Decrypting config.bin files for TP-Link WR841N, WA855RE, and probably more…
Notice - moved from medium.com, as their pricing model is just plain wrong... This is also hosted here , but updated below. Tl;Dr — it’s basically the same as it always was, except they added a compression step. YOLO. These devices are still Amazon’s ‘Choice’ when you search for ‘router’ to buy, so they’re pretty popular. Shut up, just gimme the script: If you want to read a config file from one of these (or similar) devices, just use the following script: # First strip the header: dd bs=1 skip=144 if=config.bin of=config1.bin # Now decrypt the file - same key as before! openssl enc -d -des-ecb -nopad -K 478DA50BF9E3D2CF -in config1.bin >tmp.bin # However you also need to decompress it with zlib: zlib-flate -uncompress <tmp.bin >config.json The contents of the config.json file is now the plaintext JSON config data for your router. Woo! :-D What data can you get? WiFi Keys, MD5 of the admin password, WEP key, IP ranges in use, and a few other artefacts.