2009-04-28 05:11:05     PLS help to explain the format of this bf547 firmware

Document created by Aaronwu Employee on Aug 15, 2013
Version 1Show Document
  • View in full screen mode

2009-04-28 05:11:05     PLS help to explain the format of this bf547 firmware

thriller ty (AFGHANISTAN)

Message: 73349   

 

Hi, following is a hexdump of a firmware file of a mp4 powered by bf427.

 

ubuntu' file shows it's a "u-boot/PPCboot" file.

 

I tried to unpack it into a "gzip" and a a "squashfs" file, but both reported error.

 

And the squashfs file have an "I/O" error while mounted and copying from.

 

Can you help me finding out how to unpack this kind of u-boot image?

 

thanks a lot!!!

 

 

 

 

 

Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   27 05 19 56 E4 9F E0 B2  48 FE DF 17 00 53 20 C4   '..V錈嗖H..S ?

00000010   00 00 10 00 00 0F 92 AC  5D 69 77 16 05 10 04 01   ......挰]iw.....

00000020   75 43 6C 69 6E 75 78 20  4B 65 72 6E 65 6C 20 61   uClinux Kernel a

00000030   6E 64 20 52 6F 6F 74 2F  73 66 73 00 00 00 00 00   nd Root/sfs.....

00000040   00 08 A0 B6 00 4A 80 00  00 00 00 00 1F 8B 08 08   ..牰.J€......?.

00000050   16 DF FE 48 02 03 6C 69  6E 75 78 2E 62 69 6E 00   .唼H..linux.bin.

00000060   AC 7D 0B 7C 14 D5 D5 F8  9D 4D 76 77 76 99 24 B3   瑌.|.照鴿Mvwv??

00000070   61 61 27 64 35 9B F0 DA  84 C7 DC 0C 28 01 5F 79   aa'd5涴趧擒.(._y

00000080   C2 12 09 D9 C4 90 62 54  3A 90 40 02 06 03 6A 5B   ?.倌恇T:怈...j[

00000090   7C B4 0D 41 11 B5 B5 59  16 2A 5A BF AF 1B 50 44   |?A.档Y.*Z刊.PD

000000A0   0B BA 1B B4 D5 0A 16 15  11 95 02 6A EB AB 96 B2   .?凑....?j氆柌

000000B0   4C 12 F0 1D 1E 6A 78 EE  FF 9C 3B B3 79 00 DA 7E   L.?.jx??硑.趡

000000C0   DF F7 CF EF B7 99 FB 3C  F7 75 EE B9 E7 DC 7B EE   喵巷窓?鱱罟畿{?

000000D0   B9 A5 D1 64 62 8F 8E 68  2A 84 6F 29 35 45 3F BC   攻裠b弾h*刼)5E??

000000E0   45 0C EE 3B B4 E3 D4 EB  89 F5 DC C6 26 AB 96 B1   E.?淬噪夣芷&珫?

000000F0   A3 34 9A 44 78 D5 1E 3D  F8 4F 31 98 1F 1D 44 48   ?欴x?=鳲1?.DH

00000100   54 8D 39 54 93 CA 69 D7  FE A2 59 B8 46 22 6A 19   T?T撌i窮"j.

00000110   A4 E0 B4 29 7B 92 A2 3D  FF 24 10 7E D9 1E 6F 80   む?{挗=$.~?o€

00000120   08 76 29 A6 BD 1B D3 73  84 62 D9 01 A2 BD 5E 83   .v).觭刡?⒔^?

 

thriller

 

 

QuoteReplyEditDelete

 

 

2009-04-28 05:17:13     Re: PLS help to explain the format of this bf547 firmware

Ian Jeffray (UNITED KINGDOM)

Message: 73351   

 

The first four bytes "27 05 19 56" is Wolfgang's birthday (27/05/1956) - the u-boot signature.   This is a u-boot binary.  You can't "unpack" it.

 

 

QuoteReplyEditDelete

 

 

2009-04-28 08:18:02     Re: PLS help to explain the format of this bf547 firmware

thriller ty (AFGHANISTAN)

Message: 73357   

 

The first four bytes "27 05 19 56" is Wolfgang's birthday (27/05/1956) - the u-boot signature.   This is a u-boot binary.  You can't "unpack" it.

 

 

 

---

 

Thanks a lot!

 

But in fact I think it can be unpacked

 

See the underlined bytes.

 

00000040   00 08 A0 B6 00 4A 80 00  00 00 00 00 1F 8B 08 08   ..牰.J€......?.

 

0x8B1F is a gzip header.

 

And a u-boot is packed binary file, so why can't it be unpacked?

QuoteReplyEditDelete

 

 

2009-04-28 08:29:28     Re: PLS help to explain the format of this bf547 firmware

Mike Frysinger (UNITED STATES)

Message: 73360   

 

the u-boot format is clearly documented in the u-boot source code

 

Ian is saying that the payload is a flat linux kernel binary anyways, not an ELF you'll be able to get any kind of symbol information out of

QuoteReplyEditDelete

 

 

2009-04-28 09:07:14     Re: PLS help to explain the format of this bf547 firmware

thriller ty (AFGHANISTAN)

Message: 73363   

 

I see, thanks.

 

Then "file" knows "0x27051956" as u-boot only.

 

So is it posible that somebody changed the structure of u-boot by himself so that the u-boot couldn't be recognized?

 

And even the initramfs maybe also customized?

 

 

 

 

QuoteReplyEditDelete

 

 

2009-04-28 09:12:03     Re: PLS help to explain the format of this bf547 firmware

Mike Frysinger (UNITED STATES)

Message: 73366   

 

i highly doubt the u-boot format was changed.  stop worrying about the output of `file`.  if it's a u-boot bootable image, then it's very simple and trivial for you to decompose.

 

as for manually extracting the initramfs and/or embedded filesystem, that is going to be a bit trickier as you'll have to scan the kernel binary for known signatures.  the initramfs is a cpio archive (sometimes compressed with gzip, sometimes not).

QuoteReplyEditDelete

 

 

2009-04-28 10:04:46     Re: PLS help to explain the format of this bf547 firmware

thriller ty (AFGHANISTAN)

Message: 73372   

 

thanks, Mike.

 

Please find attached header of the firmware, which is followed by a "hsqs" signature stands for squashfs data.

 

this firmware is probably gzipped, I tried to remove the header before '0x8b1f' and gunzipped it,

 

error shows but got a file named linux.bin.

 

and the squashfs data remained can not be smoothly unsquashfs and got a 'ZLIB' error -3.

 

so i think maybe it's been customized and changed.

 

nT5Gen2.bin

OT5Gen2.bin

QuoteReplyEditDelete

Attachments

Outcomes