DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
64613 0xFC65 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
663307 0xA1F0B LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
1277775 0x137F4F VMware4 disk image
1419798 0x15AA16 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
2167742 0x2113BE LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
2966631 0x2D4467 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
3649662 0x37B07E LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
4619541 0x467D15 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
5626408 0x55DA28 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
6526915 0x6397C3 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
7352076 0x702F0C LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
8028944 0x7A8310 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
8790601 0x862249 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
9628455 0x92EB27 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
10380524 0x9E64EC LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
11136805 0xA9EF25 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
11917494 0xB5D8B6 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
12590672 0xC01E50 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
13354487 0xCBC5F7 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
13954117 0xD4EC45 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
13955290 0xD4F0DA uImage header, header size: 64 bytes, header CRC: 0xED8A6EC8, created: 2013-08-16 11:32:36, image size: 2369813 bytes, Data Address: 0x80010000, Entry Point: 0x80014110, data CRC: 0xB66029EE, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: gzip, image name: "Linux Kernel Image"
13955354 0xD4F11A gzip compressed data, maximum compression, from Unix, NULL date (1970-01-01 00:00:00)
16325167 0xF91A2F LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
16476952 0xFB6B18 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
#1 楼
所有LZMA条目似乎都是有效的,并已解压缩到tar归档文件中(-1是有效文件大小,在压缩程序不知道原始数据大小时(例如,通过stdin传递数据时)使用) ..尽管大多数文件的tar文件名都是相同的(“ tmp_file”),但未压缩的数据却不同。那里似乎有一个UBIFS文件系统,以及大量的纯文本shell脚本等:
与UBIFS合作,也许这里的其他人有一些建议?
#2 楼
首先,我要说的是,由于我没有时间完全提取它,所以我只写了部分解决方案。肯定,但是文件的开头似乎确实是lzma压缩的。最简单的检查方法(就是我所做的)是使用十六进制编辑器查看它,如果标头正常,请尝试解压缩。解压的结果:
此外,固件似乎包括几个部分,其中包含风河linux:“ C:(风河Linux Sourcery G ++ 4.4a-323)4.4.1”可以在此处阅读类似内容:
http://www.devttys0.com/2011/07/reverse-engineering-vxworks-firmware-wrt54gv8/
评论
谢谢。是的,看起来有些东西已通过“ lzma -d”解压缩,文件大小从16726547更改为20766720字节。 “文件”实用程序将解压缩的文件标识为TAR文件,而“ tar -x”提取“ tmp_file”(仅720896字节)。如果我使用“ binwalk -e”,它将提取更多的块。我还没有进步很多,但我会继续努力。再次感谢。
–莫里斯
15年6月29日在23:49
此框中的所有阿尔卡特制造的可执行文件都包含此字符串。
– EDP
15年12月23日在9:01
评论
最近,我一直在忙于使用这种ONT模型,只是为了在Motive工具集之外启用一些远程控制。自发布以来您走了多远?