嵌入式linux系统下如何通过drcom突破校园网限制（以长沙大学为例）

drcom（俗称小地球）广泛用于各大高校的宽带认证，常见包括三个版本，5.2.0 的P、D、X版。

P版就是在普通的PPPOE拨号的基础上添加了一个客户端与服务器通信认证的过程。

D版直接通过客户端的接口SEO靠我与服务器建立连接。X版复杂许多，一般会先有802.1x认证再进行端口通讯认证。

本教程能够解决大部分的P、D版本。

说明

本教程大部分内容来自 github 上 drcom-generic 开源项目，以及网SEO靠我络上各大牛的帖子与文章，大牛众多且出名，就不一一感谢与强调其版权。只进行了测试与整理以及部分错误的修正针对小白更友好一点，由阅读者实操所产生的一切后果，一概不负责。仅供学习与交流，请勿用于商业用途！

环SEO靠我境准备

python2.7（调试用到）wireshark（抓包工具）notepad++（修改代码用到）交叉编译环境

一、确定所使用客户端版本

打开学校的客户端，右上角可以看见ver5.2.0（D）

二、网络抓SEO靠我包

1、 先断开网络，注销并关闭drcom客户端。

2、 打开wireshark，选中你联网用的那个连接。双击开始抓包！如图所示：

软件会进入如下界面

现在打开drcom客户端，拨号连接并在线保持1分钟左右，SEO靠我然后注销，完全关闭drcom后，选择wireshark的停止抓包

选择File-save 选择保存路径，并重命名该文件为dr.pcapng (拓展名为.pcang)

完成抓包

三、解析数据

1.此处提供 drSEO靠我com_p_config.py 与 latest-wired.py的代码

drcom_p_config.py

# -*- coding: utf-8 -*- from binascii iSEO靠我mport hexlify import redef hexed(s):ret = for i in s:ret += \\x + hex(ord(i))[2:].rjust(2, 0SEO靠我)return retfilename = dr.pcapng f = open(filename, rb) text = f.read() offseSEO靠我t = re.search(\xF0\x00\xF0\x00[\x00-\xFF]{4}[\x03\x07]\x01, text).start() + 8 #print hexlifySEO靠我(text[offset:offset+330]) #print hexlify(text[offset:offset+338]) # print text[offseSEO靠我t+334:offset+338].encode(hex) if re.match(\x00\x00[\x00-\xFF]{2}, text[offset+334:offset+338SEO靠我]):ror_version = True else :ror_version = False # print ror_version usernameSEO靠我_len = ord(text[offset+3]) - 20 username = text[offset+20:offset+20+username_len] prSEO靠我int server = \%s\ % ..join([str(ord(i)) for i in text[offset-12:offset-8]]) print username=\SEO靠我%s\ % username print password=\\ print CONTROLCHECKSTATUS = \%s\ % hexed(text[offsetSEO靠我+56]) print ADAPTERNUM = \%s\ % hexed(text[offset+57]) print host_ip = \%s\ % ..joinSEO靠我(map(lambda x: str(ord(x)), text[offset+81:offset+85])) print IPDOG = \%s\ % hexed(text[offsSEO靠我et+105]) print host_name = \%s\ % GILIGILIEYE print PRIMARY_DNS = \%s\ % ..join(map(SEO靠我lambda x: str(ord(x)), text[offset+142:offset+146])) print dhcp_server = \%s\ % ..join(map(lSEO靠我ambda x: str(ord(x)), text[offset+146:offset+150])) print AUTH_VERSION = \%s\ % hexed(text[oSEO靠我ffset+310:offset+312]) if ror_version:print mac = 0x%s % hexlify(text[offset+328:offset+334]SEO靠我) else:print mac = 0x%s % hexlify(text[offset+320:offset+326]) print host_os = \%s\ SEO靠我% NOTE7KEEP_ALIVE_VERSION = [i for i in re.findall(\xf0\x00\xf0\x00....\x07.\x5c\x28\x00\x0b\x01(..)SEO靠我, text) if i != \x0f\x27][0] print KEEP_ALIVE_VERSION = \%s\ % hexed(KEEP_ALIVE_VERSION) SEO靠我 print ror_version = %s % ror_version

latest-wired.py

#!/usr/bin/env python # -*- coding: SEO靠我utf-8 -*-import socket import struct import time import hashlib impoSEO靠我rt sys import os import random import traceback# CONFIG server = "1SEO靠我92.168.100.150" username = "" password = "" host_name = "LIYUANYUAN" SEO靠我 host_os = "8089D" host_ip = "10.30.22.17" PRIMARY_DNS = "114.114.114.114" dSEO靠我hcp_server = "0.0.0.0" mac = 0xb888e3051680 CONTROLCHECKSTATUS = \x20 ADAPTESEO靠我RNUM = \x01 KEEP_ALIVE_VERSION = \xdc\x02 server = 10.1.1.254 username=nic SEO靠我 password=123456 CONTROLCHECKSTATUS = \x20 ADAPTERNUM = \x07 host_ip SEO靠我= 172.17.19.107 IPDOG = \x01 host_name = GILIGILIEYE PRIMARY_DNS = 218.196.4SEO靠我0.9 dhcp_server = 172.17.19.252 AUTH_VERSION = \x27\x00 mac = 0x2cf05db2b380SEO靠我 host_os = NOTE7 KEEP_ALIVE_VERSION = \xdc\x02 ror_version = True AUSEO靠我TH_VERSION:unsigned char ClientVerInfoAndInternetMode;unsigned char DogVersion; AUTH_VERSIOSEO靠我N = \x0a\x00 IPDOG = \x01 ror_version = False # CONFIG_ENDkeep_alive1_mod = SEO靠我False #If you have trouble at KEEPALIVE1, turn this value to True nic_name = #Indicate your SEO靠我nic, e.g. eth0.2.nic_name bind_ip = 0.0.0.0class ChallengeException (Exception):def __init__SEO靠我(self):passclass LoginException (Exception):def __init__(self):passdef bind_nic():try:import fcntldeSEO靠我f get_ip_address(ifname):s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)return socket.inet_ntoaSEO靠我(fcntl.ioctl(s.fileno(),0x8915, # SIOCGIFADDRstruct.pack(256s, ifname[:15]))[20:24])return get_ip_adSEO靠我dress(nic_name)except ImportError as e:print(Indicate nic feature need to be run under Unix based sySEO靠我stem.)return 0.0.0.0except IOError as e:print(nic_name + is unacceptable !)return 0.0.0.0finally:retSEO靠我urn 0.0.0.0if nic_name != :bind_ip = bind_nic()s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) SEO靠我 # s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind((bind_ip, 61440))s.SEO靠我settimeout(3) SALT = IS_TEST = True # specified fields based on version SEO靠我 CONF = "/etc/drcom.conf" UNLIMITED_RETRY = True EXCEPTION = False DEBUG SEO靠我= False #log saves to file LOG_PATH = /var/log/drcom_client.log if IS_TEST:DEBUG = TSEO靠我rueLOG_PATH = drcom_client.logdef log(*args, **kwargs):s = .join(args)print sif DEBUG:with open(LOG_SEO靠我PATH,a) as f:f.write(s + \n)def challenge(svr,ran):while True:t = struct.pack("<H", int(ran)%(0xFFFFSEO靠我))s.sendto("\x01\x02"+t+"\x09"+"\x00"*15, (svr, 61440))try:data, address = s.recvfrom(1024)log([chalSEO靠我lenge] recv,data.encode(hex))except:log([challenge] timeout, retrying...)continueif address == (svr,SEO靠我 61440):breakelse:continuelog([DEBUG] challenge:\n + data.encode(hex))if data[0] != \x02:raise ChallSEO靠我engeExceptionlog([challenge] challenge packet sent.)return data[4:8]def md5sum(s):m = hashlib.md5()mSEO靠我.update(s)return m.digest()def dump(n):s = %x % nif len(s) & 1:s = 0 + sreturn s.decode(hex)def ror(SEO靠我md5, pwd):ret = for i in range(len(pwd)):x = ord(md5[i]) ^ ord(pwd[i])ret += chr(((x<<3)&0xFF) + (x>SEO靠我>5))return retdef gen_crc(data, encrypt_type):DRCOM_DIAL_EXT_PROTO_CRC_INIT = 20000711ret = if encrySEO靠我pt_type == 0:# 加密方式无return struct.pack(<I,DRCOM_DIAL_EXT_PROTO_CRC_INIT) + struct.pack(<I,126)elif eSEO靠我ncrypt_type == 1:# 加密方式为 md5foo = hashlib.md5(data).digest()ret += foo[2]ret += foo[3]ret += foo[8]rSEO靠我et += foo[9]ret += foo[5]ret += foo[6]ret += foo[13]ret += foo[14]return retelif encrypt_type == 2:#SEO靠我 md4foo = hashlib.new(md4, data).digest()ret += foo[1]ret += foo[2]ret += foo[8]ret += foo[9]ret += SEO靠我foo[4]ret += foo[5]ret += foo[11]ret += foo[12]return retelif encrypt_type == 3:# sha1foo = hashlib.SEO靠我sha1(data).digest()ret += foo[2]ret += foo[3]ret += foo[9]ret += foo[10]ret += foo[5]ret += foo[6]reSEO靠我t += foo[15]ret += foo[16]return retdef keep_alive_package_builder(number,random,tail,type=1,first=FSEO靠我alse):data = \x07+ chr(number) + \x28\x00\x0b + chr(type)if first :data += \x0f\x27else:data += KEEPSEO靠我_ALIVE_VERSIONdata += \x2f\x12 + \x00 * 6data += taildata += \x00 * 4#data += struct.pack("!H",0xdc0SEO靠我2)if type == 3:foo = .join([chr(int(i)) for i in host_ip.split(.)]) # host_ip#CRC# edited on 2014/5/SEO靠我12, filled zeros to checksum# crc = packet_CRC(data+foo)crc = \x00 * 4#data += struct.pack("!I",crc)SEO靠我 + foo + \x00 * 8data += crc + foo + \x00 * 8else: #packet type = 1data += \x00 * 16return data# defSEO靠我 packet_CRC(s): # ret = 0 # for i in re.findall(.., s): # ret ^= struct.unpaSEO靠我ck(>h, i)[0] # ret &= 0xFFFF # ret = ret * 0x2c7 # return retdef keep_alive2SEO靠我(*args):#first keep_alive:#number = number (mod 7)#status = 1: first packet user sended# 2: first paSEO靠我cket user recieved# 3: 2nd packet user sended# 4: 2nd packet user recieved# Codes for testtail = pacSEO靠我ket = svr = serverran = random.randint(0,0xFFFF)ran += random.randint(1,10) # 2014/10/15 add by latySEO靠我as, maybe svr sends back a file packetsvr_num = 0packet = keep_alive_package_builder(svr_num,dump(raSEO靠我n),\x00*4,1,True)while True:log([keep-alive2] send1,packet.encode(hex))s.sendto(packet, (svr, 61440)SEO靠我)data, address = s.recvfrom(1024)log([keep-alive2] recv1,data.encode(hex))if data.startswith(\x07\x0SEO靠我0\x28\x00) or data.startswith(\x07 + chr(svr_num) + \x28\x00):breakelif data[0] == \x07 and data[2] SEO靠我== \x10:log([keep-alive2] recv file, resending..)svr_num = svr_num + 1# packet = keep_alive_package_SEO靠我builder(svr_num,dump(ran),\x00*4,1, False)breakelse:log([keep-alive2] recv1/unexpected,data.encode(hSEO靠我ex))#log([keep-alive2] recv1,data.encode(hex))ran += random.randint(1,10) packet = keep_alive_packagSEO靠我e_builder(svr_num, dump(ran),\x00*4,1,False)log([keep-alive2] send2,packet.encode(hex))s.sendto(packSEO靠我et, (svr, 61440))while True:data, address = s.recvfrom(1024)if data[0] == \x07:svr_num = svr_num + 1SEO靠我breakelse:log([keep-alive2] recv2/unexpected,data.encode(hex))log([keep-alive2] recv2,data.encode(heSEO靠我x))tail = data[16:20]ran += random.randint(1,10) packet = keep_alive_package_builder(svr_num,dump(raSEO靠我n),tail,3,False)log([keep-alive2] send3,packet.encode(hex))s.sendto(packet, (svr, 61440))while True:SEO靠我data, address = s.recvfrom(1024)if data[0] == \x07:svr_num = svr_num + 1breakelse:log([keep-alive2] SEO靠我recv3/unexpected,data.encode(hex))log([keep-alive2] recv3,data.encode(hex))tail = data[16:20]log("[kSEO靠我eep-alive2] keep-alive2 loop was in daemon.")i = svr_numwhile True:try:time.sleep(20)keep_alive1(*arSEO靠我gs)ran += random.randint(1,10) packet = keep_alive_package_builder(i,dump(ran),tail,1,False)#log(DEBSEO靠我UG: keep_alive2,packet 4\n,packet.encode(hex))log([keep_alive2] send,str(i),packet.encode(hex))s.senSEO靠我dto(packet, (svr, 61440))data, address = s.recvfrom(1024)log([keep_alive2] recv,data.encode(hex))taiSEO靠我l = data[16:20]#log(DEBUG: keep_alive2,packet 4 return\n,data.encode(hex))ran += random.randint(1,10SEO靠我) packet = keep_alive_package_builder(i+1,dump(ran),tail,3,False)#log(DEBUG: keep_alive2,packet 5\n,SEO靠我packet.encode(hex))s.sendto(packet, (svr, 61440))log([keep_alive2] send,str(i+1),packet.encode(hex))SEO靠我data, address = s.recvfrom(1024)log([keep_alive2] recv,data.encode(hex))tail = data[16:20]#log(DEBUGSEO靠我: keep_alive2,packet 5 return\n,data.encode(hex))i = (i+2) % 0xFFexcept:breakdef checksum(s):ret = 1SEO靠我234x = 0for i in [x*4 for x in range(0, -(-len(s)//4))]:ret ^= int(s[i:i+4].ljust(4, \x00)[::-1].encSEO靠我ode(hex), 16)ret = (1968 * ret) & 0xffffffffreturn struct.pack(<I, ret)def mkpkt(salt, usr, pwd, macSEO靠我):struct _tagLoginPacket{struct _tagDrCOMHeader Header;unsigned char PasswordMd5[MD5_LEN];char AccouSEO靠我nt[ACCOUNT_MAX_LEN];unsigned char ControlCheckStatus;unsigned char AdapterNum;unsigned char MacAddrXSEO靠我ORPasswordMD5[MAC_LEN];unsigned char PasswordMd5_2[MD5_LEN];unsigned char HostIpNum;unsigned int HosSEO靠我tIPList[HOST_MAX_IP_NUM];unsigned char HalfMD5[8];unsigned char DogFlag;unsigned int unkown2;struct SEO靠我_tagHostInfo HostInfo;unsigned char ClientVerInfoAndInternetMode;unsigned char DogVersion;};data = \SEO靠我x03\x01\x00 + chr(len(usr) + 20)data += md5sum(\x03\x01 + salt + pwd)data += usr.ljust(36, \x00)dataSEO靠我 += CONTROLCHECKSTATUSdata += ADAPTERNUMdata += dump(int(data[4:10].encode(hex),16)^mac).rjust(6, \xSEO靠我00) #mac xor md51data += md5sum("\x01" + pwd + salt + \x00 * 4) #md52data += \x01 # number of ipdataSEO靠我 += .join([chr(int(i)) for i in host_ip.split(.)]) #x.x.x.x -> data += \00 * 4 #your ipaddress 2dataSEO靠我 += \00 * 4 #your ipaddress 3data += \00 * 4 #your ipaddress 4data += md5sum(data + \x14\x00\x07\x0BSEO靠我)[:8] #md53data += IPDOGdata += \x00*4 # unknown2struct _tagOSVERSIONINFO{unsigned int OSVersionInfoSEO靠我Size;unsigned int MajorVersion;unsigned int MinorVersion;unsigned int BuildNumber;unsigned int PlatfSEO靠我ormID;char ServicePack[128];};struct _tagHostInfo{char HostName[HOST_NAME_MAX_LEN];unsigned int DNSISEO靠我P1;unsigned int DHCPServerIP;unsigned int DNSIP2;unsigned int WINSIP1;unsigned int WINSIP2;struct _tSEO靠我agDrCOM_OSVERSIONINFO OSVersion;};data += host_name.ljust(32, \x00) # _tagHostInfo.HostNamedata += .SEO靠我join([chr(int(i)) for i in PRIMARY_DNS.split(.)]) # _tagHostInfo.DNSIP1data += .join([chr(int(i)) foSEO靠我r i in dhcp_server.split(.)]) # _tagHostInfo.DHCPServerIPdata += \x00\x00\x00\x00 # _tagHostInfo.DNSSEO靠我IP2data += \x00 * 4 # _tagHostInfo.WINSIP1data += \x00 * 4 # _tagHostInfo.WINSIP2data += \x94\x00\x0SEO靠我0\x00 # _tagHostInfo.OSVersion.OSVersionInfoSizedata += \x05\x00\x00\x00 # _tagHostInfo.OSVersion.MaSEO靠我jorVersiondata += \x01\x00\x00\x00 # _tagHostInfo.OSVersion.MinorVersiondata += \x28\x0A\x00\x00 # _SEO靠我tagHostInfo.OSVersion.BuildNumberdata += \x02\x00\x00\x00 # _tagHostInfo.OSVersion.PlatformID# _tagHSEO靠我ostInfo.OSVersion.ServicePackdata += host_os.ljust(32, \x00)data += \x00 * 96# END OF _tagHostInfodaSEO靠我ta += AUTH_VERSIONif ror_version:struct _tagLDAPAuth{unsigned char Code;unsigned char PasswordLen;unSEO靠我signed char Password[MD5_LEN];};data += \x00 # _tagLDAPAuth.Codedata += chr(len(pwd)) # _tagLDAPAuthSEO靠我.PasswordLendata += ror(md5sum(\x03\x01 + salt + pwd), pwd) # _tagLDAPAuth.Passwordstruct _tagDrcomASEO靠我uthExtData{unsigned char Code;unsigned char Len;unsigned long CRC;unsigned short Option;unsigned chaSEO靠我r AdapterAddress[MAC_LEN];};data += \x02 # _tagDrcomAuthExtData.Codedata += \x0C # _tagDrcomAuthExtDSEO靠我ata.Lendata += checksum(data + \x01\x26\x07\x11\x00\x00 + dump(mac)) # _tagDrcomAuthExtData.CRCdata SEO靠我+= \x00\x00 # _tagDrcomAuthExtData.Optiondata += dump(mac) # _tagDrcomAuthExtData.AdapterAddress# ENSEO靠我D OF _tagDrcomAuthExtDataif ror_version:data += \x00 * (8 - len(pwd))if len(pwd)%2:data += \x00else:SEO靠我data += \x00 # auto logout / default: Falsedata += \x00 # broadcast mode / default : Falsedata += \xSEO靠我E9\x13 #unknown, filled numbers randomly =w=log([mkpkt],data.encode(hex))return datadef login(usr, pSEO靠我wd, svr):global SALTglobal AUTH_INFOi = 0timeoutcount = 0while True:salt = challenge(svr,time.time()SEO靠我+random.randint(0xF,0xFF))SALT = saltpacket = mkpkt(salt, usr, pwd, mac)log([login] send,packet.encoSEO靠我de(hex))s.sendto(packet, (svr, 61440))log([login] packet sent.)try:data, address = s.recvfrom(1024)lSEO靠我og([login] recv,data.encode(hex))if address == (svr, 61440) :if data[0] == \x04:log([login] loged inSEO靠我)AUTH_INFO = data[23:39]breakelse:log([login] login failed.)if IS_TEST:time.sleep(3)else:time.sleep(SEO靠我30)continueelse:if i >= 5 and UNLIMITED_RETRY == False :log([login] exception occured.)sys.exit(1)elSEO靠我se:i += 1continueexcept socket.timeout as e:print(e)log([login] recv timeout.)timeoutcount += 1if tiSEO靠我meoutcount >= 5:log([login] recv timeout exception occured 5 times.)sys.exit(1)else:continuelog([logSEO靠我in] login sent)#0.8 changed:return data[23:39]#return data[-22:-6]def logout(usr, pwd, svr, mac, autSEO靠我h_info):salt = challenge(svr, time.time()+random.randint(0xF, 0xFF))if salt:data = \x06\x01\x00 + chSEO靠我r(len(usr) + 20)data += md5sum(\x03\x01 + salt + pwd)data += usr.ljust(36, \x00)data += CONTROLCHECKSEO靠我STATUSdata += ADAPTERNUMdata += dump(int(data[4:10].encode(hex),16)^mac).rjust(6, \x00)# data += \x4SEO靠我4\x72\x63\x6F # Drcodata += auth_infos.send(data)data, address = s.recvfrom(1024)if data[:1] == \x04SEO靠我:log([logout_auth] logouted.)def keep_alive1(salt,tail,pwd,svr):if keep_alive1_mod:res=while True:s.SEO靠我sendto(\x07 + struct.pack(!B,int(time.time())%0xFF) + \x08\x00\x01\x00\x00\x00, (svr, 61440))log([keSEO靠我ep_alive1_challenge] keep_alive1_challenge packet sent.)try:res, address = s.recvfrom(1024)log([keepSEO靠我_alive1_challenge] recv, res.encode(hex))except:log([keep_alive1_challenge] timeout, retrying...)conSEO靠我tinueif address == (svr, 61440):if res[0] == \x07:breakelse:raise ChallengeExceptionelse:continueseeSEO靠我d = res[8:12]# encrypt_type = int(res[5].encode(hex))encrypt_type = struct.unpack(<I, seed)[0] & 3crSEO靠我c = gen_crc(seed, encrypt_type)data = \xFF + \x00*7 + seed + crc + tail + struct.pack(!H, int(time.tSEO靠我ime())%0xFFFF)log([keep_alive1] send, data.encode(hex))s.sendto(data, (svr, 61440))while True:res, aSEO靠我ddress = s.recvfrom(1024)if res[0] == \x07:breakelse:log([keep-alive1]recv/not expected, res.encode(SEO靠我hex))log([keep-alive1]recv, res.encode(hex))else:foo = struct.pack(!H,int(time.time())%0xFFFF)data =SEO靠我 \xff + md5sum(\x03\x01+salt+pwd) + \x00\x00\x00data += taildata += foo + \x00\x00\x00\x00log([keep_SEO靠我alive1] send,data.encode(hex))s.sendto(data, (svr, 61440))while True:data, address = s.recvfrom(1024SEO靠我)if data[0] == \x07:breakelse:log([keep-alive1]recv/not expected,data.encode(hex))log([keep-alive1] SEO靠我recv, data.encode(hex))def empty_socket_buffer(): #empty buffer for some fucking schoolslog(SEO靠我starting to empty socket buffer)try:while True:data, address = s.recvfrom(1024)log(recived sth unexpSEO靠我ected,data.encode(hex))if s == :breakexcept:# get exception means it has done.log(exception in emptySEO靠我_socket_buffer)passlog(emptyed) def daemon():with open(/var/run/jludrcom.pid,w) as f:f.writeSEO靠我(str(os.getpid()))def main():if not IS_TEST:daemon()execfile(CONF, globals())log("auth svr: " + servSEO靠我er + "\nusername: " + username + "\npassword: " + password + "\nmac: " + str(hex(mac))[:-1])log("binSEO靠我d ip: " + bind_ip)while True:try:package_tail = login(username, password, server)except LoginExceptiSEO靠我on:continuelog(package_tail,package_tail.encode(hex))#keep_alive1 is fucking bullshit!empty_socket_bSEO靠我uffer()keep_alive1(SALT,package_tail,password,server)keep_alive2(SALT,package_tail,password,server)iSEO靠我f __name__ == "__main__":main()

2.drcom_d_config.py 和 latest-wired.py 和 dr.pcapng 放入同一个文件夹中

3.在文件夹下运行命SEO靠我令python drcom_d_config.py > config.txt生成config.txt文件

4.用Notepad++打开config.txt（为避免不必要的麻烦，以下操作所有的文件全部用它SEO靠我）得到的内容是类似这样的：

server = "192.168.100.150" username = "" password = "" host_namSEO靠我e = "LIYUANYUAN" host_os = "8089D" host_ip = "10.30.22.17" PRIMARY_DNS = "11SEO靠我4.114.114.114" dhcp_server = "0.0.0.0" mac = 0xb888e3051680 CONTROLCHECKSTATSEO靠我US = \x20 ADAPTERNUM = \x01 KEEP_ALIVE_VERSION = \xdc\x02

5.全选复制config.txt的所有内容，关闭，并把SEO靠我config.txt重命名为drcom.conf（不要忘记填写账号和密码）

6.测试是否可以使用，运行命令行python latest-wired.py，看看能不能上网。可以的话，就说明抓包没错。

四、编SEO靠我译固件

1.下载github上项目文件（https://github.com/Editblog/dogcom）

2.修改Makefilef中第一行的gcc为arm-linux-gcc，将编译方式改为交叉编SEO靠我译

3.在有交叉编译环境的linux系统下进行编译，进入文件夹执行make编译固件

4.将步骤三得到的drcom.conf与编译后得到的dogcom拷贝到嵌入式板子上，利用命令行./dogcom -m dSEO靠我hcp -c drcom.conf -v -e测试，出现类似步骤三中现象即可上网。我测试使用的是粤嵌GEC6818开发板，按照以上步骤完全可以使用。