所以我有Zyxel路由器P-660HW-T3 v3的rom-0文件,我想解压缩它,我尝试了很多工具,其中一个可以在这里找到使用lzs解压缩的工具,该工具适用于rom-0文件(较小的文件大约16 kB),但在我的文件上则没有,我的文件大约50 kB并且几乎没有差异。这是“正常”文件


00000000  01 01 00 01 19 48 64 62  67 61 72 65 61 00 00 00  |.....Hdbgarea...|
00000010  00 00 00 00 18 00 00 00  01 48 00 00 00 00 00 00  |.........H......|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000160  00 00 00 00 00 00 00 00  52 ca c0 ea de ad be af  |........R.......|
00000170  00 00 00 0e 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  05 03 00 ad 52 c9 a4 e5  80 46 e7 50 ff ff a1 f4  |....R....F.P....|
00000190  00 00 00 19 00 00 00 00  05 03 00 d4 52 c9 a4 e5  |............R...|
000001a0  80 46 e7 50 ff ff 9e 08  00 00 00 64 80 09 89 ac  |.F.P.......d....|
000001b0  04 03 00 d5 52 c9 bb 21  80 46 eb b8 ff ff a2 30  |....R..!.F.....0|
000001c0  00 09 3a c9 00 00 00 00  04 03 00 d6 52 c9 bb 21  |..:.........R..!|
000001d0  80 46 eb b8 ff ff a2 2f  00 09 3a c9 00 00 00 00  |.F...../..:.....|
000001e0  04 03 00 d7 52 c9 ba 49  80 46 eb b8 ff ff a2 35  |....R..I.F.....5|
000001f0  52 c9 ba 49 00 00 00 00  04 03 00 d8 52 c9 ba 49  |R..I........R..I|





00000410  80 46 e7 50 ff ff 9e 08  00 00 00 64 80 09 8b 3c  |.F.P.......d...<|
00000420  55 55 55 55 00 00 00 00  00 00 00 00 00 00 00 00  |UUUU............|
00000430  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000006d0  00 00 00 00 55 55 55 55  00 00 00 00 80 41 00 00  |....UUUU.....A..|
000006e0  00 00 00 00 00 00 00 0e  00 00 00 00 00 00 00 01  |................|
000006f0  00 00 00 00 ff ff ff fe  00 00 ff 14 00 00 00 01  |................|
00000700  00 00 00 30 00 00 00 01  80 45 cc f0 00 00 00 01  |...0.....E......|
00000710  00 00 00 01 00 00 00 63  80 41 4c 78 00 00 00 01  |.......c.ALx....|




00002000  02 94 00 03 1f fc 62 6f  6f 74 00 00 00 00 00 00  |......boot......|
00002010  00 00 00 00 00 20 00 0c  01 48 73 70 74 2e 64 61  |..... ...Hspt.da|
00002020  74 00 00 00 00 00 00 00  1a b0 13 52 01 68 61 75  |t..........R.hau|
00002030  74 6f 65 78 65 63 2e 6e  65 74 00 00 01 f4 01 dc  |toexec.net......|
00002040  1c 18 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00002050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

这里是我的

00000000  01 01 00 01 00 00 19 48  64 62 67 61 72 65 61 00  |.......Hdbgarea.|
00000010  00 00 00 00 00 00 00 00  18 00 00 00 00 00 00 00  |................|
00000020  01 48 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |.H..............|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 00 00 00 05  00 00 00 01 00 00 00 02  |................|
00000160  00 00 00 03 00 00 00 01  00 00 00 00 de ad be af  |................|
00000170  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000180  03 03 00 30 38 6d 46 1a  00 00 00 18 ff ff a1 f4  |...08mF.........|
00000190  00 00 00 01 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  05 03 00 5c 38 6d 46 1a  |...........mF.|
000001c0  00 00 00 18 ff ff 9e 08  00 00 00 64 80 09 e0 5c  |...........d...\|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  05 03 00 32 38 6d 46 2a  00 00 00 20 ff ff a1 f4  |...28mF*... ....|
00000200  00 00 00 03 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000220  00 00 00 00 00 00 00 00  04 03 00 5d 38 6d 46 2a  |...........]8mF*|
00000230  00 00 00 20 ff ff a2 29  00 00 00 00 00 00 00 00  |... ...)........|
00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|





00000ea0  04 03 00 2e 38 6d 45 ee  00 00 00 20 ff ff a1 f4  |....8mE.... ....|
00000eb0  00 00 00 0b 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000ec0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000ed0  00 00 00 00 00 00 00 00  04 03 00 59 38 6d 45 ee  |...........Y8mE.|
00000ee0  00 00 00 20 ff ff a2 33  00 00 00 00 00 00 00 00  |... ...3........|
00000ef0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000f10  04 03 00 5a 38 6d 45 ee  00 00 00 20 ff ff a2 2e  |...Z8mE.... ....|
00000f20  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000f40  00 00 00 00 00 00 00 00  03 03 00 5b 38 6d 45 f7  |...........[8mE.|
00000f50  00 00 00 15 ff ff a5 fc  ff ff f4 47 80 9a e2 98  |...........G....|
00000f60  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000f80  55 55 55 55 00 00 00 00  00 00 00 00 00 00 00 00  |UUUU............|
00000f90  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001b90  00 00 00 00 55 55 55 55  00 00 00 00 ff ff ff ff  |....UUUU........|
00001ba0  00 00 00 02 00 00 00 00  00 00 00 00 00 00 00 00  |................|





00001fd0  80 7a 00 00 bf c0 5f 90  80 66 00 00 00 00 00 00  |.z...._..f......|
00001fe0  80 5e 05 b4 80 40 11 c8  00 00 00 00 00 00 00 00  |.^...@..........|
00001ff0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00002000  02 c8 00 03 00 00 9f fc  62 6f 6f 74 00 00 00 00  |........boot....|
00002010  00 00 00 00 00 00 00 00  00 20 00 00 00 0c 00 00  |......... ......|
00002020  01 48 73 70 74 2e 64 61  74 00 00 00 00 00 00 00  |.Hspt.dat.......|
00002030  00 00 9a b0 00 00 3f 6c  00 00 01 68 61 75 74 6f  |......?l...hauto|
00002040  65 78 65 63 2e 6e 65 74  00 00 00 00 01 f4 00 00  |exec.net........|
00002050  01 52 00 00 9c 18 00 00  00 00 00 00 00 00 00 00  |.R..............|
00002060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|


如上所示,我分离了文件的某些部分,所以Binwalk在“普通”文件上说了什么LZMA标头“不正确”,无法解压缩,也许它的修改不知道,因此文件具有dbgarea,spt.dat,autoexec.net标准块,但是它是否与“修改过的” lzs相提并论?您能告诉我们吗?


RE代表“旧” rom-0



所以我看到righnt现在“无济于事”,所以我将发布整个文件,以便您可以看到整个图片

我限制在30000以内字符,所以这是文件的链接
http://pastebin.com/2X00B6rJ谁能帮助我“揭示”他们对lzs压缩所做的(更改),我想它是lzs

许多建议,欢呼

评论

自上次我玩ZynOS rom以来已经有一段时间了,但是他们通常将旧的LZMA算法用于ARM设备(取决于您要解压缩的LZMA版本可能会失败,请尝试下载+构建+使用官方LZMA版本,而不是Linux发行版随附的版本)或MIPS的BZ2版本。也许是另一回事了;抱歉,我现在不记得了:/
您认为它是LZMA的修改版本还是旧版本?有趣的是,我会确定尝试的,请咨询tnx
嗯...顺便说一句,我下载了该设备的固件,但就我而言,它不是LZMA而是BZ :?是您的P-660HW-T3_340UU7C0吗?
我找不到后面的数字:D型号:P-660HW-T3 v3 ZyNOS固件版本:V3.70(BYO.0)如果您喜欢查看,可以将其发送给您
当然:joxeankoret.com/contact.html

#1 楼

它使用LZS(Lempel-Ziv-Stack)压缩。

我正尝试以pythonic方式提取密码,足以看一下这个shell脚本和一小段C代码:

shell + C解决方案

用python提取LZS的方法

并在同一python脚本中替换'dd'用法: >导入sys
fpos = 8568
fend = 8788
fhandle = file(fname)
fhandle.seek(fpos)
chunk =“ *”
amount = 221
而fpos 如果fend-fpos <数量:
amount = fend-fpos
块= fhandle.read(amount) = len(chunk)
返回块

取rom-0,用切刀切割,然后提取结果LZS ....

#2 楼

它使用LZS(Lempel-Ziv-Stack)压缩。

我正尝试以pythonic方式提取密码,足以看一下这个shell脚本和一小段C代码:

shell + C解决方案

用python提取LZS的方法

并在相同的python脚本中替换'dd'用法:取rom-0,用切刀切开,然后提取结果LZS。...