diff options
author | pancake <pancake@dazo> | 2007-04-20 18:20:22 +0200 |
---|---|---|
committer | pancake <pancake@dazo> | 2007-04-20 18:20:22 +0200 |
commit | b1d0ce2848a79664374f802954b1e4390b11da6d (patch) | |
tree | 4f465ca029401b9afef0372ff1e0c60a43d87b40 /doc/dumping | |
download | 0xFFFF-b1d0ce2848a79664374f802954b1e4390b11da6d.tar.bz2 |
* Initial commit of 0xFFFF.0.1
This tree contains the same as the 0.1 tarball
Diffstat (limited to 'doc/dumping')
-rw-r--r-- | doc/dumping | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/doc/dumping b/doc/dumping new file mode 100644 index 0000000..0017a33 --- /dev/null +++ b/doc/dumping @@ -0,0 +1,45 @@ +<b>Dumping the firmware</b> + +This technique consists on reconstructing a firmware image dumping +pieces at certains offsets of the device internal memory. + + +<b>End user details:</b> + + * Extract the firmware pieces from a running device + * + * This functionality is useful to extract backups of your system + * firmware. This is really useful when you're on a desert island + * without an internet connection. + * + * This tool needs more testing, so take care and don't blame me if + * it breaks your system. It *is* to your responsability, use at + * your own risk + * + * NOTE: It's theorically possible to flash the device on the fly from + * the running OS, but this has not yet been tested. Keep tuned for + * updates and newz. + * + * Have fun! + + +<b>Technical details:</b> + + * The internal flash memory is exposed to the system as MTD devices. So it's + * possible to dump the individual sections of a flashed firmware. + * + * READ src/dump.c for detailed information. + + mtd0 - contains xloader and sencodary pieces of the bootloaders + 0x00000 - xloader.bin (size is 0x03600) + 0x04000 - secondary.bin (size is 0x15400) + 0x1FFFF - eof + + mtd1 - looks like there's a pool ConF structures + + mtd2 - starts with NOLO img\x5c\x13 and \x00 padding + 0x00800 - zImage + + mtd3 - rootfs.jffs2 (20M) aka 0x200000 vs 0x3900000 + + mtd4 - rootfs.jffs2 (a fucking copy of the above rootfs?) |