922 B

Raw Blame History

Reversing Firmware

Tools

binwalk
unlzma
tar
fat
- Create usable environment and start firmware inside it
```
./fat.py <firmware>
```
Jefferson or AUR package jefferson-git

Usage

Check image via strings
Check CRC via cksum -a crc <image>
Use binwalk to extract. There are to methods
- -e extract by offset
- --dd=".*" by file extension

Mount JFFS2 File

Use kernel where CONFIG_MTD_RAM is set. Using Arch this is any kernel before 5.10

rm -rf /dev/mtdblock0
mknod /dev/mtdblock0 b 31 0
mkdir /mnt/jffs2
modprobe jffs2
modprobe mtdram
modprobe mtdblock
dd if=<jffs2File> of=/dev/mtdblock0
mount -t jffs2 /dev/mtdblock0 /mnt/jffs2/

Tips & Tricks

Watch out for HNAP and JNAP as an attack vector