hello. i might have found something new:
http://www.woodmann.com/forum/archive/index.php/t-7663.htmlOn this page people is talking about how to disassemble a firmware coming from a vxworks router, one of them writes:
I tried once to crack some vxwoks firmware. Inside the original file was another zlib compressed file that needed to be extracted. I used simple python script to extract data and continue analysis. Could find script if interested.
Did you set correct processor for your binary?
another userwho is struggling to get the same result asks:
if you could share that script, please send it across . it will be useful in few cases if you are reversing Linux kernel binary also. please share that !!
and the creator of the first message sent him this script:
from sys import *
from struct import *
from zlib import *
def main():
print "\nextract and decompress zlib"
if len(argv) is not 3:
print """
Usage:
<argv1> source file
<argv2> dest file
"""
exit()
else:
print """
Using:
Source: %s
Dest: %s
""" % (argv[1],argv[2])
try:
in_fd=open(argv[1],"rb"
except:
print "[-]Could't open file %s" % argv[1]
exit()
try:
out_fd=open(argv[2],"wb"
except:
print "[-]Could't open file %s" % argv[2]
exit()
buff=in_fd.read()
print 'Length', hex(len(buff))
for i in range(len(buff)):
try:
decomS = decompress(buff[i:])
except:
# print '.'
continue
print "Got it ", i, hex(i)
out_fd.write(decomS)
print "[+]Done writing to '%s'" % argv[2]
if __name__=="__main__":
main()
the zilb compression library (
http://www.zlib.net/) could have compressed our firmware... what do you think about this?
during the following days i'm going to try another idea: formatting an sd card, putting on it the firmware with other files then deleting them all and formatting then trying to find the files that was saved there with a file recovery software: do you think this would help splitting the original firmware from the empty bits???