Le Blog de Sébastien Colas

MuleSoft, API, Java, Java EE, Cloud, Oracle Fusion Middleware…

Hack Transcend SDHC wifi (firmware suite)

Analyse du fichier initramfs3.gz

Pour cette partie j’ai tout bêtement suivi le tutoriel trouvé sur le site de lemoidului

$ head -c 10 initramfs3.gz
KAGZ(???
$ hexdump -C initramfs3.gz | more
00000000  4b 41 47 5a 00 28 a1 98  1f 8b 08 00 62 11 2b 51  |KAGZ.(......b.+Q|
$ dd if=initramfs3.gz of=initramfs.gz bs=1 skip=8
$ ls -l initramfs.gz 
-rw-rw-r-- 1 scolas scolas 2662808 Apr  3 18:44 initramfs.gz
$ gunzip initramfs.gz
$ mkdir RFS
$ cd RFS/
$ cpio -i &lt; ../initramfs
$ ls
bin  etc   init  linuxrc     mnt   root  sys  ts_version.inc  var
dev  home  lib   lost+found  proc  sbin  tmp  usr             www

Dans le fichier initramfs3.gz

Les 4 premiers octets (4b 41 47 5a) sont une entête invariable.
Les 4 octets suivants sont la taille (2662808 => 0x0028A198).

On peut maintenant se balader dans l’arborescence de notre firmware.

Le fichier /etc/init.d/rcS

Je vous mets le contenu ci dessous:

#! /bin/sh
echo "KeyASIC WifiSD console ..."
date -s 201201010000
mount -t jffs2 /dev/mtdblock0 /mnt/mtd > /tmp/log  2>&1 
ret=$?
if [ $ret -ne 0 ] ; then
	echo "Faled cmd: mount -t jffs2 /dev/mtdblock0 /mnt/mtd" >> /tmp/log.rcS
	cat /tmp/log >> /tmp/log.rcS
	cat /tmp/log
	rm /tmp/log
fi

insmod /lib/ka2000-sdhc.ko max_sd_blk=8 > /tmp/log 2>&1
ret=$?
if [ $ret -ne 0 ] ; then
	echo "Faled cmd: insmod /lib/ka2000-sdhc.ko" >> /tmp/log.rcS
	cat /tmp/log >> /tmp/log.rcS
	cat /tmp/log
	rm /tmp/log
fi

sleep 2
mount_sd > /tmp/log 2>&1
if [ $ret -ne 0 ] ; then
	echo "Faled cmd: mount_sd" >> /tmp/log.rcS
	cat /tmp/log >> /tmp/log.rcS
	cat /tmp/log
	rm /tmp/log
fi



buzzer -f 2

/etc/init.d/rcS.p     
  
# Memory policy
echo 2 > /proc/sys/vm/overcommit_memory
echo 100 > /proc/sys/vm/overcommit_ratio


# production test  
if [ -f /mnt/sd/WIFI_TEST.TXT ]
then
	sleep 5
	echo "start production test"
	production_test

	rm /mnt/sd/WIFI_TEST.TXT	
	sleep 1
	sync
	refresh_sd     
fi                               


echo "wsd to sd"
cp /mnt/mtd/config/wsd.conf /etc
sync
#cp /mnt/mtd/config/wsd.conf /mnt/sd

if [ ! -f /etc/cimgconf ]
then
echo "wsd to sd"
cp /mnt/mtd/config/cimgconf /etc
sync; refresh_sd
fi

/sbin/ifconfig lo 127.0.0.1 up
udpsvd 127.0.0.1 55778 /usr/bin/cmd_server &

# Start Identity server.
udpsvd 0 55777 idS &

# Firmware Upgrade Just Done 
if [ -f /etc/hostapd-fu.conf ]; then
	echo "Start Hostapd for finishing firmware upgrade"
	cp /mnt/mtd/config/dnsd.conf /etc
	#cp /mtd/udhcpd.conf to /etc
	cp /mnt/mtd/config/udhcpd.conf /etc
	cp /mnt/mtd/config/wsd_backup.conf /etc/wsd_backup.conf
	cp /mnt/mtd/config/instant_upload.conf /etc
	cp /mnt/mtd/config/ia.passwd /etc/boa
	if [ -f /mnt/mtd/config/is_wifi_list.json ]; then
		echo "Found is_wifi_list.json. copy to /etc/json/"
		cp /mnt/mtd/config/is_wifi_list.json /etc/json/is_wifi_list.json
	fi

	wifi_get_config -c "GPlus-Enable"
	gplus_setting=`cat /config_value`

    # Avoid starting instant upload
	/usr/bin/wifi_set_config -c "GPlus-Enable" "NO"

	#kcard_app --nohidden &
	/usr/bin/kcard_app.sh start

	/usr/bin/wifi_set_config -c "GPlus-Enable" "$gplus_setting"

	/usr/bin/ap_fu.sh

	sleep 1

	#pkill kcard_app
	/usr/bin/kcard_app.sh stop

	exit 0
fi


if [ ! -f "/mnt/mtd/wsdinfo" ]; then

	echo "Faled cmd: Can't find /mnt/mtd/wsdinfo" >> /tmp/log.rcS
	
	/usr/bin/kcard_app.sh start
	kcard_startup -s 0
	sleep 3 
	/usr/bin/kcard_app.sh stop

fi

# autorun.sh from sd in case need to perform some test mode
if [ -f /mnt/sd/autorun.sh ]
then
	echo "run autorun.sh"
	echo "run autorun.sh" >> /tmp/log.rcS
	sleep 1
	chmod 777 /mnt/sd/autorun.sh
	/mnt/sd/autorun.sh 
fi

/usr/bin/check_card.pl
ret=$?
if [ $ret -eq 0 ] ; then
	# Ts card
	echo "Transcend Card"
	echo "Transcend Card" >> /tmp/log.rcS
else 
	# Not ts card
	echo "Not Transcend Card"
	echo "Not Transcend Card" >> /tmp/log.rcS
	kcard_startup -s 0
	exit 0
fi





#cp /mtd/dnsd.conf to /etc
cp /mnt/mtd/config/dnsd.conf /etc
#cp /mtd/udhcpd.conf to /etc
cp /mnt/mtd/config/udhcpd.conf /etc
cp /mnt/mtd/config/wsd_backup.conf /etc/wsd_backup.conf
cp /mnt/mtd/config/instant_upload.conf /etc
cp /mnt/mtd/config/ia.passwd /etc/boa
if [ -f /mnt/mtd/config/is_wifi_list.json ]; then
	echo "Found is_wifi_list.json. copy to /etc/json/"
	cp /mnt/mtd/config/is_wifi_list.json /etc/json/is_wifi_list.json
fi

# Gen Boa Password file from wsd.conf
/usr/bin/gen_boa_passwd.sh

#echo "start telnetd server"
rcS1 & 

# httpd
rcS2 & 


echo "rcS done" 

ver
#ARM sleep disable
kcard_cmd -s 0

wifi_get_config -c "Auto WIFI"
Auto_WIFI=`cat /config_value`

wifi_get_config -c "Auto Mode"
Auto_Mode=`cat /config_value`

echo "Auto_WIFI = $Auto_WIFI" >> /tmp/log.rcS
echo "Auto_Mode = $Auto_Mode" >> /tmp/log.rcS
# Create the file to record the state of bootup before any login.
# If someone is logined, remove it.
touch /etc/bootup

if [ "$Auto_WIFI" = "Yes" ]; then
	if [ "$Auto_Mode" = "DS" ]; then
		echo "Start ap_server.sh" >> /tmp/log.rcS
		/usr/bin/ap_server.sh
	elif [ "$Auto_Mode" = "IN" ]; then
		echo "Start ap_client.sh" >> /tmp/log.rcS
		/usr/bin/ap_client.sh
	else
		echo "Auto WiFi mode $Auto_Mode is not valid. Use direct-share mode"
		echo "Auto WiFi mode $Auto_Mode is not valid. Use direct-share mode" >> /tmp/log.rcS
		/usr/bin/ap_server.sh
	fi
fi

/usr/bin/kcard_app.sh start

kcard_startup -s 0

sleep 1

/usr/bin/bodyguard.sh &


echo "Decompress libcrypto ..."
cp /mnt/mtd/libcrypto.so.0.9.8.bz2  /lib/
bunzip2 /lib/libcrypto.so.0.9.8.bz2

Les liens

http://lemoidului.wordpress.com/2013/02/11/linux-is-everywhere-pqi-aircard-partie-i/

Proudly powered by WordPress. Design by StylishWP