[knc1]

The search continues for dot-config files with a little bit of prep work.

Spoiler:

Code:

core2quad main $ zcat kt_5.1.2-kernel_main.gz >km-5.1.2.img

core2quad main $ od -A d -t x1 km-5.1.2.img | grep '1f 8b 08 00'
0287744 06 00 00 00 1f 8b 08 00 00 00 00 00 02 03 ed 92
0539760 cc 12 02 00 1f 8b 08 00 00 00 00 00 00 03 ed 9d
0544416 2c 12 00 00 1f 8b 08 00 00 00 00 00 00 03 ed 9b
0548112 6a 0e 00 00 1f 8b 08 00 00 00 00 00 02 03 5b c1
0548320 f4 0e 00 00 d0 00 00 00 00 00 00 00 1f 8b 08 00
0548368 00 00 00 00 25 00 00 00 00 00 00 00 1f 8b 08 00
0548512 81 00 00 00 1f 8b 08 00 00 00 00 00 02 03 5d 8e
0548656 00 00 00 00 1f 8b 08 00 00 00 00 00 02 03 ed d7
0548832 00 00 00 00 1f 8b 08 00 00 00 00 00 02 03 63 61
0548880 00 00 00 00 1f 8b 08 00 00 00 00 00 02 03 5d 8e
0548992 00 00 00 00 6f 00 00 00 00 00 00 00 1f 8b 08 00
0549120 00 00 00 00 1f 8b 08 00 00 00 00 00 00 03 ed 9c
0551792 00 00 00 00 1f 8b 08 00 00 00 00 00 00 03 ed dd
0556448 12 4b 14 1f cc d4 01 00 00 00 00 00 1f 8b 08 00
0560544 cc d4 01 00 1f 8b 08 00 00 00 00 00 00 03 ed 9d
0566336 00 00 00 00 1f 8b 08 00 00 00 00 00 00 03 ed 9d
0569328 bf b3 83 36 cc d4 01 00 00 00 00 00 1f 8b 08 00
0574256 19 f9 17 30 06 b3 ad cc d4 01 00 00 1f 8b 08 00
0575728 9a 05 00 00 1f 8b 08 00 00 00 00 00 00 03 ed 9d
3889920 47 5f 53 54 1f 8b 08 00 57 fb 05 50 02 03 94 5c

core2quad main $ od -A d -t x1 km-5.1.2.img | grep '1f 8b 08 00'
- - - -
3889920 47 5f 53 54 1f 8b 08 00 57 fb 05 50 02 03 94 5c

core2quad main $ dd if=km-5.1.2.img bs=1 skip=3889924 of=km-5.1.2-dc.gz
1352956+0 records in
1352956+0 records out
1352956 bytes (1.4 MB) copied, 5.44264 s, 249 kB/s

That one should also have a dot-config file on the end of it

Spoiler:

Code:

core2quad main $ gzip -l -v km-5.1.2-dc.gz
method  crc     date  time           compressed        uncompressed  ratio uncompressed_name
defla ffffffff Feb 21 15:02             1352956          4294967295 100.0% km-5.1.2-dc

core2quad main $ zcat km-5.1.2-dc.gz >km-5.1.2-dc
gzip: km-5.1.2-dc.gz: decompression OK, trailing garbage ignored

core2quad main $ file km-5.1.2-dc
km-5.1.2-dc: ASCII English text
core2quad main $ less km-5.1.2-dc

Got one!

Code:

core2quad main $ mv km-5.1.2-dc dot-config-main-5.1.2
core2quad main $ gzip dot-config-main-5.1.2

Remove it from the image file.

Code:

core2quad main $ dd if=km-5.1.2.img bs=1 count=3889924 of=km-5.1.2-trim.img
3889924+0 records in
3889924+0 records out
3889924 bytes (3.9 MB) copied, 16.231 s, 240 kB/s

Moving right along, try to pull an initramfs (irfs) 'cpio -H newc' archive off of the trimmed image.

Spoiler:

Code:

core2quad main $ od -A d -t x1 km-5.1.2-trim.img | grep '30 37 30 37 30 31'
0102496 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30
0102608 65 76 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0102848 6f 6e 73 6f 6c 65 00 00 30 37 30 37 30 31 30 30
0102976 30 37 30 37 30 31 30 30 30 30 30 32 44 35 30 30
0103088 65 76 2f 7a 65 72 6f 00 30 37 30 37 30 31 30 30
0103216 6d 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0103456 6d 69 63 00 30 37 30 37 30 31 30 30 30 30 30 32
0103696 61 74 63 68 64 6f 67 00 30 37 30 37 30 31 30 30
0103824 63 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0103952 30 37 30 37 30 31 30 30 30 30 30 32 44 44 30 30
0104192 74 79 6d 78 63 33 00 00 30 37 30 37 30 31 30 30
0104320 63 34 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104560 62 2f 30 00 30 37 30 37 30 31 30 30 30 30 30 32
0104688 2f 66 62 2f 30 00 00 00 30 37 30 37 30 31 30 30
0104816 6b 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104944 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105072 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105200 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105328 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105456 30 37 30 37 30 31 30 30 30 30 30 32 45 39 30 30
0105584 30 37 30 37 30 31 30 30 30 30 30 32 45 41 30 30
0105712 30 37 30 37 30 31 30 30 30 30 30 32 45 42 30 30
0105840 30 37 30 37 30 31 30 30 30 30 30 32 45 43 30 30
0105968 30 37 30 37 30 31 30 30 30 30 30 32 45 44 30 30
0106080 65 76 2f 6d 74 64 00 00 30 37 30 37 30 31 30 30
0106208 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0106336 30 37 30 37 30 31 30 30 30 30 30 32 46 30 30 30
0106576 74 64 2f 33 00 00 00 00 30 37 30 37 30 31 30 30
0106704 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0106832 30 37 30 37 30 31 30 30 30 30 30 32 46 34 30 30
0107840 6f 6f 70 30 00 00 00 00 30 37 30 37 30 31 30 30
0107968 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0108096 30 37 30 37 30 31 30 30 30 30 30 32 46 45 30 30
0108336 32 63 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0108464 30 37 30 37 30 31 30 30 30 30 30 33 30 31 30 30
0108704 32 63 2f 32 00 00 00 00 30 37 30 37 30 31 30 30
0108832 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0108960 6e 74 30 00 30 37 30 37 30 31 30 30 30 30 30 33
0109088 6e 74 31 00 30 37 30 37 30 31 30 30 30 30 30 33
0109216 6e 74 32 00 30 37 30 37 30 31 30 30 30 30 30 33
0109328 30 30 2f 70 72 6f 63 00 30 37 30 37 30 31 30 30
0109568 30 37 30 37 30 31 30 30 30 30 30 33 30 41 30 30
0109680 69 62 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0188304 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0188432 30 37 30 37 30 31 30 30 30 30 30 33 30 44 30 30
0188544 6e 74 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0235680 02 7c 01 00 30 37 30 37 30 31 30 30 30 30 30 33
0271872 02 f4 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0308320 30 37 30 37 30 31 30 30 30 30 30 33 31 32 30 30
0358128 02 26 01 00 30 37 30 37 30 31 30 30 30 30 30 33
0376272 30 37 30 37 30 31 30 30 30 30 30 33 31 34 30 30
0397104 30 37 30 37 30 31 30 30 30 30 30 33 31 36 30 30
0397216 69 6e 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0410576 01 00 00 00 00 00 00 00 30 37 30 37 30 31 30 30
0418352 30 37 30 37 30 31 30 30 30 30 30 33 31 39 30 30
0420592 30 37 30 37 30 31 30 30 30 30 30 33 31 41 30 30
0873824 30 37 30 37 30 31 30 30 30 30 30 33 31 43 30 30
0950336 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
1047648 69 6c 00 00 30 37 30 37 30 31 30 30 30 30 30 30

Only the first occurance is of any interest at the moment:

Code:

core2quad main $ od -A d -t x1 km-5.1.2-trim.img | grep '30 37 30 37 30 31'
0102496 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30

core2quad main $ dd if=km-5.1.2-trim.img bs=1 skip=102496 of=km-5.1.2-irfs.cpio
3787428+0 records in
3787428+0 records out
3787428 bytes (3.8 MB) copied, 15.6789 s, 242 kB/s

core2quad main $ mkdir km-5.1.2-irfs
core2quad main $ cd km-5.1.2-irfs
core2quad km-5.1.2-irfs $ sudo su

core2quad km-5.1.2-irfs # cpio -i -d -m  --no-absolute-filenames -I ../km-5.1.2-irfs.cpio
cpio: Removing leading `/' from member names
1847 blocks

core2quad km-5.1.2-irfs # ls -l
total 28
drwxr-xr-x 2 root root 4096 2013-02-21 15:19 bin
drwxr-xr-x 7 root root 4096 2013-02-21 15:19 dev
lrwxrwxrwx 1 root root   18 2013-02-21 15:19 init -> /bin/recovery-util
drwxr-xr-x 3 root root 4096 2013-02-21 15:19 lib
drwxr-xr-x 3 root root 4096 2013-02-21 15:19 mnt
drwxr-xr-x 2 root root 4096 2012-07-17 18:54 proc
drwx------ 2 root root 4096 2012-07-17 18:54 root
drwxr-xr-x 2 root root 4096 2012-07-17 18:54 sys

core2quad km-5.1.2-irfs # cd ..
core2quad main # tar --create --gzip --file=main-5.1.2-irfs.tar.gz km-5.1.2-irfs
core2quad main # exit

Both recovered files attached here.