The kernel uses gzip compression for the dot-config.
It is the last thing concatenated to the image by the kernel build system, although the builder may have concatenated other things afterwards (some distro's put their splash image after the dot-config).
Search for the gzip magic number, assume for first try that the dot-config is the last such signature:
In the previous posts, we have seen the 'trailing garbage ignored' message from gunzip.
This might be anything, from a single byte of padding to a very large chunk of something else.
In this case, 4Mbytes is a bit too large for a compressed configuration file!
Investigate what gunzip thinks is the contents of the file:
Code:
core2quad main $ gunzip -l -v km_config-5.2.0.gz
method crc date time compressed uncompressed ratio uncompressed_name
defla ffffffff Feb 21 08:18 4078636 4294967295 99.9% km_config-5.2.0
core2quad main $ zcat km_config-5.2.0.gz > km_config-5.2.0-00
gzip: km_config-5.2.0.gz: decompression OK, trailing garbage ignored
core2quad main $ file km_config-5.2.0-00
km_config-5.2.0-00: data
core2quad main $ ls -l km_config-5.2.0-00
-rw-rw-r-- 1 mszick mszick 194572 2013-02-21 09:09 km_config-5.2.0-00
Whatever that is, it isn't a configuration file.
Try searching for an initramFS in 'cpio -H newc' format:
Knowing that every file in a cpio archive has the same header magic, start with the earliest one in the file:
Code:
core2quad main $ od -A d -t x1 km-5.2.0.img | grep '30 37 30 37 30 31'
0102368 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30
core2quad main $ dd if=km-5.2.0.img bs=1 skip=102368 of=km-5.2.0-irfs.cpio
4506656+0 records in
4506656+0 records out
4506656 bytes (4.5 MB) copied, 18.6441 s, 242 kB/s
Which is a reasonable size for an un-compressed file system.
You **must** be 'root' to copy permissions and ownership, also to create special files.
You **must** use the '--no-absolute-filename' option to prevent trashing your work station!
Attached below.