Firmware download URL: https://www.tp-link.com/pt/support/download/tl-wr841n/#Firmware
unzip unzip TL-WR841N\(EU\)_V14_200903.zip
Using binwalk tool we can inspect and find the embedded files and executable code inside the firmware binary images.
binwalk -e TL-WR841Nv14_EU_0.9.1_4.17_up_boot\[200903-rel58674\].bin
In short, the binwalk structure is composed by three sections:
File location in decimal format
File location in hexadecimal form
Description about what was found and location
As observed above, we got U-Boot at offset 5404B. This is a popular bootload to load the operating system.
Also, an LZMA compressed data was obtained at offset 66560, and finally the squashfs filesystem at 1049088.
Now, we can copy the filesystem squashfs into a new folder using the dd tool.
dd if=TL-WR841Nv14_EU_0.9.1_4.17_up_boot\[200903-rel58674\].bin skip=1049088 bs=1 of=TP.sfs
We check the new filesystem file using the file command:
unsquashfs - tool to uncompress squashfs filesystems
unsquashfs TP.sfsls -la unsquashfs-root
Yeah, we got it! 😎
From here, we can start with the analysis of the binaries present and individual files in the filesystem, and so on!
Good luck 🤓