From e680aea708d8979a55a427f94aa2a615192476a9 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Sat, 17 Dec 2016 18:12:41 +0100 Subject: Further document the format and produce a rogue system update * Truncate filesize to 20 bytes in hacked.toc (001b? IIRC) * Add various 0x00 as well.. firsy 0x80... gets turned into the compressed length but that fails.. needs to be bigger than 0x2000 to succeed. * LZMA size and trailer overlap.. I was too lazy to add/deal with padding so kept it short.. can be fixed... * Modified path for /etc/rc2.d.. to extract new script We seem lucky with file permissions.. that it is somehow executable even if SetFileAttributes is not set... --- update-ec20/README.ascii | 12 +++++++++++- update-ec20/data/hacked.toc | Bin 0 -> 5097 bytes update-ec20/data/hacked_system_diff_no_diff.diff | Bin 0 -> 9515 bytes 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100755 update-ec20/data/hacked.toc create mode 100755 update-ec20/data/hacked_system_diff_no_diff.diff diff --git a/update-ec20/README.ascii b/update-ec20/README.ascii index eee0cea..636acdb 100644 --- a/update-ec20/README.ascii +++ b/update-ec20/README.ascii @@ -11,7 +11,17 @@ compressed update. The size of that area seems to be computed as: 8 * num_diffs (maybe two CRC32?) 4 * num_insert (maybe a single CRC32)? - followed by lzma + followed by lzma... TOC of size compress_sz + LZMA again.. depends on the TOC.. delta_pos contains addr + + +LZMA needs to be compressed in 'alone' format and needs to have +the decompressed size in the header! 0xFF... leads to parse error +xz -F alone demo.sh + +LZMA: https://github.com/nobled/xz/commit/7d17818cec8597f847b0a2537fde991bbc3d9e96 +removed uncompressed_size support. So an plder version is needed.. +or use the original lzma SDK 0x0000d084 in is_expected_sig () diff --git a/update-ec20/data/hacked.toc b/update-ec20/data/hacked.toc new file mode 100755 index 0000000..aa9cd6e Binary files /dev/null and b/update-ec20/data/hacked.toc differ diff --git a/update-ec20/data/hacked_system_diff_no_diff.diff b/update-ec20/data/hacked_system_diff_no_diff.diff new file mode 100755 index 0000000..1ea739a Binary files /dev/null and b/update-ec20/data/hacked_system_diff_no_diff.diff differ -- cgit v1.2.3