||||||
os.environ['MIKRO_CLOUD_PUBLIC_KEY'].encode():os.environ['CUSTOM_CLOUD_PUBLIC_KEY'].encode(),
|
os.environ['MIKRO_CLOUD_PUBLIC_KEY'].encode():os.environ['CUSTOM_CLOUD_PUBLIC_KEY'].encode(),
|
||||||
}
|
}
|
||||||
|
data = open(file,'rb').read()
|
||||||
for old_url,new_url in url_dict.items():
|
for old_url,new_url in url_dict.items():
|
||||||
if old_url in data:
|
if old_url in data:
|
||||||
print(f'{file} url patched {old_url.decode()[:7]}...')
|
print(f'{file} url patched {old_url.decode()[:7]}...')
|
||||||
@ -331,7 +341,7 @@ if __name__ == '__main__':
|
|||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
key_dict = {
|
key_dict = {
|
||||||
bytes.fromhex(os.environ['MIKRO_LICENSE_PUBLIC_KEY']):bytes.fromhex(os.environ['CUSTOM_LICENSE_PUBLIC_KEY']),
|
bytes.fromhex(os.environ['MIKRO_LICENSE_PUBLIC_KEY']):bytes.fromhex(os.environ['CUSTOM_LICENSE_PUBLIC_KEY']),
|
||||||
bytes.fromhex(os.environ['MIKRO_NPK_SIGN_PUBLIC_LKEY']):bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PUBLIC_KEY'])
|
bytes.fromhex(os.environ['MIKRO_NPK_SIGN_PUBLIC_KEY']):bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PUBLIC_KEY'])
|
||||||
}
|
}
|
||||||
kcdsa_private_key = bytes.fromhex(os.environ['CUSTOM_LICENSE_PRIVATE_KEY'])
|
kcdsa_private_key = bytes.fromhex(os.environ['CUSTOM_LICENSE_PRIVATE_KEY'])
|
||||||
eddsa_private_key = bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PRIVATE_KEY'])
|
eddsa_private_key = bytes.fromhex(os.environ['CUSTOM_NPK_SIGN_PRIVATE_KEY'])
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user