作为学习打包固件的一种有趣的方式,我尝试为所附的入门级Tektronix函数发生器固件解压缩最新的固件。我已阅读了论坛并安装了REMnux VM。我也曾使用过XOR Cracker网站。 XOR模式,最有可能是94 94 90 a1 91 89 9192。

我也研究了有关Malwarebytes的出色信息
我找不到有意义的字符串,也无法使binwalk对已保存的文件有任何意义。

我缺少什么吗?有人可以建议其他任何方法来产生未固定文件吗?

#1 楼

它只是加法/减法(256模)。

#!/usr/bin/python3
# These key bytes are the two's complement of the hex sequence mentioned in the question.
# The string appears twice in the decrypted blob, which makes me think it's what is used.
key = [ord(n) for n in "llp_owon"]

with open("AFG1022_V1.2.4.tfb", "rb") as infile:
  data = infile.read()
outdata=bytearray()
for n in range(0, len(data)):
  outdata.append((data[n]+key[n%len(key)])&0xff)
with open("decrypted.bin", "wb") as outfile:
  outfile.write(outdata)


编辑:一些额外的信息: