How D-Link Provides Firmware Source Codes

Hail habrchane!

I have a few old D-Link DI-524UP H / W Ver .: A1 routers in my workplace, which were produced in 2005-2006 and inherited from the past admin. It is clear that these devices have served their purpose, are outdated both morally and physically and have long been on the shelf, but I was bribed by the fact that this model has a USB port, and the Linux operating system is the basis for the firmware.

Unfortunately, the developers of the stock firmware have quite limited the possibilities for working with a USB port: DI-524UP does not work with USB modems, flash drives and external HDD drives . Alternative, more functional and modern firmware, such as OpenWRT or DD-WRT exist for devices on the same processor as the DI-524UP - Realtek RTL8650B , but do not support the chip responsible for the operation of Wi-Fi RTL8185L . The prospect of abandoning the wireless Internet does not suit me, but to deal with the addition of support for RTL8185L and the complete compilation of DD-WRT or OpenWRT for my hardware seemed quite a challenge.

I thought it would be nice to try reworking the stock firmware a bit - add functionality, compile and install separate software packages, how much memory is enough in the device, rebuild the kernel and enable the necessary support for hardware for the USB port.
')
At the end of 2013 , a security vulnerability was discovered in some models of D-link routers - a software tab that allows attackers to gain control of the device. Details were discussed earlier on Habré. Naturally, in the earlier version v.1.05 of the firmware from 11/15/2007 and its source codes from 03/25/2008 and earlier this tab is present.

After the raised noise at the end of 2013 , D-Link released firmware updates for DI-524UP Ax version v1.08b1 and v1.08b2 in which it closed the vulnerability. The source code of these firmware manufacturer did not lay out in open access.

Since Since the device kernel includes the Linux kernel and free software, then under the terms of the GPL license , the developer must provide their source code at the request of others. I requested the source code of the firmware v1.08 on the manufacturer's forum. After some time, there were links to the source code of the firmware v1.08b2.

After downloading and unpacking the archives, I decided to compare the source codes of versions v1.05 and v.1.08 by file . The result I was somewhat puzzled. The differences found are shown below under the spoiler:


Thus, the companions developers "cheated" and simply rewrote in the source code of the firmware the version number from v1.05 (? 1.01) to v.1.08b2 and try to pass them off as the latest version. About these "manipulations" I asked a question about the technical support of the company D-link.

UPD (12/27/2014) “Source codes of version v1.05” are removed from the site , submitted a request to restore the source code to the public access of this particular version - v1.05.

UPD2 (01/19/2014) It looks like v1.05 was posted v1.01, so it was removed from the site, moreover, if you look under the spoiler above:
< VERSIONPKG = v1.01
< ALPHA_VERSION = v4.0.0b10
In the code version does not match the stated.

To be continued...