Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at

Author Topic: DeeZee  (Read 5698 times)

  • *****
April 25, 2011, 04:19:00 pm
Jimmy Ray Purser writes in his blog "Networking Geek to Geek" ( about an interesting program named deezee that he is using to examine foscam binaries. I have searched but cannot find a source for this program. Does anyone know where it is available?

here is a bit about DeeZee, per Jimmy Ray Purser:
Some firmware will be compressed in what is called ZLIB compressed chunks. In outsourced code larger then 3Meg this is very common. There is a great tool called DeeZee which is part of the Black Bag Tool Kit from Matasano. It is older but works really well still for binary dissection. DeeZee will search thru a binary file for ZLIB signatures then extract them and print out the results. Human behavior is such that we write and comment stuff out all the time. Look at the best practices for a simple ACL. If I run a file thru strings or view it in a hex editor and see nothing but unreadable crap, then I assume it must be ZLIB'ed or encrypted but that is very rare. I run it thru DeeZee, with the command:
./deezee firmwarename.bin
DeeZee will chew on it few a while then spit out the results into the same directory I run it at. I just do a LS to see the results, then view those results in my hex editor and Kazam! it's hammertime!

  • No avatar
  • *****
April 28, 2011, 10:55:51 am
The binaries can be compressed / decompressed using flthdr

This is talked about in the forum if you look!

I also blogged about a manual way to unzip the files too in my blog.
Files referrred to in that are here -
.  There is a perl file that will uncompress the binaries (if compressed).

Easiest is just to use the tools in the BSP.

flthdr will compress and decompress ELF bFLT files.

flthdr -z camera

For file info, use the file command.


file camera