 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
#1
05-04-2011, 04:07 AM
|
|||
|
|||
Is possible to reverse an embedded ARM linux u-Image?
All,
I am reversing an emdedded device, which is based on ARM Linux. I have dumped full flash image from the device, and extracted the files from it's file system. Now I found some encryption alg. of this device is compiled as static driver mode, e.g. these algs are in the uImage file. As you now, uImage is not in ELF format, I can use Hex editor to find some useful strings in the uImage file, so my question is : is it possible to disassemble the uImage with IDA or some other tools? If it is not possible, how can I reverse it? P.S. Is there some useful links for this topic? I have Googled for a long time, but nothing seems help to me. Thanks very much. 
|
|
#2
05-04-2011, 05:07 AM
|
|||
|
|||
Hmm, standard tools and tutorials wouldn't work?
http://buffalo.nas-central.org/wiki/...ract_an_uImage http://beaversource.oregonstate.edu/...wto.txt?rev=32
|
|
#3
05-04-2011, 09:28 PM
|
|||
|
|||
|
Quote:
 Kao,Thanks for your reply, I have successfully extract the uImage to a piggy file. Following is the procedure: 1. Use the script (http://buffalo.nas-central.org/wiki/...act_an_uImage), which will extract uImage to zImage; 2. Use following command:arm_v5t_le-objdump -EL -b binary -D -m armv5t zImage | grep 8b1f, this will find the offset of real kernel code in zImage, e.g. skip the self decompress code. 3. Use dd if=zImage of=piggy.gz bs=1 skip="offset found in setp 2" | gunzip piggy.gz. After this command, we will get a piggy file, which contains pure kernel code, but this is only a binary format, not a ELF format, so IDA can not diassemble it. ============================= So, my question is: when I get this piggy file, how can I diassemble it, and find the "interesting code  " in this file?Any suggestion? Thanks
|
Hybrid Mode
