Differences

This shows you the differences between two versions of the page.

Link to this comparison view

howto:unpack_dlink_firmware [2006/08/12 14:07]
sergeyzh
howto:unpack_dlink_firmware [2006/08/12 14:19] (current)
sergeyzh
Line 1: Line 1:
 +==== HowTo unpack D-Link firmware ====
 +Original firmware contains 2 parts: ​
 +  * Linux kernel with initrd (root fs)
 +  * SquashFS image (/lib and /usr)
 +
 +=== Split firmware ===
 +First you need to find string "​hsqs"​ in firmware. It's start part of SquashFS image.\\
 +Use **Far Manager** under Windows. It's easiest way. :-)\\
 +Press F3 to view file, F4 to switch to HEX mode and F7 to search "​hsqs"​ string.\\
 +{{squash_search.png}}\\
 +You see 0x260000 address. It's hex offset to SquashFS image. For humans it means: 2432K. It's standart offset, so I think you don't need to find it again.
 +
 +So now we can split kernel+initrd and SquashFS image:
 +<​code>​
 +dd if=DNS-300_runtime_v1.00b013.bin of=bootpImage-1.00.b13 bs=1024 count=2432
 +dd if=DNS-300_runtime_v1.00b013.bin of=cramfs-1.00.b013.img bs=1024 skip=2432
 +</​code>​
 +Don't confuse about "​cramfs...img"​ name. It's SquashFS image, not CramFS, but D-Link'​s developers uses filename "​cram.img"​ and I follow that strange tradition. :-)
 +
 +To have **initrd** image, you need to find initrd offset in bootpImage file.\\
 +Use **Far Manager** again and search string **ramdisk**,​ or **ramdisk.bin**\\
 +{{ramdisk_search.png}}\\
 +It's easy to see start part of initrd: 0xFD160 (1036640). I don't know good method to split files so precisely, so I've used stupid procedure: \\
 +<​code>​
 +split -b 1036640 bootpImage-1.00.b13
 +cat xab xac > initrd-1.00.b13.gz
 +gunzip initrd-1.00.b13.gz
 +</​code>​
 +Now you should have two files:
 +  * cramfs-1.00.b013.img
 +  * initrd-1.00.b13
 +=== View SquashFS ===
 +D-Link uses SquashFS 2.0 in their firmware, so you need Linux kernel with squashfs 2.0 support. I have compiled RPM for CentOS 4.3 i686 with SquashFS 2.0, so if you need I can share it.\\
 +To get access, you should mount image:
 +<​code>​
 +mkdir app-fs
 +mount -o loop -t squashfs cramfs-1.00.b013.img app-fs
 +</​code>​
 +
 +=== View initrd ===
 +<​code>​
 +mkdir initrd-100
 +mount -o loop initrd-1.00.b13 initrd-100
 +</​code>​
  
howto/unpack_dlink_firmware.txt · Last modified: 2006/08/12 14:19 by sergeyzh
CC Attribution-Noncommercial-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0