What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

How can I overwrite the CFE partition?

L

lenovomen

Regular Contributor
Hi everyone,

I have an ASUS TUF-AX3000 V2 router (RT-AX58U V2 hardware) running GnuTon firmware (3006.102.3_1-gnuton1). I want to completely wipe and rewrite the router to make it like it just came out of the factory, including the CFE and all partitions (NVRAM, JFFS, linux) to ensure no malware (e.g., Cyclops Blink) remains. I understand that a standard factory reset and TFTP only partially wipe, leaving the partition table and CFE intact. Is there a way to update the CFE or rewrite the partition table at home? I’ve already tried factory reset and JFFS formatting, but I’m concerned about deeper-level backdoors persisting. If JTAG/serial console is needed, what tools do you recommend? Or is recovery mode with stock ASUS firmware reinstall enough? Any experiences, step-by-step guides, or warnings would be greatly appreciated.

Thanks!
 
You have asked the same question >1 year ago. The answer is still the same.

www.snbforums.com

Asus tuf 3000v2 bootloader reinstallation

Hi, How can I completely reinstall the firmware system of my Asus router including the bootloader? Where can I find instructions? Suppose someone buys a second hand Asus router. That is why I ask. How can I overwrite the tuf 3000v2 bootloader with the factory one? Where can I download it...
www.snbforums.com www.snbforums.com
 
Tech9 said:
You have asked the same question >1 year ago. The answer is still the same.

www.snbforums.com

Asus tuf 3000v2 bootloader reinstallation

Hi, How can I completely reinstall the firmware system of my Asus router including the bootloader? Where can I find instructions? Suppose someone buys a second hand Asus router. That is why I ask. How can I overwrite the tuf 3000v2 bootloader with the factory one? Where can I download it...
www.snbforums.com www.snbforums.com
Click to expand...

Yes, I know, but I don’t have another router with a CFE that is definitely unmodified. Could someone upload one? Or it would be best if Merlin made these available to everyone.
 
lenovomen said:
Yes, I know, but I don’t have another router with a CFE that is definitely unmodified. Could someone upload one? Or it would be best if Merlin made these available to everyone.
Click to expand...
Guess I'll be the one to ask the question. Why do you feel that @RMerlin should make a router's CFE, particularly a router that Asus-Merlin doesn't support, available to everyone?
 
lenovomen said:
Yes, I know, but I don’t have another router
Click to expand...

You don't need another router and you don't have to touch the bootloader unless you want to kill the router you have.
 
I would appreciate if there were a possibility to repair it. Or if there existed a script capable of examining whether the bootloader contains any malicious code and ensuring there are no low-level attack codes that could bypass the system. github.com/NCSC-NL/asusrouter-malware-scan
 
The bootloader is factory-installed, and contains personalized information such as MAC addresses. There's no generic image that could be user-installed.
 
RMerlin said:
The bootloader is factory-installed, and contains personalized information such as MAC addresses. There's no generic image that could be user-installed.
Click to expand...
Alright, thanks, now I understand! To make sure everything is fine, is there any verification script or solution available? I really like the Merlin firmware, and I also have a Xiaomi C700 camera equipped with the MJA1 chip. I specifically wanted a model with a security chip, although unfortunately, it doesn’t protect against network manipulation. I know I could buy additional sub network devices to connect to the router, but I would prefer to rely on the router itself if it is already excellent and secure.
 
lenovomen said:
is there any verification script or solution available?
Click to expand...
No.

The chances of a bootloader-level malware for an Asus router is very low however. Not worth the effort for a skilled hacker, who would prefer to spend his time on targeting etnterprise products.

If you need enterprise-like security, then you'll want a router with a signed bootloader and signed firmware.
 
RMerlin said:
No.

The chances of a bootloader-level malware for an Asus router is very low however. Not worth the effort for a skilled hacker, who would prefer to spend his time on targeting etnterprise products.

If you need enterprise-like security, then you'll want a router with a signed bootloader and signed firmware.
Click to expand...
Yes, I’ve already thought about it, that it would be better to buy an enterprise-level router. I was able to download the C700 camera firmware directly from Xiaomi’s website, which erased all partitions and even the bootloader, except for the factory.bin (which contains the MAC address and device data), and reinstalled everything else. I really like these Chinese products in that regard! Practically, you can reinstall the entire device through software, and it feels as if you had just received it straight from the factory. It would be great if such a solution also existed for routers. Something inexpensive would be ideal, because the beauty of it is that you can rewrite it and it instantly becomes perfectly clean and protected.
 
Or I don’t know! The real good direction would be what Xiaomi is doing. They put MJA1 hardware cryptographic keys into inexpensive everyday home-user devices to ensure proper firmware operation. Because many people like Asus routers and Merlin. I like them too, in fact! I wouldn’t even want another one because I’m used to this interface. It would just be nice if in the future Asus also invested energy into hardware protection, because that’s the future!
 
Going with a signed firmware (which is totally supported by Broadcom's platform) would mean the end of third party firmwares like Asuswrt-Merlin. So, careful what you wish for...
 
RMerlin said:
Going with a signed firmware (which is totally supported by Broadcom's platform) would mean the end of third party firmwares like Asuswrt-Merlin. So, careful what you wish for...
Click to expand...
Of course, I’m not speaking against Merlin development! But it would be great if the core components were protected so that low-level attacks couldn’t be carried out. Or it would be nice to have a development, dear Merlin, that is able to check that everything is free from malware. That would be really great.
 
lenovomen said:
that is able to check that everything is free from malware. That would be really great.
Click to expand...
Asus already has a malware scanning service built in. If you are looking for a way to develop a malware scanner that is 100% efficient, such a thing does not exist.

lenovomen said:
the core components were protected
Click to expand...
As I wrote, the only way to accomplish that is to use code signing, which would lock everyone but Asus themselves out of your router.
 
Dear everyone, I’ve solved this problem. I have a Chinese Redmi router for which a bootloader called Breed was developed. I installed it together with OpenWRT and connected this router to my infected Asus router. This way the IoT devices were isolated. I have to admit, in this respect the Chinese are more skilled and better.
 
RMerlin said:
Asus already has a malware scanning service built in. If you are looking for a way to develop a malware scanner that is 100% efficient, such a thing does not exist.


As I wrote, the only way to accomplish that is to use code signing, which would lock everyone but Asus themselves out of your router.
Click to expand...
Alright, it has a self-check system, but I assume it is not capable of detecting and fixing low-level sophisticated bootloader malware and viruses. I’d rather use OpenWRT with the Breed bootloader for IoT devices.
 
lenovomen said:
Dear everyone, I’ve solved this problem. I have a Chinese Redmi router for which a bootloader called Breed was developed. I installed it together with OpenWRT and connected this router to my infected Asus router. This way the IoT devices were isolated. I have to admit, in this respect the Chinese are more skilled and better.
Click to expand...
Don't forget that the CCP mandates backdoor access to any device sold in PRC if you are concerned about being hacked.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
K RT-AX56U – No WiFi, missing/corrupt “factory” partition (need help to restore mtd10) Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 881 (members: 22, guests: 859)
Back
Top