Thread: [DEVs] Firmware Summary
View Single Post
Old 02-21-2013, 12:25 PM   #26
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
K5touch, main-5.0.0
The search continues for dot-config files with a little bit of prep work.
Spoiler:

Code:
core2quad main $ zcat kt_5.0.0-kernel_main.gz >km-5.0.0.img

core2quad main $ od -A d -t x1 km-5.0.0.img | grep '1f 8b 08 00'
0286960 1f 8b 08 00 00 00 00 00 02 03 ed 92 3d 6f d3 50
0287408 07 4d c7 b8 e0 84 06 00 00 1f 8b 08 00 00 00 00
0531504 55 21 02 00 ec 0e 02 00 1f 8b 08 00 00 00 00 00
0536160 cc d4 01 00 2c 12 00 00 1f 8b 08 00 00 00 00 00
0539856 00 00 00 00 6a 0e 00 00 1f 8b 08 00 00 00 00 00
0540080 1f 8b 08 00 00 00 00 00 02 03 63 61 60 60 50 01
0540128 1f 8b 08 00 00 00 00 00 02 03 5d 8e 31 0e 40 40
0540256 00 00 00 00 81 00 00 00 1f 8b 08 00 00 00 00 00
0540400 86 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0540576 a6 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0540624 26 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0540752 1f 8b 08 00 00 00 00 00 02 03 5d 8d bb 0d 80 30
0540864 c8 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0543536 cc d4 01 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0548208 1f 8b 08 00 00 00 00 00 00 03 ed 9d cf 6f dd d6
0552288 81 f3 05 5e cc d4 01 00 1f 8b 08 00 00 00 00 00
0558080 d4 01 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0561088 1f 8b 08 00 00 00 00 00 00 03 ed 9d bf 72 dc 56
0566016 1f 8b 08 00 00 00 00 00 00 03 ed dd 31 6f 13 67
0567472 3f 13 00 00 9a 05 00 00 1f 8b 08 00 00 00 00 00
3817904 8f 1b 46 c0 49 4b 43 46 47 5f 53 54 1f 8b 08 00

core2quad main $ ls -l km-5.0.0.img
-rw-rw-r-- 1 mszick mszick 5090176 2013-02-21 10:54 km-5.0.0.img

core2quad main $ od -A d -t x1 km-5.0.0.img | grep '1f 8b 08 00'
- - - -
3817904 8f 1b 46 c0 49 4b 43 46 47 5f 53 54 1f 8b 08 00

core2quad main $ dd if=km-5.0.0.img bs=1 skip=3817916 of=km-5.0.0-dc.gz
1272260+0 records in
1272260+0 records out
1272260 bytes (1.3 MB) copied, 5.64149 s, 226 kB/s

That one may have a dot-config file on the end of it
Spoiler:

Code:
core2quad main $ gzip -l -v km-5.0.0-dc.gz
method  crc     date  time           compressed        uncompressed  ratio uncompressed_name
defla 00000000 Feb 21 11:00             1272260                   0   0.0% km-5.0.0-dc

core2quad main $ gzip -l -v km-5.0.0-dc.gz
method  crc     date  time           compressed        uncompressed  ratio uncompressed_name
defla 00000000 Feb 21 11:00             1272260                   0   0.0% km-5.0.0-dc
core2quad main $ zcat km-5.0.0-dc.gz >km-5.0.0-dc

gzip: km-5.0.0-dc.gz: decompression OK, trailing garbage ignored
core2quad main $ file km-5.0.0-dc
km-5.0.0-dc: ASCII English text

core2quad main $ less km-5.0.0-dc

Got one!
Code:
core2quad main $ mv km-5.0.0-dc dot-config-main-5.0.0
core2quad main $ gzip dot-config-main-5.0.0
Remove it from the image file.
Code:
core2quad main $ dd if=km-5.0.0.img bs=1 count=3817916 of=km-5.0.0-trim.img
3817916+0 records in
3817916+0 records out
3817916 bytes (3.8 MB) copied, 16.3716 s, 233 kB/s
Moving right along, try to pull an initramfs (irfs) 'cpio -H newc' archive off of the trimmed image.
Spoiler:

Code:
core2quad main $ od -A d -t x1 km-5.0.0-trim.img | grep '30 37 30 37 30 31'
0102112 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30
0102224 65 76 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0102464 6f 6e 73 6f 6c 65 00 00 30 37 30 37 30 31 30 30
0102592 30 37 30 37 30 31 30 30 30 30 30 32 44 35 30 30
0102704 65 76 2f 7a 65 72 6f 00 30 37 30 37 30 31 30 30
0102832 6d 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0103072 6d 69 63 00 30 37 30 37 30 31 30 30 30 30 30 32
0103312 61 74 63 68 64 6f 67 00 30 37 30 37 30 31 30 30
0103440 63 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0103568 30 37 30 37 30 31 30 30 30 30 30 32 44 44 30 30
0103808 74 79 6d 78 63 33 00 00 30 37 30 37 30 31 30 30
0103936 63 34 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104176 62 2f 30 00 30 37 30 37 30 31 30 30 30 30 30 32
0104304 2f 66 62 2f 30 00 00 00 30 37 30 37 30 31 30 30
0104432 6b 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104560 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104688 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104816 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104944 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105072 30 37 30 37 30 31 30 30 30 30 30 32 45 39 30 30
0105200 30 37 30 37 30 31 30 30 30 30 30 32 45 41 30 30
0105328 30 37 30 37 30 31 30 30 30 30 30 32 45 42 30 30
0105456 30 37 30 37 30 31 30 30 30 30 30 32 45 43 30 30
0105584 30 37 30 37 30 31 30 30 30 30 30 32 45 44 30 30
0105696 65 76 2f 6d 74 64 00 00 30 37 30 37 30 31 30 30
0105824 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105952 30 37 30 37 30 31 30 30 30 30 30 32 46 30 30 30
0106192 74 64 2f 33 00 00 00 00 30 37 30 37 30 31 30 30
0106320 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0106448 30 37 30 37 30 31 30 30 30 30 30 32 46 34 30 30
0107456 6f 6f 70 30 00 00 00 00 30 37 30 37 30 31 30 30
0107584 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0107712 30 37 30 37 30 31 30 30 30 30 30 32 46 45 30 30
0107952 32 63 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0108080 30 37 30 37 30 31 30 30 30 30 30 33 30 31 30 30
0108320 32 63 2f 32 00 00 00 00 30 37 30 37 30 31 30 30
0108448 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0108576 6e 74 30 00 30 37 30 37 30 31 30 30 30 30 30 33
0108704 6e 74 31 00 30 37 30 37 30 31 30 30 30 30 30 33
0108832 6e 74 32 00 30 37 30 37 30 31 30 30 30 30 30 33
0108944 30 30 2f 70 72 6f 63 00 30 37 30 37 30 31 30 30
0109184 30 37 30 37 30 31 30 30 30 30 30 33 30 41 30 30
0109296 69 62 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0187920 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0188048 30 37 30 37 30 31 30 30 30 30 30 33 30 44 30 30
0188160 6e 74 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0235280 30 37 30 37 30 31 30 30 30 30 30 33 31 30 30 30
0352656 30 37 30 37 30 31 30 30 30 30 30 33 31 33 30 30
0382208 14 01 00 00 02 42 00 00 30 37 30 37 30 31 30 30
0391744 30 37 30 37 30 31 30 30 30 30 30 33 31 37 30 30
0405104 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0846768 74 67 72 6f 75 70 73 00 30 37 30 37 30 31 30 30
0871232 72 6f 75 70 73 00 00 00 30 37 30 37 30 31 30 30
1014096 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
1044992 69 6c 00 00 30 37 30 37 30 31 30 30 30 30 30 30
Only the first occurrence is of any interest at the moment:
Code:
core2quad main $ od -A d -t x1 km-5.0.0-trim.img | grep '30 37 30 37 30 31'
0102112 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30

core2quad main $ dd if=km-5.0.0-trim.img bs=1 skip=102112 of=km-5.0.0-irfs.cpio
3715804+0 records in
3715804+0 records out
3715804 bytes (3.7 MB) copied, 15.4637 s, 240 kB/s

core2quad main $ mkdir km-5.0.0-irfs
core2quad main $ cd km-5.0.0-irfs
core2quad km-5.0.0-irfs $ sudo su

core2quad km-5.0.0-irfs # cpio -i -d -m  --no-absolute-filenames -I ../km-5.0.0-irfs.cpio
cpio: Removing leading `/' from member names
1842 blocks

core2quad km-5.0.0-irfs # ls -l
total 28
drwxr-xr-x 2 root root 4096 2013-02-21 11:18 bin
drwxr-xr-x 7 root root 4096 2013-02-21 11:18 dev
lrwxrwxrwx 1 root root   18 2013-02-21 11:18 init -> /bin/recovery-util
drwxr-xr-x 3 root root 4096 2013-02-21 11:18 lib
drwxr-xr-x 3 root root 4096 2013-02-21 11:18 mnt
drwxr-xr-x 2 root root 4096 2012-01-06 18:41 proc
drwx------ 2 root root 4096 2012-01-06 18:41 root
drwxr-xr-x 2 root root 4096 2012-01-06 18:41 sys

core2quad km-5.0.0-irfs # cd ..
core2quad main # tar --create --gzip --file=main-5.0.0-irfs.tar.gz km-5.0.0-irfs
core2quad main # exit


Both recovered files attached here.
Attached Files
File Type: gz dot-config-main-5.0.0.gz (11.5 KB, 270 views)
File Type: gz main-5.0.0-irfs.tar.gz (430.4 KB, 251 views)
knc1 is offline   Reply With Quote