我正在尝试从此存档中的 .bin 访问固件:http : //mydjiflight.dji.com/file/links/OSMO_ACTION_V17020_20191203_ZIP
到目前为止,我已经使用了 binwalk 并得到了以下输出:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
333646 0x5174E Certificate in DER format (x509 v3), header length: 4, sequence length: 518
1927791 0x1D6A6F Certificate in DER format (x509 v3), header length: 4, sequence length: 1424
1927795 0x1D6A73 Certificate in DER format (x509 v3), header length: 4, sequence length: 1436
5310901 0x5109B5 Unix path: /var/lib/jenkins/workspace
5310945 0x5109E1 Unix path: /rtos/h2/dji/gui/ew/app/#
5784963 0x584583 Unix path: /var/lib/jenkins/workspace
5785007 0x5845AF Unix path: /rtos/h2/dji/gui/ew/app/#
7769572 0x768DE4 MySQL MISAM index file Version 5
7962227 0x797E73 MySQL MISAM index file Version 5
8388145 0x7FFE31 MySQL ISAM index file Version 8
9291993 0x8DC8D9 MySQL ISAM index file Version 8
11240978 0xAB8612 MySQL ISAM index file Version 1
11431188 0xAE6D14 Unix path: /var/lib/jenkins/workspace
11546615 0xB02FF7 Unix path: /var/lib/jenkins/workspace
11723142 0xB2E186 Unix path: /1/4/5/6]
11747234 0xB33FA2 SHA256 hash constants, little endian
12234577 0xBAAF51 Unix path: /www.w3.org/1999/02/22-rdf-syntax-ns#"8
18849863 0x11FA047 Unix path: /H/I/R/S/X+Y+
19246275 0x125ACC3 Unix path: /N/P/Q/U/V/X/Y/
19557133 0x12A6B0D Unix path: /I/L/O/T\
20332025 0x1363DF9 Unix path: /A/D/E/H/I/~S
20368127 0x136CAFF Unix path: /L/O/P/ZJ
20790576 0x13D3D30 Unix path: /Q/S/T/X/Y/
22060039 0x1509C07 Certificate in DER format (x509 v3), header length: 4, sequence length: 1042
22060800 0x1509F00 Certificate in DER format (x509 v3), header length: 4, sequence length: 1120
22061549 0x150A1ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1146
22062317 0x150A4ED Certificate in DER format (x509 v3), header length: 4, sequence length: 1181
22062989 0x150A78D Certificate in DER format (x509 v3), header length: 4, sequence length: 1194
22681349 0x15A1705 JPEG image data, JFIF standard 1.01
22825947 0x15C4BDB MySQL ISAM index file Version 4
23840137 0x16BC589 SHA256 hash constants, little endian
26045398 0x18D6BD6 lzop compressed data,900,
26862957 0x199E56D LZO compressed data
26939728 0x19B1150 ELF, 64-bit LSB no file type,
27467411 0x1A31E93 Unix path: /sysdeps/ieee754/dbl-64/mpexp.c8
27868566 0x1A93D96 Executable script, shebang: "/bin/sh"
27893779 0x1A9A013 ELF, 64-bit LSB processor-specific,
28661360 0x1B55670 Base64 standard index table
28883640 0x1B8BAB8 ELF, 64-bit LSB processor-specific,
29837774 0x1C749CE lzop compressed data,800, LZO1X-1, os: MS-DOS
29877499 0x1C7E4FB eCos RTOS string reference: "ecosW"
29889527 0x1C813F7 HTML document header
29916857 0x1C87EB9 xz compressed data
30065108 0x1CAC1D4 Copyright string: "copyright (C) 1996 okir@monad.swb.de)."
30807857 0x1D61731 Executable script, shebang: "/bin/sh"
31158507 0x1DB70EB Unix path: /Min/Max/Avg/Cnt): olA/%u/3
31299086 0x1DD960E Unix path: /home/dji/Documents/projects/camera_h2_linux_sdk/
31922164 0x1E717F4 ELF, 64-bit LSB processor-specific,
31924192 0x1E71FE0 Executable script, shebang: "/bin/sh"
31998874 0x1E8439A Unix path: /usb/gadget/udc/a4
32010492 0x1E870FC ELF, 64-bit LSB no file type,
32144366 0x1EA7BEE ELF, 64-bit LSB no file type,
32266556 0x1EC593C SHA256 hash constants, little endian
32932163 0x1F68143 Copyright string: "Copyright (C) 0"
33074794 0x1F8AE6A Executable script, shebang: "/bin/sh"
33130836 0x1F98954 Executable script, shebang: "/bin/sh"
33515696 0x1FF68B0 Copyright string: "Copyright (C) 2009-2014 Free Software Foundation, Inc."
33516339 0x1FF6B33 Unix path: /install/share/gcc-4.9.2/f
33572727 0x2004777 ELF, 64-bit LSB processor-specific,
34161574 0x20943A6 Unix path: /H2_linux_merge/output.oem/AC101/host/usr/bin/ccachen
34181264 0x2099090 SHA256 hash constants, little endian
34321478 0x20BB446 Executable script, shebang: "/bin/sh"
35104099 0x217A563 ELF, 64-bit LSB processor-specific,
35457510 0x21D09E6 ELF, 64-bit LSB no file type,
35713684 0x220F294 ELF, 64-bit LSB no file type,
36000342 0x2255256 HTML document footer
36254694 0x22933E6 Executable script, shebang: "/bin/sh"
36356499 0x22AC193 Executable script, shebang: "/bin/sh"
36356656 0x22AC230 ELF, 64-bit LSB processor-specific,
37963842 0x2434842 Executable script, shebang: "/bin/sh"
38068731 0x244E1FB ELF, 64-bit LSB processor-specific,
38141809 0x245FF71 Executable script, shebang: "/bin/sh"
38141949 0x245FFFD ELF, 64-bit LSB processor-specific,
38227525 0x2474E45 ELF, 64-bit LSB processor-specific,
这有点棘手,因为我最初不知道如何进行。但是,我首先尝试使用 dd 提取“xz 压缩数据”部分。然后我尝试使用unxz来提取数据,但它说 xz 已损坏。
接下来,我在 Bless 十六进制编辑器中打开这个 xz 并看到它有魔法值:.7zXZ.YZ. 然后我研究并发现这.7zXZ是xz 有效载荷的开始并YZ标记它的结束。所以,如果我没记错的话,这是一个只有 1 个字节的 xz 有效载荷,在这种情况下,这似乎是一个误报,甚至可能是一种反倒转形式。继续...
我的下一个想法是使用 dd 从 eCos RTOS 参考开始提取数据。我在 Bless 中打开了数据来验证魔法值。最后,我在 IDA Pro 中打开了它,但它没有正确解析数据。我试过 MetaPC、ARM Little Endian(它要求位数,我选择了 32 位和 64 位)。我在这里能想到的唯一其他选择是尝试 LZ 压缩区域,但这些通常也是误报。最后,我尝试使用 010 Editor 和 IDA Pro 提取并打开 ELF。在 IDA 中,我得到“ELF 标头条目大小无效(6096,预期为 64)。此时,我可以使用来自更有经验的固件逆向者的一些指导。
我似乎在正确的轨道上?您还需要采取哪些其他步骤来找到固件好东西?最初,这些工件对我来说都是新的。