Adding a little extra information here in case anyone else is interested:
The reason the description field gets executed is because it is quoted when the router launches the plug-and-play daemon, regardless if upnp is disabled in the configuration:
sh -c upnpd -L br0 -W ppp1 -en 0 -nat 1 -port 80 -url "http://www.tp-link.com" -ma "TP-LINK" -mn "TD-W9970" -mv "1.0" -desc "300Mbps Wireless N USB VDSL/ADSL Modem Router" &
Appears to only be two DES key(s) in firmware:
47 8D A5 0B F9 E3 D2 CF
rdp_backupCfg & rdp_restoreCfg (conf.bin)
rdp_saveModem3gFile > rsl_3g_saveModem3gFile
47 8D A5 0F F9 E3 D2 CB
dm_loadCfg (/etc/default_config.xml) > dm_decryptFile
dm_init (/etc/reduced_data_model.xml) > dm_decryptFile
For now, I have chosen to simply kill many of the obvious processes I don’t need, and running my own instead:
killall -1 upnpd
killall ushare cwmp noipdns dyndns
This frees up more than half the ram.
Using latest busybox-mips, I’m running my own web server (httpd) on the router and several other misc. services managed by inetd.
Simple example: I wanted to be able to quickly get internet IP address from router, so…
inetd.conf line:
9970 stream tcp nowait admin /var/usbdisk/sda1/inetd/get-external-ip.sh
get-external-ip.sh:
ifconfig ppp1 | awk -F"[: ]+" '/inet addr:/ {print $4}'
Then, to get internet IP address on my PC (or wherever inside LAN) I simply run:
nc gateway 9970
Looks like we can even run
websocket.sh, fun.
Router is much more useful to me now, Thanks.
Happy hacking!