News:

Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at http://www.computersolutions.cn/blog

Author Topic: Ripping a linux.zip? Had any success?  (Read 3954 times)

  • *****
April 29, 2011, 11:52:40 am
I compared another linux.zip from the files section to my linux.zip created from a memory dump using Ramon van Bruggen's  .net program FoscamCloneRecovery.exe (http://goo.gl/fHst8).

My archive program successfully opens 541Linux.zip,  from the files section, but says that my recovered file, nc541w-linux.zip, is of an incorrect format.

Here are the first 255 bytes of each:

First the linux.zip from the files section:
Code: [Select]
$ hd -n 255 541Linux.zip

00000000  50 4b 03 04 14 00 00 00  08 00 23 89 8c 3b 5e 0a  |PK........#..;^.|

00000010  29 50 78 f6 0b 00 f0 3c  19 00 09 00 00 00 6c 69  |)Px....<......li|

00000020  6e 75 78 2e 62 69 6e ec  fd 0d 7c 54 57 9d 07 0e  |nux.bin...|TW...|

00000030  9f 3b 2f c9 10 06 b8 79  83 01 d2 72 81 b4 c6 9a  |.;/....y...r....|

00000040  b6 17 48 db b4 a6 ed 50  68 8b 85 b6 c3 6b b1 c5  |..H....Ph....k..|

00000050  3a b4 54 51 69 9b 56 54  dc 45 3b 49 26 90 62 a0  |:.TQi.VT.E;I&.b.|

00000060  01 c2 4b 69 da 8c 2d ba  ad 8b 8a 4a 77 d9 8a ee  |..Ki..-....Jw...|

00000070  b4 80 62 45 a5 8a da ed  e2 7a 67 86 bb 09 99 aa  |..bE.....zg.....|

00000080  a8 e8 62 c5 ce f3 fd 9e  73 26 33 49 51 eb ee fe  |..b.....s&3IQ...|

00000090  ff cf e7 f3 3c 9b 0f 87  33 f7 dc 73 cf eb ef fc  |....<...3..s....|

000000a0  de ce ef fc 8e 48 26 52  cf 9b 89 cc 8f 44 22 23  |.....H&R.....D"#|

000000b0  4e 4f 4e d5 45 1e 4b 47  a7 6e eb 17 e1 44 26 20  |NON.E.KG.n...D& |

000000c0  16 a7 7c e1 f6 86 73 b9  dc 35 b5 56 af 2b ac 75  |..|...s..5.V.+.u|

000000d0  ee f3 16 f2 59 8f ba 62  6f 22 73 93 21 06 c4 37  |....Y..bo"s.!..7|

000000e0  c6 8b ae 17 c7 8b e6 ee  1a d1 89 58 84 43 c2 98  |...........X.C..|

000000f0  6e 4e bf 58 88 ac 10 d7  64 9a 45 c2 3b 59 88     |nN.X....d.E.;Y.|

000000ff

Now my ripped linux.zip:

Code: [Select]
$ hd -n 255 nc541w-linux.zip

00000000  50 4b 03 04 14 00 02 00  08 00 e5 43 86 3d 3b 98  |PK.........C.=;.|

00000010  2b 19 e8 fd 0b 00 30 8d  19 00 09 00 00 00 6c 69  |+.....0.......li|

00000020  6e 75 78 2e 62 69 6e ec  fd 7d 7c 54 47 bd 07 8e  |nux.bin..}|TG...|

00000030  cf d9 87 64 09 5b 38 79  ec 36 a4 72 80 b4 a6 34  |...d.[8y.6.r...4|

00000040  6d 0f 90 b6 14 d3 b2 14  5a 51 d0 2e 0f 6d 51 b1  |m.......ZQ...mQ.|

00000050  a6 2d ad a8 d4 a6 15 15  bd b4 dd 24 9b 90 62 a0  |.-.........$..b.|

00000060  01 c2 43 69 da ac 2d 7a  d1 8b 57 54 ea c5 8a de  |..Ci..-z..WT....|

00000070  2d 50 c5 4a 2d 5a d4 de  5a f5 ec 6e 8e 09 59 54  |-P.J-Z..Z..n..YT|

00000080  54 f4 62 6d bb df f7 7b  66 36 bb 49 a9 0f f7 de  |T.bm...{f6.I....|

00000090  ef f7 f7 c7 cf bc 18 66  cf 9c 39 f3 f8 99 cf d3  |.......f..9.....|

000000a0  7c e6 33 22 11 4f 3e 69  c6 d3 2f 88 78 5a 9c 9a  ||.3".O>i../.xZ..|

000000b0  94 ac 8b 3c 94 6a 9a b2  75 50 84 e3 e9 80 b8 31  |...<.j..uP.....1|

000000c0  e9 0b b7 37 bc 9a cd ce  aa b5 fa 5c 61 75 b8 4f  |...7.......\au.O|

000000d0  5a c8 67 3d e8 8a bd f1  f4 f5 86 18 0a 9f 53 2d  |Z.g=..........S-|

000000e0  8e 95 56 8b e6 df d5 88  a3 88 45 34 24 8c e9 e6  |..V.......E4$...|

000000f0  f4 0b 85 c8 08 31 2b dd  2c e2 de 49 42 94 5c     |.....1+.,..IB.\|

000000ff


I see differences. Now I wonder about the capability of Ramon van Bruggen's  .net program FoscamCloneRecovery.exe. Has anyone successfully used it on image 7's linux image?


April 29, 2011, 12:14:35 pm
Differences are to be expected, unless they are identical files. Especially when two different versions of zip have been used, as is the case here.

Its also possible, since this is done with no error checking, that there were errors in the serial line during the dump, which have corrupted the zip file.

April 29, 2011, 12:52:59 pm
There is also this problem.

Quote
2:04 AM: Dumping frimware image: 'linux' Base: '0x7F020000' Size: '0x000BF7B0'
2:04 AM: Dumping linux from camera
2:17 AM: Dumping frimware image: 'romfs' Base: '0x7F0E0000' Size: '0x00108C00'
2:17 AM: Dumping romfs from camera

If we convert the size into decimal, my linux file should be 784,304 bytes... but its only 784,128 byte long. My romfs should be 1,084,416 bytes, but its 1,084,672. Looking at the romfs image, its clear the tail end of my linux image, plus a little more, is in there.

  • *****
April 29, 2011, 01:02:39 pm
I assume that the rip with FoscamCloneRecovery.exe contains errors. I will next try the kermit method described by Lawrence in "Topic: Firmware Recovery - method #2". Setting up kermit and jedit must first be accomplished, however. Know of any other methods to rip?


  • No avatar
  • *****
May 12, 2011, 09:47:42 pm
Simple enough to test.

zip -t yourrippedlinux.zip

If it passes, its ok
If it fails, no it isn't.

If you have a zip "ripped", it should unzip to a linux.bin file (which is our linux kernel).