LINUX.ORG.RU

Распаковать makeself прошивку


1

1

Есть образ прошивки update-sd.img 300мб(C61R-0715.rar)чуть живой источник. Запускается с карты памяти когда читалка переключена в режим прошивки. Выбить с этого режима устройство не просто, тыкал сброс, совал usb , не сразу но ожила. Внутри несколько файлов, отрезал скрипт установщика.

led@debian:~$ ./update2.img --list
Target directory: .
drwxr-xr-x root/root         0 2013-07-15 14:28 ./
-rw-r--r-- root/root   5154448 2013-07-15 14:28 ./kernel.img
-rw-r--r-- root/root        29 2013-07-15 14:28 ./version
-rw-r--r-- root/root     49152 2013-07-15 14:28 ./misc.img
-rw-r--r-- root/root        47 2013-07-15 14:28 ./oem
-rw-r--r-- root/root   5743021 2013-07-15 14:28 ./recovery.img
-rwxr-xr-x root/root       404 2013-07-15 14:28 ./update-script
-rw-r--r-- root/root       543 2013-07-15 14:28 ./parameter
-rw-r--r-- root/root   2670326 2013-07-15 14:28 ./boot.img
в сумме файлов на 12мб, и образов system.img не хватает.
led@debian:~$ ./update2.img --target ./2
Creating directory ./2
Verifying archive integrity... All good.
Uncompressing C60.........
not support machine.
not support machine появляется когда запускается update-script .

Нужно как то достать остальные образы чтоб хоть както посмотреть на систему. Что делает update-script это скрипт makeself или самой ОС ? Если уж тут не распаковывается, может можно написать скрипт и запустить вместо update-sd.img чтоб получить доступ хотяб по wi-fi и вытащить прошивку?

Установщик.

#!/bin/sh
# This script was generated using Makeself 2.1.5

CRCsum="2400301084"
MD5="bdef1ba30d67b522b68e4db2ad5be9d0"
TMPROOT=${TMPDIR:=/tmp}

label="C60"
script="./update-script"
scriptargs=""
targetdir="."
filesizes="13629440"
keep=y

print_cmd_arg=""
if type printf > /dev/null; then
    print_cmd="printf"
elif test -x /usr/ucb/echo; then
    print_cmd="/usr/ucb/echo"
else
    print_cmd="echo"
fi

unset CDPATH

MS_Printf()
{
    $print_cmd $print_cmd_arg "$1"
}

MS_Progress()
{
    while read a; do
	MS_Printf .
    done
}

MS_diskspace()
{
	(
	if test -d /usr/xpg4/bin; then
		PATH=/usr/xpg4/bin:$PATH
	fi
	df -kP "$1" | tail -1 | awk '{print $4}'
	)
}

MS_dd()
{
    blocks=`expr $3 / 1024`
    bytes=`expr $3 % 1024`
    dd if="$1" ibs=$2 skip=1 obs=1024 conv=sync 2> /dev/null | \
    { test $blocks -gt 0 && dd ibs=1024 obs=1024 count=$blocks ; \
      test $bytes  -gt 0 && dd ibs=1 obs=1024 count=$bytes ; } 2> /dev/null
}

MS_Help()
{
    cat << EOH >&2
Makeself version 2.1.5
 1) Getting help or info about $0 :
  $0 --help   Print this message
  $0 --info   Print embedded info : title, default target directory, embedded script ...
  $0 --lsm    Print embedded lsm entry (or no LSM)
  $0 --list   Print the list of files in the archive
  $0 --check  Checks integrity of the archive
 
 2) Running $0 :
  $0 [options] [--] [additional arguments to embedded script]
  with following options (in that order)
  --confirm             Ask before running embedded script
  --noexec              Do not run embedded script
  --keep                Do not erase target directory after running
			the embedded script
  --nox11               Do not spawn an xterm
  --nochown             Do not give the extracted files to the current user
  --target NewDirectory Extract in NewDirectory
  --tar arg1 [arg2 ...] Access the contents of the archive through the tar command
  --                    Following arguments will be passed to the embedded script
EOH
}

MS_Check()
{
    OLD_PATH="$PATH"
    PATH=${GUESS_MD5_PATH:-"$OLD_PATH:/bin:/usr/bin:/sbin:/usr/local/ssl/bin:/usr/local/bin:/opt/openssl/bin"}
	MD5_ARG=""
    MD5_PATH=`exec <&- 2>&-; which md5sum || type md5sum`
    test -x "$MD5_PATH" || MD5_PATH=`exec <&- 2>&-; which md5 || type md5`
	test -x "$MD5_PATH" || MD5_PATH=`exec <&- 2>&-; which digest || type digest`
    PATH="$OLD_PATH"

    MS_Printf "Verifying archive integrity..."
    offset=`head -n 405 "$1" | wc -c | tr -d " "`
    verb=$2
    i=1
    for s in $filesizes
    do
		crc=`echo $CRCsum | cut -d" " -f$i`
		if test -x "$MD5_PATH"; then
			if test `basename $MD5_PATH` = digest; then
				MD5_ARG="-a md5"
			fi
			md5=`echo $MD5 | cut -d" " -f$i`
			if test $md5 = "00000000000000000000000000000000"; then
				test x$verb = xy && echo " $1 does not contain an embedded MD5 checksum." >&2
			else
				md5sum=`MS_dd "$1" $offset $s | eval "$MD5_PATH $MD5_ARG" | cut -b-32`;
				if test "$md5sum" != "$md5"; then
					echo "Error in MD5 checksums: $md5sum is different from $md5" >&2
					exit 2
				else
					test x$verb = xy && MS_Printf " MD5 checksums are OK." >&2
				fi
				crc="0000000000"; verb=n
			fi
		fi
		if test $crc = "0000000000"; then
			test x$verb = xy && echo " $1 does not contain a CRC checksum." >&2
		else
			sum1=`MS_dd "$1" $offset $s | CMD_ENV=xpg4 cksum | awk '{print $1}'`
			if test "$sum1" = "$crc"; then
				test x$verb = xy && MS_Printf " CRC checksums are OK." >&2
			else
				echo "Error in checksums: $sum1 is different from $crc"
				exit 2;
			fi
		fi
		i=`expr $i + 1`
		offset=`expr $offset + $s`
    done
    echo " All good."
}

UnTAR()
{
    tar $1vf - 2>&1 || { echo Extraction failed. > /dev/tty; kill -15 $$; }
}

finish=true
xterm_loop=
nox11=n
copy=none
ownership=y
verbose=n

initargs="$@"

while true
do
    case "$1" in
    -h | --help)
	MS_Help
	exit 0
	;;
    --info)
	echo Identification: "$label"
	echo Target directory: "$targetdir"
	echo Uncompressed size: 13324 KB
	echo Compression: none
	echo Date of packaging: Mon Jul 15 18:28:37 CST 2013
	echo Built with Makeself version 2.1.5 on linux-gnu
	echo Build command was: "/media/work/ebook/qbook/factory/assemble/China-C61R-XGA-WIFI/bin/makeself.sh \\
    \"--lsm\" \\
    \"lsm\" \\
    \"--nocomp\" \\
    \"--current\" \\
    \"update/\" \\
    \"update.img\" \\
    \"C60\" \\
    \"./update-script\""
	if test x$script != x; then
	    echo Script run after extraction:
	    echo "    " $script $scriptargs
	fi
	if test x"" = xcopy; then
		echo "Archive will copy itself to a temporary location"
	fi
	if test x"y" = xy; then
	    echo "directory $targetdir is permanent"
	else
	    echo "$targetdir will be removed after extraction"
	fi
	exit 0
	;;
    --dumpconf)
	echo LABEL=\"$label\"
	echo SCRIPT=\"$script\"
	echo SCRIPTARGS=\"$scriptargs\"
	echo archdirname=\".\"
	echo KEEP=y
	echo COMPRESS=none
	echo filesizes=\"$filesizes\"
	echo CRCsum=\"$CRCsum\"
	echo MD5sum=\"$MD5\"
	echo OLDUSIZE=13324
	echo OLDSKIP=406
	exit 0
	;;
    --lsm)
cat << EOLSM
system: 335544320
EOLSM
	exit 0
	;;
    --list)
	echo Target directory: $targetdir
	offset=`head -n 405 "$0" | wc -c | tr -d " "`
	for s in $filesizes
	do
	    MS_dd "$0" $offset $s | eval "cat" | UnTAR t
	    offset=`expr $offset + $s`
	done
	exit 0
	;;
	--tar)
	offset=`head -n 405 "$0" | wc -c | tr -d " "`
	arg1="$2"
	shift 2
	for s in $filesizes
	do
	    MS_dd "$0" $offset $s | eval "cat" | tar "$arg1" - $*
	    offset=`expr $offset + $s`
	done
	exit 0
	;;
    --check)
	MS_Check "$0" y
	exit 0
	;;
    --confirm)
	verbose=y
	shift
	;;
	--noexec)
	script=""
	shift
	;;
    --keep)
	keep=y
	shift
	;;
    --target)
	keep=y
	targetdir=${2:-.}
	shift 2
	;;
    --nox11)
	nox11=y
	shift
	;;
    --nochown)
	ownership=n
	shift
	;;
    --xwin)
	finish="echo Press Return to close this window...; read junk"
	xterm_loop=1
	shift
	;;
    --phase2)
	copy=phase2
	shift
	;;
    --)
	shift
	break ;;
    -*)
	echo Unrecognized flag : "$1" >&2
	MS_Help
	exit 1
	;;
    *)
	break ;;
    esac
done

case "$copy" in
copy)
    tmpdir=$TMPROOT/makeself.$RANDOM.`date +"%y%m%d%H%M%S"`.$$
    mkdir "$tmpdir" || {
	echo "Could not create temporary directory $tmpdir" >&2
	exit 1
    }
    SCRIPT_COPY="$tmpdir/makeself"
    echo "Copying to a temporary location..." >&2
    cp "$0" "$SCRIPT_COPY"
    chmod +x "$SCRIPT_COPY"
    cd "$TMPROOT"
    exec "$SCRIPT_COPY" --phase2 -- $initargs
    ;;
phase2)
    finish="$finish ; rm -rf `dirname $0`"
    ;;
esac

if test "$nox11" = "n"; then
    if tty -s; then                 # Do we have a terminal?
	:
    else
        if test x"$DISPLAY" != x -a x"$xterm_loop" = x; then  # No, but do we have X?
            if xset q > /dev/null 2>&1; then # Check for valid DISPLAY variable
                GUESS_XTERMS="xterm rxvt dtterm eterm Eterm kvt konsole aterm"
                for a in $GUESS_XTERMS; do
                    if type $a >/dev/null 2>&1; then
                        XTERM=$a
                        break
                    fi
                done
                chmod a+x $0 || echo Please add execution rights on $0
                if test `echo "$0" | cut -c1` = "/"; then # Spawn a terminal!
                    exec $XTERM -title "$label" -e "$0" --xwin "$initargs"
                else
                    exec $XTERM -title "$label" -e "./$0" --xwin "$initargs"
                fi
            fi
        fi
    fi
fi

if test "$targetdir" = "."; then
    tmpdir="."
else
    if test "$keep" = y; then
	echo "Creating directory $targetdir" >&2
	tmpdir="$targetdir"
	dashp="-p"
    else
	tmpdir="$TMPROOT/selfgz$$$RANDOM"
	dashp=""
    fi
    mkdir $dashp $tmpdir || {
	echo 'Cannot create target directory' $tmpdir >&2
	echo 'You should try option --target OtherDirectory' >&2
	eval $finish
	exit 1
    }
fi

location="`pwd`"
if test x$SETUP_NOCHECK != x1; then
    MS_Check "$0"
fi
offset=`head -n 405 "$0" | wc -c | tr -d " "`

if test x"$verbose" = xy; then
	MS_Printf "About to extract 13324 KB in $tmpdir ... Proceed ? [Y/n] "
	read yn
	if test x"$yn" = xn; then
		eval $finish; exit 1
	fi
fi

MS_Printf "Uncompressing $label"
res=3
if test "$keep" = n; then
    trap 'echo Signal caught, cleaning up >&2; cd $TMPROOT; /bin/rm -rf $tmpdir; eval $finish; exit 15' 1 2 3 15
fi

leftspace=`MS_diskspace $tmpdir`
if test $leftspace -lt 13324; then
    echo
    echo "Not enough space left in "`dirname $tmpdir`" ($leftspace KB) to decompress $0 (13324 KB)" >&2
    if test "$keep" = n; then
        echo "Consider setting TMPDIR to a directory with more free space."
   fi
    eval $finish; exit 1
fi

for s in $filesizes
do
    if MS_dd "$0" $offset $s | eval "cat" | ( cd "$tmpdir"; UnTAR x ) | MS_Progress; then
		if test x"$ownership" = xy; then
			(PATH=/usr/xpg4/bin:$PATH; cd "$tmpdir"; chown -R `id -u` .;  chgrp -R `id -g` .)
		fi
    else
		echo
		echo "Unable to decompress $0" >&2
		eval $finish; exit 1
    fi
    offset=`expr $offset + $s`
done
echo

cd "$tmpdir"
res=0
if test x"$script" != x; then
    if test x"$verbose" = xy; then
		MS_Printf "OK to execute: $script $scriptargs $* ? [Y/n] "
		read yn
		if test x"$yn" = x -o x"$yn" = xy -o x"$yn" = xY; then
			eval $script $scriptargs $*; res=$?;
		fi
    else
		eval $script $scriptargs $*; res=$?
    fi
    if test $res -ne 0; then
		test x"$verbose" = xy && echo "The program '$script' returned an error code ($res)" >&2
    fi
fi
if test "$keep" = n; then
    cd $TMPROOT
    /bin/rm -rf $tmpdir
fi
eval $finish; exit $res
./
update-script
#!enable_script
# 在升级时显示提示信息
print "\nPlease KEEP your USB cable or DC-in connected\n"
print "Do NOT remove SD card form the device\n\n"

# 升级kernel
write_image PACKAGE:kernel KERNEL:
check_image PACKAGE:kernel KERNEL:

# 升级boot
write_image PACKAGE:boot BOOT:
check_image PACKAGE:boot BOOT:

# 升级system
write_image PACKAGE:system SYSTEM:
check_image PACKAGE:system SYSTEM:

# 升级backup
write_image PACKAGE:backup BACKUP:
check_image PACKAGE:backup BACKUP:

# 先将recovery写到/tmp/recovery.img,后继再拷贝到userdata分区
write_image PACKAGE:recovery TMP:recovery.img
check_image PACKAGE:recovery TMP:recovery.img

# 升级parameter
write_image PACKAGE:parameter PARAMETER:
check_image PACKAGE:parameter PARAMETER:

# 格式化数据分区
format DATA:
format PAGECACHE:
format SWAP:

# 拷贝recovery.img到userdata分区,在android启动时升级recovery分区
copy_file TMP:recovery.img DATA:recovery.img
check_file TMP:recovery.img DATA:recovery.img

# 写入命令,在bootloader启动时升级bootloader
write_blcmd update-bootloader

# 将bootloader存放到MISC分区
write_image PACKAGE:bootloader MISC: 0xC000
check_image PACKAGE:bootloader MISC: 0xC000

# 删除升级包
delete PACKAGE:

# 由于升级包可能存放在CACHE分区中,将该分区的格式化留最后
format CACHE:

Чтото тут спойлеры не работают.


Ответ на: комментарий от anonymous

Распаковалось 11 файлов размером от 328 до 333мб(один участок со сдвигом). Если открыть в ark содержимое как пустое так и с теми же файлами меньших размеров. Перед самораспаковкой разница только в том что образы boot, recovery есть в варианте cpio , и 3,5гб мусора.

Что тут можно сделать?

root@debian:/home/led# binwalk -e update2.img

DECIMAL         HEX             DESCRIPTION
-------------------------------------------------------------------------------------------------------------------
0               0x0             Executable script, shebang: "/bin/sh"
9457            0x24F1          POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
9969            0x26F1          POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
127257          0x1F119         gzip compressed data, maximum compression, from Unix, last modified: Mon Jul  1 06:45:45 2013
750385          0xB7331         ELF
3537533         0x35FA7D        Linux kernel version "2.6.25 (zpp@zpp) (gcc version 4.4.3 (crosstool-NG-1.10.0) ) #15.4.3 (crosstool-NG-1.10.0) ) #156 Sat Jul 13 11:59:04 CST 2013"
4819823         0x498B6F        Copyright string: " (C) 2004-2005 Intel Corporation <jketreno@linux.intel.com>n <jketreno@linux.intel.com>"
5153140         0x4EA174        LZMA compressed data, properties: 0xC0, dictionary size: 524288 bytes, uncompressed size: 720896 bytes
5164326         0x4ECD26        LZMA compressed data, properties: 0x5D, dictionary size: 4194304 bytes, missing uncompressed size
5165297         0x4ED0F1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
5166321         0x4ED4F1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
5215985         0x4F96F1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
5217009         0x4F9AF1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
5217549         0x4F9D0D        gzip compressed data, maximum compression, has original file name: "recovery.img.cpio", from Unix, last modified: Mon Jul 15 14:28:06 2013
10960625        0xA73EF1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
10961137        0xA740F1        Executable script, shebang: "/bin/sh"
10961649        0xA742F1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
10963185        0xA748F1        POSIX tar archive (GNU), owner user name: "root", owner group name: "root"
10963725        0xA74B0D        gzip compressed data, maximum compression, has original file name: "boot.img.cpio", from Unix, last modified: Mon Jul 15 14:28:09 2013
25320094        0x1825A9E       Cisco IOS experimental microcode for ""
117070714       0x6FA5B7A       VMware4 disk image
141093222       0x868E966       NSP firmware header, big endian, header size: 1879790425, image size: 1327515932, kernel offset: 143684, header version: 1549608823,
141103496       0x8691188       NSP firmware header, big endian, header size: 1265198694, image size: 1650799913, kernel offset: 1910083, header version: 1566977909,
141127313       0x8696E91       NSP firmware header, big endian, header size: 1617909858, image size: 1669141788, kernel offset: 1782095, header version: 1577152632,
141156734       0x869E17E       NSP firmware header, big endian, header size: 1617389937, image size: 21899793, kernel offset: 737102, header version: 1568154487,
141160937       0x869F1E9       NSP firmware header, big endian, header size: 1617389937, image size: 21899787, kernel offset: 1848665, header version: 1517822839,
141180551       0x86A3E87       NSP firmware header, big endian, header size: 1077561717, image size: 21899793, kernel offset: 3673945, header version: 1297885035,
189667727       0xB4E198F       ELF
208135326       0xC67E49E       Ubiquiti firmware header, ~CRC32: 0x69796979, version: "T"
211010653       0xC93C45D       XIP, Microsoft Xbox data
212597460       0xCABFAD4       NSP firmware header, big endian, header size: 72635981, image size: 807744283, kernel offset: 802627, header version: 1828718447,
212690393       0xCAD65D9       NSP firmware header, big endian, header size: 1617389937, image size: 1109406991, kernel offset: 1848665, header version: 1517822839,
212723550       0xCADE75E       NSP firmware header, big endian, header size: 1765959750, image size: 1997614853, kernel offset: 75072, header version: 1279528044,
212746900       0xCAE4294       NSP firmware header, big endian, header size: 2004832049, image size: 1147629568, kernel offset: 1782095, header version: 1163660912,
212752971       0xCAE5A4B       NSP firmware header, big endian, header size: 1886539569, image size: 1145256716, kernel offset: 1782095, header version: 1178609515,
212806209       0xCAF2A41       NSP firmware header, big endian, header size: 1986296934, image size: 1936001375, kernel offset: 1782095, header version: 1348216649,
231033745       0xDC54B91       XIP, Microsoft Xbox data
278854728       0x109EFC48      NSP firmware header, big endian, header size: 1426609739, image size: 1112425290, kernel offset: 1395931421, header version: 390814046,
284579635       0x10F65733      mcrypt 2.2 encrypted data, algorithm: SAFER-SK128, mode: ECB, keymode: SHA-1 hash
root@debian:/home/led/_update2.img.extracted# ls  -s
итого 3721692
     4 1F119      335968 4ECD26.7z   330312 A73EF1.tar       5036 kernel.img     13172 recovery.img.cpio
341004 24F1.tar   335964 4ED0F1.tar  330304 A742F1.tar         48 misc.img           4 update-script
341004 26F1.tar   335964 4ED4F1.tar  330304 A748F1.tar          4 oem                4 version
     0 4EA174     335916 4F96F1.tar    2608 boot.img            4 parameter
335976 4EA174.7z  335916 4F9AF1.tar    6564 boot.img.cpio    5612 recovery.img
LED ()

Спрашивается для кого pastebin придумали

IIIypuk ★★ ()
Ответ на: комментарий от IIIypuk

Не знаю, не видел, не пользуюсь. Там нужна регистрация? Тем более не буду. Может проще на форуме сделать чтоб спойлеры работали

LED ()
Ответ на: комментарий от LED

Там нужна регистрация?

Лол

Не знаю, не видел, не пользуюсь.

Лооол!

Извините, но это правда заставляет улыбнуться :)

Может проще на форуме сделать чтоб спойлеры работали

Давно уже просят

IIIypuk ★★ ()
Последнее исправление: IIIypuk (всего исправлений: 1)
dd if=update-sd.img of=1.sh bs=9457 count=1
dd if=update-sd.img of=2.img.tar bs=9457 skip=1
dd if=2.img.tar of=3.img bs=13629440 skip=1

mkdir 2.img
tar xf 2.img.tar -C 2.img

cd 2.img
dd if=recovery.img of=recovery.cpio bs=28 skip=1

в recovery.cpio показались подозрительными два файла: /usr/bin/decrypt и /usr/bin/update (использующий первый).

может стоит обратить внимание на них.

anonymous ()

и ещё, у них какая-то не сложная блочная магия с размером 467:

#!/bin/bash

echo -e "0\tstring\tlCEQ]o=E\tlCEQ]o=E" >magic
binwalk -m magic 3.img |
awk '{
  if(k) print $1-k;
  k=$1
}'

anonymous ()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.