Dumping the firmware
This technique consists on reconstructing a firmware image dumping
pieces at certains offsets of the device internal memory.
End user details:
* Extract the firmware pieces from a running device
*
* This functionality is useful to extract backups of your system
* firmware. This is really useful when you're on a desert island
* without an internet connection.
*
* This tool needs more testing, so take care and don't blame me if
* it breaks your system. It *is* to your responsability, use at
* your own risk
*
* NOTE: It's theorically possible to flash the device on the fly from
* the running OS, but this has not yet been tested. Keep tuned for
* updates and newz.
*
* Have fun!
Technical details:
* The internal flash memory is exposed to the system as MTD devices.
* Is possible to dump the individual sections of a flashed firmware.
*
* READ src/dump.c for detailed information.
mtd0 - contains xloader and sencodary pieces of the bootloaders
0x00000 - xloader.bin (size is 0x03600)
0x04000 - secondary.bin (size is 0x15400)
0x1FFFF - eof
mtd1 - looks like there's a pool ConF structures
mtd2 - starts with NOLO img\x5c\x13 and \x00 padding
0x00800 - zImage
> NOLO is a four byte marker, next four bytes
> can vary since it is kernel image size
mtd3 - initfs.jffs2 (2M) aka 0x200000 vs 0x3900000
mtd4 - rootfs.jffs2 (a fucking copy of the above rootfs?)