Thread: [DEVs] Firmware Summary
View Single Post
Old 02-21-2013, 01:48 PM   #28
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
K5touch, diags-5.0.0
The search continues for dot-config files with a little bit of prep work.
Spoiler:

Code:
core2quad diags $ zcat kt_5.0.0-kernel_diags.gz >kd-5.0.0.img

core2quad diags $ od -A d -t x1 kd-5.0.0.img | grep '1f 8b 08 00'
0289552 05 00 00 00 1f 8b 08 00 00 00 00 00 02 03 ed 92
0545504 1a 48 02 00 1a 48 02 00 1f 8b 08 00 00 00 00 00
0550160 cc d4 01 00 2c 12 00 00 1f 8b 08 00 00 00 00 00
0553856 00 00 00 00 6a 0e 00 00 1f 8b 08 00 00 00 00 00
0554080 1f 8b 08 00 00 00 00 00 02 03 63 61 60 60 50 01
0554128 1f 8b 08 00 00 00 00 00 02 03 5d 8e 31 0e 40 40
0554256 00 00 00 00 81 00 00 00 1f 8b 08 00 00 00 00 00
0554400 86 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0554576 a6 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0554624 26 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0554752 1f 8b 08 00 00 00 00 00 02 03 5d 8d bb 0d 80 30
0554864 c8 00 00 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0558400 1f 8b 08 00 00 00 00 00 00 03 ed 9d 4f 6c 23 57
0562704 1f 8b 08 00 00 00 00 00 00 03 ed 9d 31 93 dc 46
0566832 1f 8b 08 00 00 00 00 00 00 03 ed 9d 3f 93 dc 46
0572624 1f 8b 08 00 00 00 00 00 00 03 ed 9d bd 8f dc c6
0575616 cc d4 01 00 00 00 00 00 1f 8b 08 00 00 00 00 00
0583184 1f 8b 08 00 00 00 00 00 00 03 ed 9d c1 8f dc 46
0588224 1f 8b 08 00 00 00 00 00 00 03 ed 9d 7f 6c 1b 67
3853520 47 5f 53 54 1f 8b 08 00 9a 0a bb 4e 02 03 94 5c

core2quad diags $ od -A d -t x1 kd-5.0.0.img | grep '1f 8b 08 00'
- - - -
3853520 47 5f 53 54 1f 8b 08 00 9a 0a bb 4e 02 03 94 5c

core2quad diags $ dd if=kd-5.0.0.img bs=1 skip=3853524 of=kd-5.0.0-dc.gz
1269548+0 records in
1269548+0 records out
1269548 bytes (1.3 MB) copied, 5.08574 s, 250 kB/s

That one should also have a dot-config file on the end of it
Spoiler:

Code:
core2quad diags $ gzip -l -v kd-5.0.0-dc.gz
method  crc     date  time           compressed        uncompressed  ratio uncompressed_name
defla ffff7fff Feb 21 12:27             1269548          4294967295 100.0% kd-5.0.0-dc

core2quad diags $ zcat  kd-5.0.0-dc.gz >kd-5.0.0-dc
gzip: kd-5.0.0-dc.gz: decompression OK, trailing garbage ignored

core2quad diags $ file kd-5.0.0-dc
kd-5.0.0-dc: ASCII English text
core2quad diags $ less kd-5.0.0-dc

Got one!
Code:
core2quad diags $ mv kd-5.0.0-dc dot-config-diags-5.0.0
core2quad diags $ gzip dot-config-diags-5.0.0
Remove it from the image file.
Code:
core2quad diags $ dd if=kd-5.0.0.img bs=1 count=3853524 of=kd-5.0.0-trim.img
3853524+0 records in
3853524+0 records out
3853524 bytes (3.9 MB) copied, 15.9202 s, 242 kB/s
Moving right along, try to pull an initramfs (irfs) 'cpio -H newc' archive off of the trimmed image.
Spoiler:

Code:
core2quad diags $ od -A d -t x1 kd-5.0.0-trim.img | grep '30 37 30 37 30 31'
0102560 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30
0102672 65 76 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0102912 6f 6e 73 6f 6c 65 00 00 30 37 30 37 30 31 30 30
0103040 30 37 30 37 30 31 30 30 30 30 30 32 44 35 30 30
0103152 65 76 2f 7a 65 72 6f 00 30 37 30 37 30 31 30 30
0103280 6d 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0103520 6d 69 63 00 30 37 30 37 30 31 30 30 30 30 30 32
0103760 61 74 63 68 64 6f 67 00 30 37 30 37 30 31 30 30
0103888 63 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104016 30 37 30 37 30 31 30 30 30 30 30 32 44 44 30 30
0104256 74 79 6d 78 63 33 00 00 30 37 30 37 30 31 30 30
0104384 63 34 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0104624 62 2f 30 00 30 37 30 37 30 31 30 30 30 30 30 32
0104752 2f 66 62 2f 30 00 00 00 30 37 30 37 30 31 30 30
0104880 6b 30 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105008 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105136 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105264 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105392 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0105520 30 37 30 37 30 31 30 30 30 30 30 32 45 39 30 30
0105648 30 37 30 37 30 31 30 30 30 30 30 32 45 41 30 30
0105776 30 37 30 37 30 31 30 30 30 30 30 32 45 42 30 30
0105904 30 37 30 37 30 31 30 30 30 30 30 32 45 43 30 30
0106032 30 37 30 37 30 31 30 30 30 30 30 32 45 44 30 30
0106144 65 76 2f 6d 74 64 00 00 30 37 30 37 30 31 30 30
0106272 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0106400 30 37 30 37 30 31 30 30 30 30 30 32 46 30 30 30
0106640 74 64 2f 33 00 00 00 00 30 37 30 37 30 31 30 30
0106768 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0106896 30 37 30 37 30 31 30 30 30 30 30 32 46 34 30 30
0107904 6f 6f 70 30 00 00 00 00 30 37 30 37 30 31 30 30
0108032 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 32
0108160 30 37 30 37 30 31 30 30 30 30 30 32 46 45 30 30
0108400 32 63 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0108528 30 37 30 37 30 31 30 30 30 30 30 33 30 31 30 30
0108768 32 63 2f 32 00 00 00 00 30 37 30 37 30 31 30 30
0108896 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0109024 6e 74 30 00 30 37 30 37 30 31 30 30 30 30 30 33
0109152 6e 74 31 00 30 37 30 37 30 31 30 30 30 30 30 33
0109264 30 30 2f 70 72 6f 63 00 30 37 30 37 30 31 30 30
0109504 30 37 30 37 30 31 30 30 30 30 30 33 30 39 30 30
0109616 69 62 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0188240 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0188368 30 37 30 37 30 31 30 30 30 30 30 33 30 43 30 30
0188480 6e 74 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0239072 02 95 01 00 30 37 30 37 30 31 30 30 30 30 30 33
0274208 30 37 30 37 30 31 30 30 30 30 30 33 31 30 30 30
0309856 30 37 30 37 30 31 30 30 30 30 30 33 31 31 30 30
0353328 02 0a 01 00 30 37 30 37 30 31 30 30 30 30 30 33
0371472 02 80 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0382912 30 37 30 37 30 31 30 30 30 30 30 33 31 34 30 30
0390528 02 3f 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0390640 30 30 2f 62 69 6e 00 00 30 37 30 37 30 31 30 30
0411776 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0414016 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0887872 70 73 00 00 30 37 30 37 30 31 30 30 30 30 30 33
0912368 30 37 30 37 30 31 30 30 30 30 30 33 31 42 30 30
0988880 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
1085984 00 00 00 00 30 37 30 37 30 31 30 30 30 30 30 33
Only the first occurance is of any interest at the moment:
Code:
core2quad diags $ od -A d -t x1 kd-5.0.0-trim.img | grep '30 37 30 37 30 31'
0102560 30 37 30 37 30 31 30 30 30 30 30 32 44 31 30 30

core2quad diags $ dd if=kd-5.0.0-trim.img bs=1 skip=102560 of=kd-5.0.0-irfs.cpio
3750964+0 records in
3750964+0 records out
3750964 bytes (3.8 MB) copied, 15.596 s, 241 kB/s

core2quad diags $ mkdir kd-5.0.0-irfs
core2quad diags $ cd kd-5.0.0-irfs
core2quad kd-5.0.0-irfs $ sudo su

core2quad kd-5.0.0-irfs # cpio -i -d -m  --no-absolute-filenames -I ../kd-5.0.0-irfs.cpio
cpio: Removing leading `/' from member names
1922 blocks

core2quad kd-5.0.0-irfs # ls -l
total 28
drwxr-xr-x 2 root root 4096 2013-02-21 12:41 bin
drwxr-xr-x 7 root root 4096 2013-02-21 12:41 dev
lrwxrwxrwx 1 root root   18 2013-02-21 12:41 init -> /bin/recovery-util
drwxr-xr-x 3 root root 4096 2013-02-21 12:41 lib
drwxr-xr-x 3 root root 4096 2013-02-21 12:41 mnt
drwxr-xr-x 2 root root 4096 2011-11-09 17:19 proc
drwx------ 2 root root 4096 2011-11-09 17:19 root
drwxr-xr-x 2 root root 4096 2011-11-09 17:19 sys

core2quad kd-5.0.0-irfs # cd ..
core2quad diags # tar --create --gzip --file=diags-5.0.0-irfs.tar.gz kd-5.0.0-irfs
core2quad diags # exit


Both recovered files attached here.
Attached Files
File Type: gz diags-5.0.0-irfs.tar.gz (450.8 KB, 193 views)
File Type: gz dot-config-diags-5.0.0.gz (11.5 KB, 191 views)
knc1 is offline   Reply With Quote