我正在尝试使用Binwalk提取IpCam bin固件。我已经成功地为WebUI完成了此操作,但是固件本身却无法运行。 br />
WebUI:CH-app-EN53.8.1.13_VSTARCAM.zip


问题:仅提取“ sysversion.txt,有点轻:)。

文件:

ron@vpsXXXXXX:~/firmware$ ls
CH-sys-48.53.64.67.zip


ron@vpsXXXXXX:~/firmware$ binwalk CH-sys-48.53.64.67.zip

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Zip archive data, at least v2.0 to extract, compressed size: 605571, uncompressed size: 612699, name: CH-sys-48.53.64.67.bin
605717        0x93E15         End of Zip archive

ron@vpsXXXXXX:~/firmware$ file CH-sys-48.53.64.67.zip
CH-sys-48.53.64.67.zip: Zip archive data, at least v2.0 to extract
ron@vpsXXXXXX:~/firmware$ unzip CH-sys-48.53.64.67.zip
Archive:  CH-sys-48.53.64.67.zip
  inflating: CH-sys-48.53.64.67.bin


人行道提取:

ron@vpsXXXXXX:~/firmware$ binwalk CH-sys-48.53.64.67.bin

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
172           0xAC            Zip archive data, at least v2.0 to extract, compressed size: 8969, uncompressed size: 19091, name: system/system/lib/libsns_gc1004.so
9337          0x2479          End of Zip archive
9499          0x251B          Zip archive data, at least v2.0 to extract, compressed size: 7813, uncompressed size: 16341, name: system/system/lib/libsns_ov9712_plus.so
17518         0x446E          End of Zip archive
17680         0x4510          Zip archive data, at least v2.0 to extract, compressed size: 90121, uncompressed size: 353248, name: system/system/lib/libOnvif.so
107987        0x1A5D3         End of Zip archive
108149        0x1A675         Zip archive data, at least v2.0 to extract, compressed size: 43603, uncompressed size: 84480, name: system/system/lib/libvoice_arm.so
151946        0x2518A         End of Zip archive
152108        0x2522C         Zip archive data, at least v2.0 to extract, compressed size: 130, uncompressed size: 227, name: system/init/ipcam.sh
152406        0x25356         End of Zip archive
152568        0x253F8         Zip archive data, at least v2.0 to extract, compressed size: 402383, uncompressed size: 886168, name: system/system/bin/encoder
555129        0x87879         End of Zip archive
555291        0x8791B         Zip archive data, at least v2.0 to extract, compressed size: 35394, uncompressed size: 74200, name: system/system/bin/wifidaemon
590869        0x90415         End of Zip archive
591031        0x904B7         Zip archive data, at least v2.0 to extract, compressed size: 1852, uncompressed size: 9692, name: system/system/bin/grade.sh
593063        0x90CA7         End of Zip archive
593225        0x90D49         Zip archive data, at least v2.0 to extract, compressed size: 8704, uncompressed size: 20212, name: system/system/bin/updata
602105        0x92FF9         End of Zip archive
602267        0x9309B         Zip archive data, at least v2.0 to extract, compressed size: 1874, uncompressed size: 4522, name: system/system/bin/gpio_aplink.ko
604333        0x938AD         End of Zip archive
604495        0x9394F         Zip archive data, at least v2.0 to extract, compressed size: 7241, uncompressed size: 16802, name: system/system/bin/motogpio.ko
611922        0x95652         End of Zip archive
612084        0x956F4         Zip archive data, at least v1.0 to extract, compressed size: 8, uncompressed size: 8, name: system/system/bin/fwversion.bin
612282        0x957BA         End of Zip archive
612444        0x9585C         Zip archive data, at least v1.0 to extract, compressed size: 9, uncompressed size: 9, name: system/system/bin/sysversion.txt
612645        0x95925         End of Zip archive


仅提取了一个目标文件...

快速浏览标题:

ron@vpsXXXXXX:~/firmware$ binwalk -Mer CH-sys-48.53.64.67.bin

Scan Time:     2016-01-19 00:36:12
Target File:   /home/ron/firmware/CH-sys-48.53.64.67.bin
MD5 Checksum:  58df9214226cfe46760215bfca0c496c
Signatures:    344

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
172           0xAC            Zip archive data, at least v2.0 to extract, compressed size: 8969, uncompressed size: 19091, name: system/system/lib/libsns_gc1004.so
9337          0x2479          End of Zip archive
9499          0x251B          Zip archive data, at least v2.0 to extract, compressed size: 7813, uncompressed size: 16341, name: system/system/lib/libsns_ov9712_plus.so
17518         0x446E          End of Zip archive
17680         0x4510          Zip archive data, at least v2.0 to extract, compressed size: 90121, uncompressed size: 353248, name: system/system/lib/libOnvif.so
107987        0x1A5D3         End of Zip archive
108149        0x1A675         Zip archive data, at least v2.0 to extract, compressed size: 43603, uncompressed size: 84480, name: system/system/lib/libvoice_arm.so
151946        0x2518A         End of Zip archive
152108        0x2522C         Zip archive data, at least v2.0 to extract, compressed size: 130, uncompressed size: 227, name: system/init/ipcam.sh
152406        0x25356         End of Zip archive
152568        0x253F8         Zip archive data, at least v2.0 to extract, compressed size: 402383, uncompressed size: 886168, name: system/system/bin/encoder
555129        0x87879         End of Zip archive
555291        0x8791B         Zip archive data, at least v2.0 to extract, compressed size: 35394, uncompressed size: 74200, name: system/system/bin/wifidaemon
590869        0x90415         End of Zip archive
591031        0x904B7         Zip archive data, at least v2.0 to extract, compressed size: 1852, uncompressed size: 9692, name: system/system/bin/grade.sh
593063        0x90CA7         End of Zip archive
593225        0x90D49         Zip archive data, at least v2.0 to extract, compressed size: 8704, uncompressed size: 20212, name: system/system/bin/updata
602105        0x92FF9         End of Zip archive
602267        0x9309B         Zip archive data, at least v2.0 to extract, compressed size: 1874, uncompressed size: 4522, name: system/system/bin/gpio_aplink.ko
604333        0x938AD         End of Zip archive
604495        0x9394F         Zip archive data, at least v2.0 to extract, compressed size: 7241, uncompressed size: 16802, name: system/system/bin/motogpio.ko
611922        0x95652         End of Zip archive
612084        0x956F4         Zip archive data, at least v1.0 to extract, compressed size: 8, uncompressed size: 8, name: system/system/bin/fwversion.bin
612282        0x957BA         End of Zip archive
612444        0x9585C         Zip archive data, at least v1.0 to extract, compressed size: 9, uncompressed size: 9, name: system/system/bin/sysversion.txt
612645        0x95925         End of Zip archive


Scan Time:     2016-01-19 00:36:12
Target File:   /home/ron/firmware/_CH-sys-48.53.64.67.bin.extracted/system/system/bin/sysversion.txt
MD5 Checksum:  3e98d83fbced8eb62c79542f5df5a14f
Signatures:    344

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------


知道为什么我不能提取所有内容吗?

谢谢!

罗南

#1 楼

尽管我的binwalk版本将文件和仅包含system的zip文件正确地提取到了sysversion.txt文件夹中,但我还是简短地描述了为什么在存档文件中仅看到sysversion.txt。并且binwalk不知道这些文件的确切大小。因此,它可以基于PK魔术来正确识别PKZIP文件的开头,但是在不知道正确文件大小的情况下,它将剩余字节提取到创建的ZIP文件中。因为PKZIP格式的中央目录结构存储在ZIP文件的末尾,所以在压缩数据和提取的ZIP文件以sysversion.txt.zip结尾之后,文件查看器或解压缩器可能会找到最后一个ZIP文件的中央目录。 >
要解决此问题,您可以检查找到ZIP文件的文件夹中的系统文件夹,也可以手动提取文件。
如果查看CH-sys-48.53.64.67.bin文件的开头,您会发现它具有简单的结构。它以魔术字符串(图片中标记为蓝色)开头。下一个元素是0x40字节长的目录名称(标有黄色),后跟0x40字节长的文件名条目(标有绿色)。在文件名之后,您将找到文件的大小(标有紫色),一些标志和二进制内容(标有灰色的二进制文件的开头)。



根据这些信息,您可以编写一个简单的脚本,该脚本可以正确提取文件,例如:

import sys
import struct

if (len(sys.argv) < 2):
    print 'usage: parse binary'
    sys.exit(1)

b = open(sys.argv[1], 'rb').read()
o = 0x20
while(o < len(b)-0x20):
    dir = b[o:o+0x40].strip('\x00')
    fname = b[o+0x40:o+0x80].strip('\x00')
    size = struct.unpack('L', b[o+0x80:o+0x84])[0]
    unk1 = struct.unpack('L', b[o+0x84:o+0x88])[0]
    unk2 = struct.unpack('L', b[o+0x88:o+0x8c])[0]
    print '%x, %s, %s: %x, %x, %x'%(o, dir, fname, size, unk1, unk2)
    open(fname, 'wb').write(b[o+0x8c:o+0x8c+size])
    o += 0x8c+size


评论


Binwalk 2.0.0完美地完成了2.1.1失败的工作。

–罗南
16年1月21日在23:44



嗨,我想说的是,我使用Binwalk 2.1.1提取了类似的固件,并且工作得很好,唯一的奇怪的是,它添加了一堆十六进制的zip文件,其中没有任何内容,而实际上只是每个文件头打包的zip文件。不过,感谢您反转标头,非常有帮助!

–redcodefinal
19年3月19日在13:17