\u6613\u53d7\u653b\u51fb\u7684\u673a\u578b\u5982\u4e0b\uff1a<\/p>\n\n\n\n
- \n
- Vigor3910<\/li>\n\n\n\n
- Vigor1000B<\/li>\n\n\n\n
- Vigor2962 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2927 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2927 LTE \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2915 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2952 \/ 2952P<\/li>\n\n\n\n
- Vigor3220 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2926 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2926 LTE \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2862 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2862 LTE \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2620 LTE \u7cfb\u5217<\/li>\n\n\n\n
- VigorLTE 200n<\/li>\n\n\n\n
- Vigor2133 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2762 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor167<\/li>\n\n\n\n
- Vigor130<\/li>\n\n\n\n
- VigorNIC 132<\/li>\n\n\n\n
- Vigor165<\/li>\n\n\n\n
- Vigor166<\/li>\n\n\n\n
- Vigor2135 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2765 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2766 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2832<\/li>\n\n\n\n
- Vigor2865 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2865 LTE \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2866 \u7cfb\u5217<\/li>\n\n\n\n
- Vigor2866 LTE \u7cfb\u5217<\/li>\n<\/ul>\n\n\n\n
\u7531\u4e8e\u6ca1\u6709\u5b9e\u9645\u8bbe\u5907\uff0c\u6211\u4eec\u5148\u6311\u9009\u5f71\u54cd\u7684\u578b\u53f7Vigor 3910\u8fdb\u884c\u56fa\u4ef6\u5206\u6790\uff08https:\/\/fw.draytek.com.tw\/Vigor3910\/Firmware\/<\/a>\uff09\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-5.png\")
<\/figure>\n\n\n\n\u6211\u4eec\u4e0b\u8f7d\u6700\u65b0\u7684V4.3.2\u7248\u672c\u7684\u56fa\u4ef6\uff0c\u9996\u5148\u4f7f\u7528binwalk\u8fdb\u884c\u521d\u6b65\u5206\u6790\uff0c\u53d1\u73b0\u65e0\u6cd5\u89e3\u5305\uff0c\u518d\u4f7f\u7528WinHex\u5341\u516d\u8fdb\u5236\u5de5\u5177\u67e5\u770b\uff0c\u53ef\u4ee5\u521d\u6b65\u8ba4\u4e3a\u56fa\u4ef6\u662f\u67d0\u79cd\u52a0\u5bc6\u65b9\u5f0f\u52a0\u5bc6\u7684\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-7.png\")
<\/figure>\n\n\n\n\u65e2\u7136\u6709\u52a0\u5bc6\u7684\u56fa\u4ef6\uff0c\u90a3\u4e48\u53ef\u4ee5\u67e5\u770b\u65e7\u7248\u672c\u7684\u56fa\u4ef6\u662f\u5426\u6709\u4e0d\u52a0\u5bc6\u7684\u56fa\u4ef6\u8fdb\u884c\u201c\u8fc7\u6e21\u201d\u64cd\u4f5c\u3002<\/p>\n\n\n\n
\u4e8c\u3001\u65e7\u7248\u56fa\u4ef6\u5206\u6790<\/h2>\n\n\n\n
\u901a\u8fc7\u5386\u53f2\u56fa\u4ef6\u7684\u5bf9\u6bd4\u5206\u6790\uff0c\u53d1\u73b0v3.9.7.2\u7248\u672c\u7684\u56fa\u4ef6\u4e0e\u65b0\u7248\u7684\u56fa\u4ef6\u6709\u6240\u533a\u522b\uff0c\u4f7f\u7528binwalk\u5206\u6790\u5982\u4e0b\uff1a<\/p>\n\n\n\n
$ binwalk -Me v3910_3972.all \n\nDECIMAL HEXADECIMAL DESCRIPTION\n--------------------------------------------------------------------------------\n273054 0x42A9E Unix path: \/home\/eason_jhan\/1000b\/cavium\/firmware\/bdk\/libbdk-os\/bdk-rlock.c\n283704 0x45438 SHA256 hash constants, little endian\n469662 0x72A9E Unix path: \/home\/eason_jhan\/1000b\/cavium\/firmware\/bdk\/libbdk-os\/bdk-rlock.c\n480312 0x75438 SHA256 hash constants, little endian\n573012 0x8BE54 SHA256 hash constants, little endian\n835156 0xCBE54 SHA256 hash constants, little endian\n2032941 0x1F052D Neighborly text, \"neighbor %d too different %d from average %d, picking %d.LMC%d.R%d: MAJORTY: Byte %d: picking majority of %d over average %d.\"\n2079947 0x1FBCCB Unix path: \/home\/eason_jhan\/1000b\/cavium\/firmware\/bdk\/libbdk-os\/bdk-rlock.c\n2096368 0x1FFCF0 SHA256 hash constants, little endian\n2119768 0x205858 LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 2285442 bytes\n2886232 0x2C0A58 LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 311880 bytes\n3000920 0x2DCA58 LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 630943 bytes\n3155032 0x302458 device tree image (dtb)\n3160664 0x303A58 device tree image (dtb)\n3165272 0x304C58 device tree image (dtb)\n3165784 0x304E58 device tree image (dtb)\n3172440 0x306858 device tree image (dtb)\n3180632 0x308858 device tree image (dtb)\n3184728 0x309858 device tree image (dtb)\n3185752 0x309C58 device tree image (dtb)\n3191896 0x30B458 device tree image (dtb)\n3192408 0x30B658 device tree image (dtb)\n3199576 0x30D258 device tree image (dtb)\n3203160 0x30E058 device tree image (dtb)\n3207256 0x30F058 device tree image (dtb)\n3214424 0x310C58 device tree image (dtb)\n3219544 0x312058 device tree image (dtb)\n3228760 0x314458 device tree image (dtb)\n3233368 0x315658 device tree image (dtb)\n3239000 0x316C58 device tree image (dtb)\n3243096 0x317C58 device tree image (dtb)\n3243608 0x317E58 device tree image (dtb)\n3247704 0x318E58 device tree image (dtb)\n3253336 0x31A458 device tree image (dtb)\n3257432 0x31B458 device tree image (dtb)\n3258456 0x31B858 device tree image (dtb)\n3265112 0x31D258 device tree image (dtb)\n3272280 0x31EE58 device tree image (dtb)\n3276376 0x31FE58 device tree image (dtb)\n3277400 0x320258 device tree image (dtb)\n3284056 0x321C58 device tree image (dtb)\n3287640 0x322A58 device tree image (dtb)\n3288152 0x322C58 device tree image (dtb)\n3295320 0x324858 device tree image (dtb)\n3295832 0x324A58 device tree image (dtb)\n3302488 0x326458 device tree image (dtb)\n3306072 0x327258 device tree image (dtb)\n3330136 0x32D058 device tree image (dtb)\n3346008 0x330E58 device tree image (dtb)\n3361880 0x334C58 device tree image (dtb)\n3377752 0x338A58 device tree image (dtb)\n3400792 0x33E458 device tree image (dtb)\n3425368 0x344458 device tree image (dtb)\n3442264 0x348658 device tree image (dtb)\n3463768 0x34DA58 device tree image (dtb)\n3478616 0x351458 device tree image (dtb)\n3493976 0x355058 device tree image (dtb)\n3509848 0x358E58 device tree image (dtb)\n3526232 0x35CE58 device tree image (dtb)\n3541592 0x360A58 device tree image (dtb)\n3557526 0x364896 Copyright string: \"Copyright (C) 2016, Cavium Inc.\"\n3559079 0x364EA7 Copyright string: \"copyright notice and this permission notice shall be\"\n3561562 0x36585A Unix path: \/sys\/class\/gpio\/gpio472) for DSL model\n5052256 0x4D1760 CRC32 polynomial table, little endian\n5099137 0x4DCE81 Motorola S-Record; binary data in text format, record type: header\n5259312 0x504030 Microsoft executable, portable (PE)\n5499456 0x53EA40 SHA256 hash constants, little endian\n12693552 0xC1B030 ELF, 64-bit LSB shared object, version 1 (SYSV)\n12741544 0xC26BA8 gzip compressed data, maximum compression, from Unix, last modified: 1970-01-01 00:00:00 (null date)\n12820184 0xC39ED8 Intel x86 or x64 microcode, sig 0xffffff80, pf_mask 0x00, 1DE0-08-26, size 2048\n12820328 0xC39F68 Intel x86 or x64 microcode, sig 0xffffff80, pf_mask 0x00, 1DE0-08-26, size 2048\n12923200 0xC53140 LZO compressed data\n12925744 0xC53B30 CRC32 polynomial table, little endian\n13188944 0xC93F50 Copyright string: \"Copyright (c) 1999-2006 Intel Corporation.\"\n13196536 0xC95CF8 Copyright string: \"Copyright (c) 2009 - 2012 Intel Corporation.\"\n13197320 0xC96008 Copyright string: \"Copyright (c) 1999-2008 Intel Corporation.\"\n13199736 0xC96978 Copyright string: \"Copyright (c) 2013 - 2016 Intel Corporation.\"\n13410380 0xCCA04C Certificate in DER format (x509 v3), header length: 4, sequence length: 14848\n14404968 0xDBCD68 Unix path: \/dev\/vc\/0\n14479296 0xDCEFC0 Ubiquiti partition header, header size: 56 bytes, name: \"PARTNAME=%s\", base address: 0x74790A00, data size: 23295090 bytes\n14486472 0xDD0BC8 xz compressed data\n14569424 0xDE4FD0 Unix path: \/lib\/firmware\/updates\/4.9.0-OCTEONTX_SDK_6_2_0_p3_build_38\n14712280 0xE07DD8 Copyright string: \"Copyright(c) 1999-2006 Intel Corporation\"\n14789199 0xE1AA4F Copyright string: \"Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>\"\n14812265 0xE20469 Copyright string: \"Copyright(c) Pierre Ossman\"\n14848048 0xE29030 Unix path: \/sys\/firmware\/devicetree\/base\n14848848 0xE29350 Unix path: \/sys\/firmware\/fdt': CRC check failed\n14864129 0xE2CF01 Neighborly text, \"neighbor table overflow!ate is %x\"\n15613000 0xEE3C48 LZ4 compressed data, legacy\n15613426 0xEE3DF2 Executable script, shebang: \"\/bin\/sh\"\n16971299 0x102F623 Unix path: \/dev\/net\/tun.\n17236166 0x10700C6 mcrypt 2.5 encrypted data, algorithm: \"w\", keysize: 332 bytes, mode: \"\"\",\n19705376 0x12CAE20 XML document, version: \"1.0\"\n20045201 0x131DD91 VMware4 disk image\n20045848 0x131E018 Executable script, shebang: \"\/bin\/sh\"\n20111190 0x132DF56 Base64 standard index table\n21756040 0x14BF888 Unix path: \/sys\/class\/net\/%s\/phy80211\n22373111 0x15562F7 Base64 standard index table\n22816893 0x15C287D MPEG transport stream data\n23678637 0x1694EAD Copyright string: \"Copyright 1995-2005 Jean-loup Gailly \"\n24029059 0x16EA783 Unix path: \/dev\/net\/tun\n24533651 0x1765A93 eCos RTOS string reference: \"ecosW\"\n24543379 0x1768093 HTML document header\n24563221 0x176CE15 LUKS_MAGIC\n24564177 0x176D1D1 xz compressed data\n24873394 0x17B89B2 OpenSSL encryption, salted, salt: 0xC00770252D323573\n24884301 0x17BB44D HTML document header\n24906969 0x17C0CD9 Private key in DER format (PKCS header length: 4, sequence length: 2345\n25343574 0x182B656 Unix path: \/usr\/local\/shk\n25480049 0x184CB71 Executable script, shebang: \"\/bin\/bash\"\n26449086 0x19394BE SHA256 hash constants, little endian\n26965826 0x19B7742 Cisco IOS microcode, for \"\"\n27792979 0x1A81653 gzip compressed data, maximum compression, has header CRC, last modified: 1974-10-07 02:33:45 (bogus date)\n30516402 0x1D1A4B2 HTML document header\n30707709 0x1D48FFD Base64 standard index table\n32138317 0x1EA644D HTML document header\n32463276 0x1EF59AC PNG image, 32 x 24, 8-bit\/color RGBA, interlaced\n32463352 0x1EF59F8 Zlib compressed data, default compression\n32492091 0x1EFCA3B GIF image data, version \"89a\", 5 x\n32548082 0x1F0A4F2 JPEG image data, EXIF standard\n32574798 0x1F10D4E Zlib compressed data, best compression\n32577456 0x1F117B0 Zlib compressed data, best compression\n32580729 0x1F12479 JPEG image data, JFIF standard 1.02, thumbnail 11x98\n32751022 0x1F3BDAE Zlib compressed data, best compression\n32760485 0x1F3E2A5 Zlib compressed data, default compression\n32767499 0x1F3FE0B JPEG image data, JFIF standard 1.02\n32822738 0x1F4D5D2 Zlib compressed data, best compression\n32831773 0x1F4F91D XML document, version: \"1.0\"\n32866201 0x1F57F99 JPEG image data, JFIF standard 1.02\n32905743 0x1F61A0F GIF image data, version \"89a\", 30 x 30\n32943989 0x1F6AF75 Zlib compressed data, best compression\n32947100 0x1F6BB9C Zlib compressed data, best compression\n32954824 0x1F6D9C8 XML document, version: \"1.0\"\n32972713 0x1F71FA9 JPEG image data, JFIF standard 1.01\n33011108 0x1F7B5A4 PNG image, 52 x 5, 8-bit\/color RGBA, non-interlaced\n33201563 0x1FA9D9B XML document, version: \"1.0\"\n33236782 0x1FB272E PNG image, 1000 x 280, 8-bit\/color RGBA, interlaced\n33318819 0x1FC67A3 Zlib compressed data, best compression\n33382838 0x1FD61B6 JPEG image data, JFIF standard 1.01\n33382868 0x1FD61D4 TIFF image data, little-endian offset of first image directory: 8\n33516114 0x1FF6A52 ZBOOT firmware header, header size: 32 bytes, load address: 0x9C54505A, start address: 0x8B844857, checksum: 0x4F8B885F, version: 0xFF979388, image size: 991901497 bytes\n33609975 0x200D8F7 PNG image, 300 x 84, 8-bit\/color RGBA, non-interlaced\n33776158 0x203621E XML document, version: \"1.0\"\n33809104 0x203E2D0 PNG image, 310 x 531, 8-bit\/color RGBA, non-interlaced\n33809203 0x203E333 Zlib compressed data, best compression\n34312241 0x20B9031 JPEG image data, JFIF standard 1.01\n34352652 0x20C2E0C TIFF image data, big-endian, offset of first image directory: 8\n34799229 0x212FE7D Base64 standard index table\n35282151 0x21A5CE7 HTML document header\n35375557 0x21BC9C5 Base64 standard index table\n38441243 0x24A911B Certificate in DER format (x509 v3), header length: 4, sequence length: 873\n38694241 0x24E6D61 Executable script, shebang: \"\/bin\/bash\"\n38694568 0x24E6EA8 Unix path: \/dev\/net\/tun\n39750489 0x25E8B59 Unix path: \/usr\/lib64\/tc\/\n39881890 0x2608CA2 Copyright string: \"Copyright (C) 2004 by Harald Welte <laforge@gnumonks.org>\"\n40546844 0x26AB21C Unix path: \/home\/ruby\/X\n40667261 0x26C887D Copyright string: \"Copyright (C) 2018, Thomas G. Lane, Guido Vollbeding\"\n40692035 0x26CE943 Unix path: \/home\/ruby\/X\n42108450 0x2828622 Copyright string: \"Copyright (C) 2018, Thomas G. Lane, Guido Vollbeding\"\n42240067 0x2848843 Copyright string: \"Copyright (C) 2018, Thomas G. Lane, Guido Vollbeding\"\n42600735 0x28A091F gzip compressed data, ASCII, from VM\/CMS, last modified: 1995-08-24 06:41:07\n42608185 0x28A2639 ELF, 64-bit LSB processor-specific,\n42845890 0x28DC6C2 Neighborly text, \"neighbor C %s\"\n43871781 0x29D6E25 Unix path: \/home\/ruby\/X\n44237701 0x2A30385 Executable script, shebang: \"\/bin\/sh\"\n44249877 0x2A33315 OpenSSH RSA public key\n45239782 0x2B24DE6 SHA256 hash constants, little endian\n45601353 0x2B7D249 gzip compressed data, ASCII, from VM\/CMS, last modified: 2008-04-20 10:46:28\n47200461 0x2D038CD SHA256 hash constants, little endian\n<\/code><\/pre>\n\n\n\n\u901a\u8fc7binwalk\u7684\u5206\u6790\u7ed3\u679c\u53ef\u4ee5\u77e5\u9053\uff0c\u8fd9\u4e2a\u56fa\u4ef6\u5e94\u8be5\u4e0d\u662f\u52a0\u5bc6\u56fa\u4ef6\uff0c\u4f46\u662fbinwalk\u5e76\u4e0d\u652f\u6301\u5b83\u7684\u89e3\u5305\u64cd\u4f5c\uff0c\u5982\u6b64\u6211\u4eec\u5148\u5927\u6982\u56de\u987e\u4e00\u4e0b\u56fa\u4ef6\u7684\u57fa\u672c\u7ed3\u6784\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-9.png\")
<\/figure>\n\n\n\n\u901a\u8fc7\u4ee5\u4e0a\u56fa\u4ef6\u7684\u57fa\u672c\u7ed3\u6784\uff0c\u7ed3\u5408binwalk\u7684\u4fe1\u606f\uff0c\u6211\u4eec\u53ef\u4ee5\u8fd9\u6837\u5047\u8bbe\uff1a<\/p>\n\n\n\n
\u504f\u79fb<\/td> \u529f\u80fd<\/td> \u5907\u6ce8<\/td><\/tr> 0-0x205857<\/td> BootLoader<\/td> \u5148\u5927\u6982\u786e\u5b9a\u5185\u6838\uff0c\u518d\u5f80\u4e0a\u63a8\u6f14<\/td><\/tr> 0x205858-0xEE3DF1<\/td> Kernel<\/td> \u56e0\u4e3a\u6709LZMA\u7684\u6807\u8bc6\uff0c\u53ef\u4ee5\u5927\u6982\u63a8\u65ad\u4e3a\u5185\u6838\uff0c\u5e76\u4e14\u8fd9\u533a\u95f4\u6709dtb\u8bbe\u5907\u6811\u3001PE\u7ed3\u6784\u7b49\u6807\u8bc6<\/td><\/tr> 0xEE3DF2-\u672b\u5c3e<\/td> Rootfs<\/td> \u4ece\u8fd9\u91cc\u5f00\u59cb\u6709Executable script\u7684\u6807\u8bc6\uff0c\u8868\u793a\u5b58\u5728\u5b9e\u9645\u7684shell\u811a\u672c\u6587\u4ef6\u5185\u5bb9\u4e86\uff0c\u4ee5\u53ca\u540e\u9762\u6709\u56fe\u7247\u3001\u7f51\u9875\u7684\u6807\u8bc6\uff0c\u53ef\u4ee5\u65ad\u5b9a\u4e3a\u6587\u4ef6\u7cfb\u7edf<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n \u622a\u53d60xEE3DF2\u7684\u90e8\u5206\u5185\u5bb9\uff0c\u53ef\u4ee5\u770b\u51fa\u6b64\u7684\u786e\u4e3ashell\u811a\u672c\u7684\u5185\u5bb9\uff0c\u4f46\u662f\u811a\u672c\u91cc\u9762\u5145\u65a5\u7740\u5f88\u591a\u975eASCII\u7684\u5185\u5bb9\uff0c\u7ecf\u8fc7\u7ecf\u9a8c\u5206\u6790\uff0c\u6b64\u811a\u672c\u53ef\u80fd\u88ab\u538b\u7f29\u4e86\u3002<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-10.png\")
<\/figure>\n\n\n\n\u6211\u4eec\u518d\u6765\u5206\u6790binwalk\u7684\u89e3\u5305\u7ed3\u679c\uff0c\u57280xC26BA8\u5904\u6709\u4e2agzip\u7684\u6807\u8bc6\uff0c\u7ecf\u8fc7\u89e3\u538b\u7f29\uff0c\u53ef\u4ee5\u77e5\u9053\u5176\u4e3a\u5185\u6838\u7684\u914d\u7f6e\u4fe1\u606f\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-11.png\")
<\/figure>\n\n\n\n\u6211\u4eec\u77e5\u9053\u5185\u6838\u51b3\u5b9a\u4e86\u652f\u6301\u7684\u6587\u4ef6\u7cfb\u7edf\u7684\u7c7b\u578b\uff0c\u90a3\u4e48\u5176\u914d\u7f6e\u4fe1\u606f\u5185\u90e8\u53ef\u80fd\u4f1a\u5b9a\u4e49\u6587\u4ef6\u7cfb\u7edf\u7684\u76f8\u5173\u914d\u7f6e\uff0c\u5982\u6b64\u6211\u4eec\u641c\u7d22rootfs\u5173\u952e\u5b57\uff0c\u6700\u7ec8\u627e\u5230\u4e86initramfs.cpio.lz4\u7684\u5b57\u6837\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-13-1024x201.png?v=1663639966\")
<\/figure>\n\n\n\n\u540e\u7f00\u540dlz4\uff0c\u53ef\u4ee5\u8054\u60f3\u5230\u5047\u5b9a\u7684rootfs\u533a\u6bb5\u5185shell\u811a\u672c\u4e4b\u524d\u6709\u4e2aLZ4\u538b\u7f29\u6570\u636e\uff0c\u90a3\u4e48\u53ef\u4ee5\u65ad\u5b9a\u4ece0xEE3C48\u5e94\u8be5\u4e3a\u6587\u4ef6\u7cfb\u7edf\u7684\u8d77\u59cb\u4f4d\u7f6e\u3002<\/p>\n\n\n\n
15613000 0xEE3C48 LZ4 compressed data, legacy<\/mark>\n15613426 0xEE3DF2 Executable script, shebang: \"\/bin\/sh\"<\/code><\/pre>\n\n\n\n\u73b0\u5728\u77e5\u9053\u4e86\uff0cbinwalk\u53ef\u80fd\u5bf9lz4\u538b\u7f29\u4e0d\u592a\u652f\u6301\uff0c\u90a3\u4e48\u6211\u4eec\u624b\u52a8\u5bf9binwalk\u8fdb\u884c\u529f\u80fd\u6dfb\u52a0\uff1a<\/p>\n\n\n\n
# Ubuntu\u7cfb\u7edf \u6dfb\u52a0lz4\u538b\u7f29\u5de5\u5177\napt install liblz4-tool\n# \u52a0\u5165lz4\u7684\u538b\u7f29\u652f\u6301\uff08binwalk\u5b89\u88c5\u8def\u5f84\/binwalk\/config\/extract.conf\uff0c\u5982\u679c\u627e\u4e0d\u5230\u7528find\u547d\u4ee4\u67e5\u627e\uff09\n^lz4 compressed data:lz4:lz4 -d '%e' '%e.bin'<\/code><\/pre>\n\n\n\n\u6dfb\u52a0\u540e\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-14.png\")
<\/figure>\n\n\n\n\u4f7f\u7528binwalk -Me \u56fa\u4ef6\u5c31\u80fd\u83b7\u53d6\u5230\u6700\u7ec8\u7684\u6587\u4ef6\u7cfb\u7edf\u7684\u5185\u5bb9\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-15.png\")
<\/figure>\n\n\n\n\u4e09\u3001\u65b0\u7248\u56fa\u4ef6\u5206\u6790<\/h2>\n\n\n\n
\u6211\u4eec\u8bf4\u65e7\u7248\u56fa\u4ef6\u662f\u672a\u52a0\u5bc6\u7684\uff0c\u65b0\u7248\u56fa\u4ef6\u662f\u52a0\u5bc6\u7684\uff0c\u90a3\u4e48\u672a\u52a0\u5bc6->\u52a0\u5bc6\u7684\u8fc7\u7a0b\u4f1a\u6709\u4e2a\u201c\u8fc7\u6e21\u201d\u64cd\u4f5c\uff0c\u901a\u8fc7\u5173\u952e\u5b57\u201cfirmware\u201d\u5bf9\u6574\u4e2a\u6587\u4ef6\u7cfb\u7edf\u8fdb\u884c\u67e5\u627e\uff0c\u6700\u7ec8\u627e\u5230\u4e00\u4e2a\u6587\u4ef6fw_upload\u91cc\u9762\u6709\u5bf9\u65e7\u7248\u548c\u65b0\u7248\u56fa\u4ef6\u7684\u64cd\u4f5c\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-16.png\")
<\/figure>\n\n\n\n\u901a\u8fc7\u68b3\u7406\u6574\u4e2a\u903b\u8f91\uff0c\u53d1\u73b0\u65b0\u7248\u56fa\u4ef6v4.3.2\u4f7f\u7528fw_unpacker\u8fdb\u884c\u56fa\u4ef6\u7684\u89e3\u5305\u64cd\u4f5c\uff0c\u5e76\u4f7f\u7528chacha20\u8fdb\u884c\u89e3\u5bc6\u3002<\/p>\n\n\n\n
\u901a\u8fc7\u5206\u6790\u53ef\u77e5\u56fa\u4ef6\u7684\u7ed3\u6784\uff1a<\/p>\n\n\n\n
\u5e8f\u53f7<\/td> \u504f\u79fb<\/td> \u529f\u80fd<\/td><\/tr> 1<\/td> 0x0-0x03<\/td> \u6807\u8bc6\uff0c\u5b57\u7b26\u4e326216<\/td><\/tr> 2<\/td> 0x04-0x07<\/td> \u586b\u5145\uff0c\u503c0<\/td><\/tr> 3<\/td> 0x08-0x0B<\/td> header\u7684checksum\u6821\u9a8c\u503c\uff0c\u503c0x3EFB072A<\/td><\/tr> 4<\/td> 0x0C<\/td> \u503c1<\/td><\/tr> 5<\/td> 0x0D-0x3F<\/td> \u56fa\u4ef6\u7248\u672c\u53f7\uff0c\u5b57\u7b26\u4e324.3.2_RC5a<\/td><\/tr> 6<\/td> 0x40-0x43<\/td> \u957f\u5ea6\uff0c\u503c0x5<\/td><\/tr> 7<\/td> 0x44-0x48<\/td> \u578b\u53f7\uff0c\u5b57\u7b26\u4e32v3910<\/td><\/tr> 8<\/td> 0x49-0x4C<\/td> \u586b\u51451\uff0c\u503c0<\/td><\/tr> 9<\/td> 0x4D-0x50<\/td> \u672a\u77e5\uff0c\u503c0x00000059<\/td><\/tr> 10<\/td> 0x51-0x54<\/td> nonce\u5185\u5bb9\u7684checksum\u6821\u9a8c\u503c\uff0c\u503c0x6B075354<\/td><\/tr> 11<\/td> 0x55-0x88<\/td> \u586b\u51452\uff0c\u503c0<\/td><\/tr> 12<\/td> 0x89-0x8C<\/td> \u5b57\u7b26\u4e32nonce\u7684\u957f\u5ea6\uff0c\u503c0x5<\/td><\/tr> 13<\/td> 0x8D-0x92<\/td> \u5b57\u7b26\u4e32nonce<\/td><\/tr> 14<\/td> 0x93-0x95<\/td> nonce\u5185\u5bb9\u7684\u957f\u5ea6\uff0c\u503c0xC<\/td><\/tr> 15<\/td> 0x96-0xA1<\/td> nonce\u5185\u5bb9\uff0c\u5b57\u7b26\u4e32xRDYwRMx0B7u<\/td><\/tr> 16<\/td> 0xA2-0xA5<\/td> \u586b\u51451\uff0c\u503c0<\/td><\/tr> 17<\/td> 0xA6-0xA9<\/td> \u672a\u77e5\uff0c\u503c0x02FD1A51<\/td><\/tr> 18<\/td> 0xAA-0xAD<\/td> enc_Image\u5185\u5bb9\u7684checksum\u6821\u9a8c\u503c\uff0c\u503c0x26B0401D<\/td><\/tr> 19<\/td> 0xAE-0xE1<\/td> \u586b\u51452\uff0c\u503c0<\/td><\/tr> 20<\/td> 0xE2-0xE5<\/td> \u5b57\u7b26\u4e32enc_Image\u7684\u957f\u5ea6\uff0c\u503c0x9<\/td><\/tr> 21<\/td> 0xE6-0xEE<\/td> \u5b57\u7b26\u4e32enc_Image<\/td><\/tr> 22<\/td> 0xEF-0xF2<\/td> enc_Image\u5185\u5bb9\u7684\u957f\u5ea6\uff0c\u503c0x02FD1A00<\/td><\/tr> 23<\/td> 0xF3-0x2FD1AF2<\/td> enc_Image\u5185\u5bb9<\/td><\/tr> ...<\/td> ...<\/td> \u4ee5\u4e0b\u5185\u5bb9\u4ee5\u6b64\u7c7b\u63a8\uff0c\u5305\u542b\u4ee5\u4e0b\u533a\u5757\uff1a
enc_thunder-bootfs-uboot-t81.img
fw_release
fw_ver
pid
oid
uver
bdk_ver
linux_ver
drayqemu_ver
fw_release
fw_ver
pid
oid
uver
bdk_ver
fw_release
fw_ver
pid
oid
uver
bdk_ver<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n\u6bcf\u4e2a\u533a\u5757\u95f4\u96940x40\u5b57\u8282\uff0c\u5373\u586b\u51451\u5230\u586b\u51452\u4e4b\u95f4\u7684\u5185\u5bb9\u3002<\/strong><\/p>\n\n\n\n
checksum\u6821\u9a8c\u7b97\u6cd5\uff1a<\/p>\n\n\n\n
def checksum(data, num):\n length = len(data)\n num = (~num) & 0xFFFFFFFF\n if not num:\n num = 0xFFFFFFFF\n tmp1 = 0\n for i in range(length):\n tmp1 = data[i]\n for j in range(8):\n tmp2 = tmp1 ^ num\n num >>= 1\n if (tmp2 & 1):\n num ^= 0xEDB88320\n tmp1 >>= 1\n return (~num) & 0xFFFFFFFF<\/code><\/pre>\n\n\n\n\u6211\u4eec\u9700\u8981\u5173\u5fc3\u7684\u5c31\u662fenc_Image\u533a\u6bb5\uff0c\u5b83\u662fchacha20\u52a0\u5bc6\u7684\uff0c\u90a3\u4e48\u627e\u5230key\uff0cnonce\u5c31\u80fd\u89e3\u5bc6\u4e86\uff0c\u89e3\u5bc6\u51fa\u6765\u662f\u4e00\u4e2aPE\u6587\u4ef6\uff0c\u76f4\u63a5\u4f7f\u7528binwalk -Me \u56fa\u4ef6\u89e3\u5305\uff0c\u89e3\u5f00\u6587\u4ef6\u7cfb\u7edf\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.zhiwanyuzhou.com\/wp-content\/uploads\/2022\/09\/image-17.png\")
<\/figure>\n\n\n\n\u6700\u7ec8\uff0c\u672c\u7ad9\u7684\u56fa\u4ef6\u5206\u6790\u5de5\u5177<\/a>\u4e5f\u540c\u6b65\u66f4\u65b0\u4e86\u6b64\u7c7b\u578b\u56fa\u4ef6\u7684\u89e3\u5305\u65b9\u5f0f\u3002<\/p>\n\n\n\n
\u56db\u3001\u53c2\u8003\u94fe\u63a5<\/h2>\n\n\n\n