解锁完成之后对其系统更新包产生了兴趣
仔细看了下发现结构简单,所以写了个基于python的解包器
有空再看Cramfs里面是什么吧~哈哈哈哈

import struct
import sys

def extractCramfs(fwData, offset):
    sizeStruct = struct.unpack('<I', fwData[offset+4:offset+8])[0]
    return fwData[offset:offset+sizeStruct]

def extractKernel(fwData, offset):
    headerSize = 64
    imageSize = struct.unpack('>I', fwData[offset+12:offset+16])[0]
    return fwData[offset:offset+headerSize+imageSize]

def extractLinuxVersion(uImageHeader):
    verStartSize = 32
    versionInfo = uImageHeader[verStartSize:64].decode('utf-8', 'ignore')
    return versionInfo

if __name__ == "__main__":
    if len(sys.argv) != 3 or sys.argv[1] != '--firm':
        print("Usage: python uroad_extractor.py --firm <path/to/firmware>")
        sys.exit(1)

    firmwarePath = sys.argv[2]
    with open(firmwarePath, 'rb') as firmwareFile:
        fwData = firmwareFile.read()

        cramfsData = extractCramfs(fwData, 32)
        with open('rootfs.cramfs', 'wb') as cramfsFile:
            print("Cramfs Size:", len(cramfsData))
            print("Cramfs Offset:", 32)
            print("Cramfs End:", 32 + len(cramfsData))
            cramfsFile.write(cramfsData)

        kernelStartAddr = 32 + len(cramfsData)
        uImageData = extractKernel(fwData, kernelStartAddr)
        with open('uImage.bin', 'wb') as uImageFile:
            print("Kernel Size:", len(uImageData))
            print("Kernel Offset:", kernelStartAddr)
            print("Kernel End:", kernelStartAddr + len(uImageData))
            print("Kernel CRC:", hex(struct.unpack('>I', uImageData[16:20])[0]))
            uImageFile.write(uImageData)

        linuxVersion = extractLinuxVersion(uImageData[:64])
        print("Linux Version:", linuxVersion)
        
        print("Extract Complete!")

知识共享许可协议
本文及其附件均采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可。

添加新评论