Is possible to reverse an embedded ARM linux u-Image?
I am reversing an emdedded device, which is based on ARM Linux. I have dumped full flash image from the device, and extracted the files from it's file system. Now I found some encryption alg. of this device is compiled as static driver mode, e.g. these algs are in the uImage file. As you now, uImage is not in ELF format, I can use Hex editor to find some useful strings in the uImage file, so my question is : is it possible to disassemble the uImage with IDA or some other tools? If it is not possible, how can I reverse it?
P.S. Is there some useful links for this topic? I have Googled for a long time, but nothing seems help to me.
Thanks very much.
Hmm, standard tools and tutorials wouldn't work?
Thanks for your reply, I have successfully extract the uImage to a piggy file. Following is the procedure:
1. Use the script (http://buffalo.nas-central.org/wiki/...act_an_uImage), which will extract uImage to zImage;
2. Use following command:arm_v5t_le-objdump -EL -b binary -D -m armv5t zImage | grep 8b1f, this will find the offset of real kernel code in zImage, e.g. skip the self decompress code.
3. Use dd if=zImage of=piggy.gz bs=1 skip="offset found in setp 2" | gunzip piggy.gz. After this command, we will get a piggy file, which contains pure kernel code, but this is only a binary format, not a ELF format, so IDA can not diassemble it.
So, my question is: when I get this piggy file, how can I diassemble it, and find the "interesting code:D " in this file?
|All times are GMT -4. The time now is 05:30 PM.|
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.