Dumped image from mi424wr rev D can't identify images about binwalk HOT 8 CLOSED

Using the latest binwalk, here's what I get:

 DECIMAL    HEX         DESCRIPTION
 -------------------------------------------------------------------------------------------------------------------
 5080       0x13D8      LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, missing     uncompressed size
 660228     0xA1304     LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, missing     uncompressed size
 4199172    0x401304    LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, missing uncompressed size
 7864472    0x780098    Zlib header, default compression, uncompressed size >= 32768
 7995544    0x7A0098    Zlib header, default compression, uncompressed size >= 32768
 8126616    0x7C0098    Zlib header, default compression, uncompressed size >= 32768

The zlib headers are valid and are decompressed properly; they appear to contain the device configuration settings.

Although the LZMA compressed files are "missing uncompressed size", all signs point to them actually being valid LZMA files. Each one appears at the beginning of a block of high entropy data, and immediately after what appears to be some decompression stubs which contain string references to LZMA decompression.

This has been seen previously in cable modems which used a slightly modified LZMA header, although binwalk has a plugin that attempts to extract these types of LZMA files. My guess is the Jungo has modified the LZMA headers or the compression itself; you'll probably need to reverse the decompression stubs in the firmware image, or get a copy of their GPL code to figure out what they've done here.

from binwalk.

The GPL code is available here http://opensource.actiontec.com/mi424wracd.html they have customized the LZMA compression from the looks of it. Its probably a bit over my head to actually port myself though.

from binwalk.

Issue #16 also has this same problem.

from binwalk.

Custom LZMA source is here https://github.com/Lightsword1942/jungo-image/tree/master/lzma

from binwalk.

This thread should explain some of the uncramfs-lzma modified Jungo images. And the Gianpietro explanation here:

lzma-uncramfs is a modification of the uncramfs program to be able to
unpack cramfs images included in some openrg based home routers.
It includes lzma decompression and a different PAGE_CACHE_SIZE.

To successfully compile lzma-uncramfs an old version of lzma modified
by Jungo/OpenRG team is included.

And lzma-uncramfs sources here. But I don't know if this is the same as that provided by James above...

from binwalk.

Did you test it on my router image? This is the firmware update file that I couldn't extract https://github.com/Lightsword1942/jungo-image/blob/master/4.0.16.1.56.0.10.11.6-MI424WR.rmt .

from binwalk.

No I didn't. I just randomly came across this page and recalled that I had encountered something very similar in the past while dealing with and looking at various Jungo based crap FW on Pirelli routers. (Those guys should have a huge lawsuit up theirs, since their insecure FW is jam packed with security holes, not conforming to GPL and endangering entire nations.) You'll have to compile those sources to do the extraction, then mount it, AFAICR.

from binwalk.

Yeah, I think these Verizon routers are similar(they also don't conform to the GPL by releasing only the source for certain parts of the router rather than the compile environment that actually matches their firmware binaries). I compared the config file that is on the router with the one that is in their GPL package and the GPL one is missing lots of features/drivers.

from binwalk.