Reverse Engineering Team Board - View Single Post - Is possible to reverse an embedded ARM linux u-Image?

chrgu000 · #3 05-04-2011, 09:28 PM

Quote:

Originally Posted by kao

Hmm, standard tools and tutorials wouldn't work?
http://buffalo.nas-central.org/wiki/...ract_an_uImage
http://beaversource.oregonstate.edu/...wto.txt?rev=32

Kao,

Thanks for your reply, I have successfully extract the uImage to a piggy file. Following is the procedure:
1. Use the script (http://buffalo.nas-central.org/wiki/...act_an_uImage), which will extract uImage to zImage;
2. Use following command:arm_v5t_le-objdump -EL -b binary -D -m armv5t zImage | grep 8b1f, this will find the offset of real kernel code in zImage, e.g. skip the self decompress code.
3. Use dd if=zImage of=piggy.gz bs=1 skip="offset found in setp 2" | gunzip piggy.gz. After this command, we will get a piggy file, which contains pure kernel code, but this is only a binary format, not a ELF format, so IDA can not diassemble it.
=============================

So, my question is: when I get this piggy file, how can I diassemble it, and find the "interesting code

" in this file?

Any suggestion?

Thanks