**** BEGIN LOGGING AT Sun Jun 10 03:00:02 2012
Jun 10 07:16:10 <munga> hello everybody. I'm trying to get a console on a wireless camera "tenvis mini319w". Can anybody help me to decompress these images ? http://www.tenvis.com/web/firmwaredownload.html ?
Jun 10 07:16:58 <munga> my first attempt would be to modify the firmware somehow to include a telnet shell then to attach a jtag to the board ...
Jun 10 07:18:39 <roxfan> PK 03 04 at offset 0x14
Jun 10 07:18:43 <munga> but I'm a bit lost...the hexdump of these file don't give me a known signature but looking at the content you can easily guess that they are somehow compressed ... archived ...
Jun 10 07:18:57 <roxfan> that's a zip file
Jun 10 07:19:21 <roxfan> but only kernel is inside
Jun 10 07:19:49 <roxfan> ah there's some extra data at the end
Jun 10 07:20:19 <munga> I'm more curious about the file mini_1.2.2.18.bin
Jun 10 07:20:30 <munga> that contains the code for the web interface ...
Jun 10 07:21:27 <roxfan> some pe file in the middle...
Jun 10 07:23:56 <roxfan> looks like the fs format is: dword filename_len; char filename[filename_len]; dword file_len; char file_data[file_len];
Jun 10 07:24:17 <roxfan> starting at offset 0x10
Jun 10 07:26:09 <munga> ok... a small pl script should do it then I guess ...
Jun 10 07:26:52 <roxfan> in the lr_cmos one there's some extra data after the zip named "rom1fs"
Jun 10 07:27:03 <roxfan> a bunch of filenames...
Jun 10 07:28:07 <munga> Thanks ! can you briefly explain how you guessed it and which tools you used ? I'm kinda curious to lean more about these tricks... or a link to a webpage will do as well...
Jun 10 07:28:22 <munga> Thanks ! can you briefly explain how you guessed it and which tools you used ? I'm kinda curious to learn more about these tricks... or a link to a webpage will do as well...
Jun 10 07:28:37 <roxfan> just a hex editor and eyeball mark I
Jun 10 07:28:59 <roxfan> well, this one was useful to find the zip end: http://en.wikipedia.org/wiki/ZIP_(file_format)
Jun 10 07:30:27 <munga> :)
Jun 10 07:30:38 <munga> this one seems a good resource as well : https://sites.google.com/site/shihsung/rc32xxx-soc/analyze-firmware
Jun 10 07:33:15 <roxfan> not a bad approach
Jun 10 07:33:46 <roxfan> but there's no single flowchart for every situation
Jun 10 07:35:11 <munga> yep, but to build my own set of "eyeball mark I" takes a fair amount of trial and error... :) ok. thanks for the tips. I think this will get me started
Jun 10 08:07:22 <munga> roxfan, putting on the side the joy of learning, I guess this is the tool I was looking for : https://code.google.com/p/binwalk/
Jun 10 08:08:09 <roxfan> it's useful, but again, doesn't work always
Jun 10 08:09:10 <roxfan> http://aluigi.altervista.org/mytoolz.htm <- also see signsrch and offzip
**** ENDING LOGGING AT Mon Jun 11 02:59:58 2012