Reverse Engineering Team Board

Reverse Engineering Team Board (
-   Console ReEngineering (
-   -   Is possible to reverse an embedded ARM linux u-Image? (

chrgu000 05-04-2011 04:07 AM

Is possible to reverse an embedded ARM linux u-Image?

I am reversing an emdedded device, which is based on ARM Linux. I have dumped full flash image from the device, and extracted the files from it's file system. Now I found some encryption alg. of this device is compiled as static driver mode, e.g. these algs are in the uImage file. As you now, uImage is not in ELF format, I can use Hex editor to find some useful strings in the uImage file, so my question is : is it possible to disassemble the uImage with IDA or some other tools? If it is not possible, how can I reverse it?
P.S. Is there some useful links for this topic? I have Googled for a long time, but nothing seems help to me.

Thanks very much.

kao 05-04-2011 05:07 AM

Hmm, standard tools and tutorials wouldn't work?

chrgu000 05-04-2011 09:28 PM


Originally Posted by kao (Post 28106)

;) Kao,

Thanks for your reply, I have successfully extract the uImage to a piggy file. Following is the procedure:
1. Use the script (, which will extract uImage to zImage;
2. Use following command:arm_v5t_le-objdump -EL -b binary -D -m armv5t zImage | grep 8b1f, this will find the offset of real kernel code in zImage, e.g. skip the self decompress code.
3. Use dd if=zImage of=piggy.gz bs=1 skip="offset found in setp 2" | gunzip piggy.gz. After this command, we will get a piggy file, which contains pure kernel code, but this is only a binary format, not a ELF format, so IDA can not diassemble it.

So, my question is: when I get this piggy file, how can I diassemble it, and find the "interesting code:D " in this file?

Any suggestion?


All times are GMT -4. The time now is 12:47 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.