Menu

Firmware_extraction

anonim641

Firmware extraction

Currently, i know how to extract only two parts of firmware (linux rootfs image and jffs2 partition used by it).

Linuxrf

Delivered as .blr file (example: Sagem3202_2402E2.blr)

It's 256 bytes long header and standard cramfs image:

alternate text

Red part is cramfs image size (also, included in cramfs header by itself).

Green part is crc32A hash(1) of cramfs image(it's in reversed order - for "01 02 03 04" it would be "04 03 02 01"),

Purple is release description.

After it comes cramfs image.

Unpacking

You need cramfs tools

# dd if=Sagem3202_2402E2.blr of=a.bin skip=1 ibs=256
# cramfsck -x ./1 ./a.bin

Repacking

# mkcramfs ./1 ./mfi.bin
# dd if=Sagem3202_2402E2.blr of=header.bin count=1 ibs=256
# cat header.bin mfi.bin > mfi.blr

After performing these steps it's needed to fix cramfs size and checksum manually in header of mfi.blr file(using hex editor).

Linuxjf

Delivered as .blj file (example: Sagem3202_2402E2.blj)

It seems to be standard jffs2 image mountable with avialable tools.

1.Sample code for generating hash:

<?php
echo hash_file('crc32', 'file.bin');
?>

Related

Wiki: Home