腾达AC9官方固件增加KoolProxy版

前段时间撸了个零元购的腾达AC9, 恩山上有几个大神给了定制版固件, 但我只想要广告过滤功能, 其他都不想要, 所以自己也撸了个固件.

本固件基于腾达官方 US_AC9V1.0BR_V15.03.05.14_multi_TD01 制作

在官方的基础上增加了 KoolProxy 功能

具体修改过程如下:

  1. 下载官方固件 US_AC9V1.0BR_V15.03.05.14_multi_TD01.bin

  2. 分解官方固件

     su
     aptitude install binwalk
     apt-get -f install
     binwalk US_AC9V1.0BR_V15.03.05.14_multi_TD01.bin 
    

    DECIMAL HEXADECIMAL DESCRIPTION

    64 0x40 TRX firmware header, little endian, header size: 28 bytes, image size: 7503872 bytes, CRC32: 0x37702F4B flags: 0x0, version: 1
    92 0x5C LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 4133088 bytes
    1633096 0x18EB48 Squashfs filesystem, little endian, version 4.0, compression:lzma (non-standard type definition), size: 5866728 bytes, 835 inodes, blocksize: 131072 bytes, created: Sat Mar 25 20:07:08 2017

    0x5C-0x18EB47为kernel、0x18EB48-结尾为Squashfs文件系统
    使用010Editor提取0x5C-0x18EB47为kernel.bin、使用0x18EB48-结尾为fs.bin

  3. 解包官方固件文件部分

     apt install squashfs-tools
     unsquashfs -d squashfs-root fs.bin
    

    得到squashfs-root目录

  4. 添加脚本

     cd squashfs-root
     vim ./etc_ro/koolproxy.sh
    

    内容为

     #!/bin/sh
     
     mkdir -p /tmp/koolproxy/data/rules
     mkdir -p /tmp/koolproxy/data/private
     mkdir -p /tmp/koolproxy/data/certs
     
     wget_ok="0"
     
     while [ "$wget_ok" = "0" ]
     do
         wget http://koolproxy-bin.b0.upaiyun.com/arm -O /tmp/koolproxy/koolproxy -t 1 -T 5 2>/dev/null
         if [ "$?" == "0" ]; then
             wget_ok="1"
         else
             wget http://contents.lanyus.com/koolproxy/arm -O /tmp/koolproxy/koolproxy -t 1 -T 5 2>/dev/null
             if [ "$?" == "0" ]; then
                 wget_ok="1"
             else
                 sleep 30
             fi
         fi
     done
     
     chmod 0755 /tmp/koolproxy/koolproxy
     
     wget http://kprules.b0.upaiyun.com/koolproxy.txt -O /tmp/koolproxy/data/rules/koolproxy.txt -t 1 -T 5 2>/dev/null
     wget http://kprules.b0.upaiyun.com/kp.dat -O /tmp/koolproxy/data/rules/kp.dat -t 1 -T 5 2>/dev/null
     wget http://kprules.b0.upaiyun.com/user.txt -O /tmp/koolproxy/data/rules/user.txt -t 1 -T 5 2>/dev/null
     wget http://kprules.b0.upaiyun.com/daily.txt -O /tmp/koolproxy/data/rules/daily.txt -t 1 -T 5 2>/dev/null
     
     if [ "$?" != "0" ]; then
         wget http://contents.lanyus.com/koolproxy/data/rules/koolproxy.txt -O /tmp/koolproxy/data/rules/koolproxy.txt -t 1 -T 5 2>/dev/null
         wget http://contents.lanyus.com/koolproxy/data/rules/kp.dat -O /tmp/koolproxy/data/rules/kp.dat -t 1 -T 5 2>/dev/null
         wget http://contents.lanyus.com/koolproxy/data/rules/user.txt -O /tmp/koolproxy/data/rules/user.txt -t 1 -T 5 2>/dev/null
         wget http://contents.lanyus.com/koolproxy/data/rules/daily.txt -O /tmp/koolproxy/data/rules/daily.txt -t 1 -T 5 2>/dev/null
     fi
     
     wget http://contents.lanyus.com/koolproxy/data/certs/ca.crt -O /tmp/koolproxy/data/certs/ca.crt -t 1 -T 5 2>/dev/null
     wget http://contents.lanyus.com/koolproxy/data/private/base.key.pem -O /tmp/koolproxy/data/private/base.key.pem -t 1 -T 5 2>/dev/null
     wget http://contents.lanyus.com/koolproxy/data/private/ca.key.pem -O /tmp/koolproxy/data/private/ca.key.pem -t 1 -T 5 2>/dev/null
     
     /tmp/koolproxy/koolproxy -p 3000 -b /tmp/koolproxy/data -d
     
     iptables -t nat -N KOOLPROXY
     iptables -t nat -F KOOLPROXY
     iptables -t nat -A KOOLPROXY -d 192.168.0.0/16 -j RETURN
     iptables -t nat -A KOOLPROXY -p tcp -m multiport --dports 80,443 -j REDIRECT --to-ports 3000
     iptables -t nat -A KOOLPROXY -p tcp -d 110.110.110.110 --dport 80 -j REDIRECT --to-port 3000
     iptables -t nat -A PREROUTING -p tcp -j KOOLPROXY
    

    保存退出vim

     chmod +x ./etc_ro/koolproxy.sh
    
  5. 修改开机启动项,设置开机启动telnetd、修改root密码、启动koolproxy.sh

     vim ./etc_ro/init.d/rcS
    

    在文件最后添加

     telnetd &
     echo -e 'admin\nadmin' | passwd root
     
     /etc/koolproxy.sh &
    
  1. 打包固件

     mksquashfs ./squashfs-root ./squashfs.bin -noappend -root-owned -comp xz -b 128k -processors 1 
     wget https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/OpenWrt-SDK-ar71xx-generic_gcc-5.3.0_musl-1.1.16.Linux-x86_64.tar.bz2
     tar -axvf OpenWrt-SDK-ar71xx-generic_gcc-5.3.0_musl-1.1.16.Linux-x86_64.tar.bz2
     cd OpenWrt-SDK-ar71xx-generic_gcc-5.3.0_musl-1.1.16.Linux-x86_64/staging_dir/host/bin
     export PATH=$PATH:`pwd`
     cd -
     trx -o new.bin -m 7929856 -f kernel.bin -f squashfs.bin
     mkimage -A arm -a 0x80000000 -e 0x80008000 -C lzma -d new.bin US_AC9V1.0BR_V15.03.05.14_multi_TD01_KoolProxy.bin
     rm -rf squashfs.bin new.bin
    

    得到US_AC9V1.0BR_V15.03.05.14_multi_TD01_KoolProxy.bin, 使用010Editor打开US_AC9V1.0BR_V15.03.05.14_multi_TD01.binUS_AC9V1.0BR_V15.03.05.14_multi_TD01_KoolProxy.bin, 将官方原版固件的0x20-0x3F复制到US_AC9V1.0BR_V15.03.05.14_multi_TD01_KoolProxy.bin的0x20-0x3F

注: 以上过程均在debian 8.8 x64进行

固件下载地址: 链接: http://pan.baidu.com/s/1c15bGaO 密码: uvxe

MD5校验值: 5CD0920C4CEF68B1103B1ECE0586E69C

SHA-1校验值: B7CA3D1C5861ADBD49E014AB26530A050EF6A86A

标签: none

添加新评论