For some time now I wanted to open up these magical files that are full of options and settings, making our modems, cameras and other peripherals able to work. This is my starting guide for someone that would like to have a start on firmware reverse engineering. The firmware of my choice is the firmware that is running on wireless Router Sagem F@st 1500WG/1540WG.
There are not many tools that we actually need for a start and for me there was only one not on my system, that tool is binwalk ( http://code.google.com/p/binwalk/ ). I read about binwalk first time on the blog of /dev/ttyS0 ( http://www.devttys0.com ).
So first things first, getting binwalk.tar.gz from http://binwalk.googlecode.com/files/binwalk-0.3.7.tar.gz , current version is 0.3.7 at the time of this writing and starting the compile I notice that my system was missing libcurl library. These days I run mostly ubuntu/debian based systems so if you run on the same problem the solution is the following:
1: apt-get install libcurl4-gnutls-devAfter installing the missing library ./configure , make and make install on the binwalk package completed with no issue.
Searching on Google I found the firmware and downloaded it on my system. Initially the provided package is zip compressed with the name SAGEM_1500WG_ROHS_Firmware_3_0_6.zip.
1: root@system:~/firmware# l
2: total 14363: drwxr-xr-x 2 root root 4096 2011-08-16 12:14 ./
4: drwxr-xr-x 54 root root 4096 2011-08-16 12:13 ../
5: -rw-r--r-- 1 root root 1457477 2011-08-16 12:14 SAGEM_1500WG_ROHS_Firmware_3_0_6.zip
6: root@system:~/firmware# unzip SAGEM_1500WG_ROHS_Firmware_3_0_6.zip
7: Archive: SAGEM_1500WG_ROHS_Firmware_3_0_6.zip
8: inflating: 1500WG_SP_FW3_0_6_c.bin
9: user@system:~/firmware# file 1500WG_SP_FW3_0_6_c.bin
10: 1500WG_SP_FW3_0_6_c.bin: Zip archive data, at least v2.0 to extract
11: user@system:~/firmware#
“file” command identifies “1500WG_SP_FW3_0_6_c.bin” as zip compressed file. At this point my first action was just to try and unzip it,
1: root@system:~/firmware# unzip 1500WG_SP_FW3_0_6_c.bin
2: Archive: 1500WG_SP_FW3_0_6_c.bin
3: warning [1500WG_SP_FW3_0_6_c.bin]: 1263616 extra bytes at beginning or within zipfile
4: (attempting to process anyway)5: inflating: ar0700mp.bin
So indeed, the file contains a compressed binary but there is also a warning saying that some extra bytes exist.
Another procedure to have a vague idea of the contents of the file can be achieved with the use of “strings” and “hexdump” commands.
1: root@system:~/firmware# hexdump -C 1500WG_SP_FW3_0_6_c.bin > hex.dump
2: root@system:~/firmware# strings -n 10 1500WG_SP_FW3_0_6_c.bin > strings.out
My first choice here is always to have a look at strings' output first and at this time, interestingly there were the followings:
1: root@system:~/firmware# more strings.out 2: soho.binUT 3: [3>z~&@71~ 4: j&H[3Azn&D7dB 5: uPb)(]cC1f 6: fmp/[(|!Vi} 7: Z`?EU:f$q9 8: Cao52io58: 9: ?a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{>a{ 10: >=0Ubg}n ! 11: . ^NFt[Ge, 12: J](7edW)^wq/C13: i^'4,_$*5,/ X
14: f*|OeJ}Of| 15: )y~Z?/+y~N?//y~^? 16: mx2Et"Et"Et"Et"Et" 17: =r;AW@n'1or=]1 18: Fk?Ok?Ok?Ok?Ok 19: H2]I2]I2]I2]I2]I2]I2]I 20: e^7>Cb?8RF 21: /C~n.u^F.y^ 22: (*:v#pZr;73 23: }VF9ge%bkk 24: p,i=?|/YNO 25: Pe./QFWeVW 26: qjdedJxEjD 27: a|:eT1Qn:=< 28: 42mX<bc`Y! 29: ,9m\LX2MK2M 30: Dv44>H7AyNW 31: mKtnX2]&5~} 32: !-`$p<xZ>3 33: %fW]={vMMm 34: qiS`E`Y`I`Q 35: soho.binUT 36: pfs.imgUT 37: Z*DF<@%#yi 38: oWEGb1WLF_SX 39: Dd8VpbAV#q 40: pfs-en.imgUT 41: HWA/=wXU?> 42: 1h-e&W^s~E 43: EZfWaEcP+8* 44: .!cnGC|Ck`|45: {'6tWUWwWWW
46: O<{>){h)9* 47: pfs-en.imgUT 48: pfs-fr.imgUT 49: ]Fmq~iascqY 50: tm}}vqmAr- 51: >>y1 zLN3J] 52: $Lo(I^FIVs 53: \T+uhMk7(= 54: Z6|<kdMpVr 55: eYn*ps[pYV\ 56: 3Ol?]sll&GXb 57: n%hxMKGK7. 58: pfs-fr.imgUT 59: ar0700mp.bin 60: W>~E>{to'=yr 61: ?BUUnX/Lqj 62: jXF?W8o50o 63: ar0700mp.binPKAs we can see form the strings’ output we have some file names showing up, soho.bin, pfs.img, pfs-en.img, pfs-fr.img and ar0700mp.bin.
1: root@system:~/firmware# binwalk 1500WG_SP_FW3_0_6_c.bin
2: 3: DECIMAL HEX DESCRIPTION 4: -------------------------------------------------------------------------------------------------------5: 0 0x0 Zip archive data, at least v2.0 to extract
6: 951296 0xE8400 Zip archive data, at least v2.0 to extract
7: 977920 0xEEC00 Zip archive data, at least v2.0 to extract
8: 1115136 0x110400 Zip archive data, at least v2.0 to extract
9: 1263616 0x134800 Zip archive data, at least v2.0 to extract
We can see that binwalk identified 5 different archives and we have from strings 5 different filenames. Proceeding with extracting the files, “dd” command to the rescue,
1: root@system:~/firmware# dd if=1500WG_SP_FW3_0_6_c.bin bs=1 skip=0 count=951296 of=first.zip
2: 951296+0 records in 3: 951296+0 records out4: 951296 bytes (951 kB) copied, 4.68149 s, 203 kB/s
5: root@system:~/firmware# file first.zip
6: first.zip: Zip archive data, at least v2.0 to extract
7: root@system:~/firmware# unzip first.zip
8: Archive: first.zip
9: inflating: soho.bin
10: root@system:~/firmware# dd if=1500WG_SP_FW3_0_6_c.bin bs=1 skip=951296 count=26624 of=second.zip
11: 26624+0 records in 12: 26624+0 records out13: 26624 bytes (27 kB) copied, 0.0675911 s, 394 kB/s
14: root@system:~/firmware# unzip second.zip
15: Archive: second.zip
16: inflating: pfs.img
17: root@system:~/firmware# dd if=1500WG_SP_FW3_0_6_c.bin bs=1 skip=977920 count=137216 of=third.zip
18: 137216+0 records in 19: 137216+0 records out20: 137216 bytes (137 kB) copied, 3.63918 s, 37.7 kB/s
21: root@system:~/firmware# unzip third.zip
22: Archive: third.zip
23: inflating: pfs-en.img
24: root@system:~/firmware# dd if=1500WG_SP_FW3_0_6_c.bin bs=1 skip=1115136 count=148480 of=forth.zip
25: 148480+0 records in 26: 148480+0 records out27: 148480 bytes (148 kB) copied, 2.04028 s, 72.8 kB/s
28: root@system:~/firmware# unzip forth.zip
29: Archive: forth.zip
30: inflating: pfs-fr.img
31: root@system:~/firmware# dd if=1500WG_SP_FW3_0_6_c.bin bs=1 skip=1263616 of=fifth.zip
32: 200714+0 records in 33: 200714+0 records out34: 200714 bytes (201 kB) copied, 2.235 s, 89.8 kB/s
35: root@system:~/firmware# unzip fifth.zip
36: unzip fifth.zip
37: Archive: fifth.zip
38: inflating: ar0700mp.bin
How to find how many bytes you actually need to extract each time? It’s easy, just subtract the decimal places of the starting positions from the sections, eg.
First position is until from 0 to 951296, the second file length exists between (third – second position) 977920 – 951296 = 26624 bytes.
Starting with the pfs files I went ahead identifying them with binwalk eg,
binwalk pfs.img gave the following results:
1: DECIMAL HEX DESCRIPTION 2: -------------------------------------------------------------------------------------------------------3: 0 0x0 PFS filesystem, version .9, 37377 files
I had no prior knowledge of the PFS filesystem and I went ahead with Google search. Initial search results were no good, seems that “PFS filesystem” stands for many things like Professional File System, Playstation File system etc. Checking at the header of the file I notice the magic number
1: root@system:~/firmware# hexdump -C -n 8 pfs.img
2: 00000000 50 46 53 2f 30 2e 39 00 |PFS/0.9.|
3: 00000008and I went ahead with a new search on PFS/0.9. The second result is for a file decoder from Domen Puncer ( http://cba.si/pfs/ ) for PFS/0.9 files and as described on README ( http://cba.si/pfs/_README ) “ Contents of those files are just HTML pages and images,
they also contain .EXE files, sized 0 bytes. “
I grabbed a copy of http://cba.si/pfs/pfs.c, and compiled the file using gcc –o pfs pfs.c, the result was the binary that I needed and as promised the contents of my pfs.img file were extracted.
1: root@system:~/firmware# ./pfs < pfs.img 2: sig: PFS/0.9 3: wtf1: 0x00000000 4: wtf2: 0x0000 5: entries: 402 6: detected path length of 40 bytes 7: www\cgi-bin\7804WBRa_backup.bin ?1:0xac514eca offset: 0 size: 0 8: www\cgi-bin\aadsl.exe ?1:0xac514eca offset: 0 size: 0 9: www\cgi-bin\ac_control.exe ?1:0xac514eca offset: 0 size: 0 10: www\cgi-bin\add_cur_mac.exe ?1:0xac514eca offset: 0 size: 0 11: www\cgi-bin\admz.exe ?1:0xac514eca offset: 0 size: 0 12: www\cgi-bin\aoaccadd.exe ?1:0xac514eca offset: 0 size: 0 13: www\cgi-bin\aoaccdel.exe ?1:0xac514eca offset: 0 size: 0 14: www\cgi-bin\aoschadd.exe ?1:0xac514eca offset: 0 size: 0 15: www\cgi-bin\aoschdel.exe ?1:0xac514eca offset: 0 size: 0 16: www\cgi-bin\aportadd.exe ?1:0xac514eca offset: 0 size: 0 17: www\cgi-bin\aportdel.exe ?1:0xac514eca offset: 0 size: 0 18: www\cgi-bin\aportfd.exe ?1:0xac514eca offset: 0 size: 0 19: www\cgi-bin\arip.exe ?1:0xac514eca offset: 0 size: 0 20: www\cgi-bin\aroute.exe ?1:0xac514eca offset: 0 size: 0 21: www\cgi-bin\ArouteNew.exe ?1:0xac514eca offset: 0 size: 0 22: www\cgi-bin\asec.exe ?1:0xac514eca offset: 0 size: 0 23: www\cgi-bin\atmpvc.exe ?1:0xac514eca offset: 0 size: 0 24: www\cgi-bin\aurlbk.exe ?1:0xac514eca offset: 0 size: 0 25: www\cgi-bin\backup.bin ?1:0xac514eca offset: 0 size: 0 26: www\cgi-bin\backup_config.exe ?1:0xac514eca offset: 0 size: 0 27: www\cgi-bin\backup_log.exe ?1:0xac514eca offset: 0 size: 0 28: www\cgi-bin\badsl.exe ?1:0xac514eca offset: 0 size: 0 29: www\cgi-bin\Batmint.exe ?1:0xac514eca offset: 0 size: 0 30: www\cgi-bin\bcable.exe ?1:0xac514eca offset: 0 size: 0 31: www\cgi-bin\bdhcp.exe ?1:0xac514eca offset: 0 size: 0 32: www\cgi-bin\Bisp.exe ?1:0xac514eca offset: 0 size: 0 33: www\cgi-bin\bwtype.exe ?1:0xac514eca offset: 0 size: 0 34: www\cgi-bin\changef.exe ?1:0xac514eca offset: 0 size: 0 35: www\cgi-bin\clientfilter.exe ?1:0xac514eca offset: 0 size: 0 36: www\cgi-bin\clMac.exe ?1:0xac514eca offset: 0 size: 0 37: www\cgi-bin\config ?1:0xac514eca offset: 0 size: 0 38: www\cgi-bin\engineer.exe ?1:0xac514eca offset: 0 size: 0 39: www\cgi-bin\firewall_SPI.exe ?1:0xac514eca offset: 0 size: 0 40: www\cgi-bin\fire_eb.exe ?1:0xac514ecb offset: 0 size: 0 41: www\cgi-bin\hacker_prevention.exe ?1:0xac514ecb offset: 0 size: 0 42: www\cgi-bin\hw_opt.cgi ?1:0xac514ecb offset: 0 size: 0 43: www\cgi-bin\ipsec-sa.exe ?1:0xac514ecb offset: 0 size: 0 44: www\cgi-bin\ipsec_clrplcy.exe ?1:0xac514ecb offset: 0 size: 0 45: www\cgi-bin\ipsec_connect.exe ?1:0xac514ecb offset: 0 size: 0 46: www\cgi-bin\IPSEC_EB.EXE ?1:0xac514ecb offset: 0 size: 0 47: www\cgi-bin\ipsec_submit_sp.exe ?1:0xac514ecb offset: 0 size: 0 48: www\cgi-bin\log ?1:0xac514ecb offset: 0 size: 0 49: www\cgi-bin\logfile.log ?1:0xac514ecb offset: 0 size: 0 50: www\cgi-bin\login.exe ?1:0xac514ecb offset: 0 size: 0 51: www\cgi-bin\logout.exe ?1:0xac514ecb offset: 0 size: 0 52: www\cgi-bin\macac_control.exe ?1:0xac514ecb offset: 0 size: 0 53: www\cgi-bin\nat_eb.exe ?1:0xac514ecb offset: 0 size: 0 54: www\cgi-bin\nat_show.exe ?1:0xac514ecb offset: 0 size: 0 55: www\cgi-bin\nat_sp.exe ?1:0xac514ecb offset: 0 size: 0 56: www\cgi-bin\ntp_setting.exe ?1:0xac514ecb offset: 0 size: 0 57: www\cgi-bin\pptp.exe ?1:0xac514ecb offset: 0 size: 0 58: www\cgi-bin\pptp_c.exe ?1:0xac514ecb offset: 0 size: 0 59: www\cgi-bin\pptp_s.exe ?1:0xac514ecb offset: 0 size: 0 60: www\cgi-bin\pptp_tunnel.exe ?1:0xac514ecb offset: 0 size: 0 61: www\cgi-bin\production.exe ?1:0xac514ecb offset: 0 size: 0 62: www\cgi-bin\qadd_cur_mac.exe ?1:0xac514ecb offset: 0 size: 0 63: www\cgi-bin\qBatmint.exe ?1:0xac514ecb offset: 0 size: 0 64: www\cgi-bin\qos_delcls.exe ?1:0xac514ecb offset: 0 size: 0 65: www\cgi-bin\qos_eb.exe ?1:0xac514ecb offset: 0 size: 0 66: www\cgi-bin\qos_mvcls.exe ?1:0xac514ecb offset: 0 size: 0 67: www\cgi-bin\qos_submit_bw.exe ?1:0xac514ecb offset: 0 size: 0 68: www\cgi-bin\qos_submit_cls.exe ?1:0xac514ecb offset: 0 size: 0 69: www\cgi-bin\qs1.exe ?1:0xac514ecb offset: 0 size: 0 70: www\cgi-bin\qs2.exe ?1:0xac514ecb offset: 0 size: 0 71: www\cgi-bin\qs2_.exe ?1:0xac514ecb offset: 0 size: 0 72: www\cgi-bin\qs3.exe ?1:0xac514ecb offset: 0 size: 0 73: www\cgi-bin\Qs5.exe ?1:0xac514ecb offset: 0 size: 0 74: www\cgi-bin\qs6.exe ?1:0xac514ecb offset: 0 size: 0 75: www\cgi-bin\qsetup_cable.exe ?1:0xac514ecb offset: 0 size: 0 76: www\cgi-bin\qsetup_cable1.exe ?1:0xac514ecb offset: 0 size: 0 77: www\cgi-bin\qsetup_time.exe ?1:0xac514ecb offset: 0 size: 0 78: www\cgi-bin\qsetup_wan_bigpond.exe ?1:0xac514ecb offset: 0 size: 0 79: www\cgi-bin\qsetup_wan_fix.exe ?1:0xac514ecb offset: 0 size: 0 80: www\cgi-bin\qsetup_wan_pppoe.exe ?1:0xac514ecb offset: 0 size: 0 81: www\cgi-bin\qstatusprocess.exe ?1:0xac514ecb offset: 0 size: 0 82: www\cgi-bin\qwireless_f.exe ?1:0xac514ecb offset: 0 size: 0 83: www\cgi-bin\qwireless_ssid.exe ?1:0xac514ecb offset: 0 size: 0 84: www\cgi-bin\qwireless_wep.exe ?1:0xac514ecb offset: 0 size: 0 85: www\cgi-bin\restart.exe ?1:0xac514ecb offset: 0 size: 0 86: www\cgi-bin\restore.exe ?1:0xac514ecb offset: 0 size: 0 87: www\cgi-bin\setup_clientfilter.exe ?1:0xac514ecb offset: 0 size: 0 88: www\cgi-bin\setup_config_data.exe ?1:0xac514ecb offset: 0 size: 0 89: www\cgi-bin\setup_ddns.exe ?1:0xac514ecb offset: 0 size: 0 90: www\cgi-bin\setup_dmz.exe ?1:0xac514ecb offset: 0 size: 0 91: www\cgi-bin\setup_dns.exe ?1:0xac514ecc offset: 0 size: 0 92: www\cgi-bin\setup_firewall.exe ?1:0xac514ecc offset: 0 size: 0 93: www\cgi-bin\setup_fix_pat.exe ?1:0xac514ecc offset: 0 size: 0 94: www\cgi-bin\setup_lan.exe ?1:0xac514ecc offset: 0 size: 0 95: www\cgi-bin\setup_misc.exe ?1:0xac514ecc offset: 0 size: 0 96: www\cgi-bin\setup_nat_show.exe ?1:0xac514ecc offset: 0 size: 0 97: www\cgi-bin\setup_pass.exe ?1:0xac514ecc offset: 0 size: 0 98: www\cgi-bin\setup_remote_mgmt.exe ?1:0xac514ecc offset: 0 size: 0 99: www\cgi-bin\setup_sch.exe ?1:0xac514ecc offset: 0 size: 0 100: www\cgi-bin\setup_snmp.exe ?1:0xac514ecc offset: 0 size: 0 101: www\cgi-bin\setup_specialapps.exe ?1:0xac514ecc offset: 0 size: 0 102: www\cgi-bin\setup_time.exe ?1:0xac514ecc offset: 0 size: 0 103: www\cgi-bin\setup_virtualserver.exe ?1:0xac514ecc offset: 0 size: 0 104: www\cgi-bin\setup_wan.exe ?1:0xac514ecc offset: 0 size: 0 105: www\cgi-bin\setup_wan_bigpond.exe ?1:0xac514ecc offset: 0 size: 0 106: www\cgi-bin\setup_wan_bridge.exe ?1:0xac514ecc offset: 0 size: 0 107: www\cgi-bin\setup_wan_dhcp.exe ?1:0xac514ecc offset: 0 size: 0 108: www\cgi-bin\setup_wan_fix.exe ?1:0xac514ecc offset: 0 size: 0 109: www\cgi-bin\setup_wan_modem.exe ?1:0xac514ecc offset: 0 size: 0 110: www\cgi-bin\setup_wan_pppoe.exe ?1:0xac514ecc offset: 0 size: 0 111: www\cgi-bin\setup_wan_pptp.exe ?1:0xac514ecc offset: 0 size: 0 112: www\cgi-bin\snmp_all.exe ?1:0xac514ecc offset: 0 size: 0 113: www\cgi-bin\snmp_community.exe ?1:0xac514ecc offset: 0 size: 0 114: www\cgi-bin\snmp_trap.exe ?1:0xac514ecc offset: 0 size: 0 115: www\cgi-bin\snrboot.exe ?1:0xac514ecc offset: 0 size: 0 116: www\cgi-bin\status.exe ?1:0xac514ecc offset: 0 size: 0 117: www\cgi-bin\statusprocess.exe ?1:0xac514ecc offset: 0 size: 0 118: www\cgi-bin\switch_vlan_add.exe ?1:0xac514ecc offset: 0 size: 0 119: www\cgi-bin\switch_vlan_delete.exe ?1:0xac514ecc offset: 0 size: 0 120: www\cgi-bin\system_syslog_scr.exe ?1:0xac514ecc offset: 0 size: 0 121: www\cgi-bin\tdhcp.exe ?1:0xac514ecc offset: 0 size: 0 122: www\cgi-bin\tiny_del.exe ?1:0xac514ecc offset: 0 size: 0 123: www\cgi-bin\tlog.exe ?1:0xac514ecc offset: 0 size: 0 124: www\cgi-bin\tmailtst.exe ?1:0xac514ecc offset: 0 size: 0 125: www\cgi-bin\tpppoe.exe ?1:0xac514ecc offset: 0 size: 0 126: www\cgi-bin\tr69_setup.cgi ?1:0xac514ecc offset: 0 size: 0 127: www\cgi-bin\trenewip.exe ?1:0xac514ecc offset: 0 size: 0 128: www\cgi-bin\tswup.exe ?1:0xac514ecc offset: 0 size: 0 129: www\cgi-bin\tswupst.exe ?1:0xac514ecc offset: 0 size: 0 130: www\cgi-bin\upgrade.exe ?1:0xac514ecc offset: 0 size: 0 131: www\cgi-bin\upgrade_config.exe ?1:0xac514ecc offset: 0 size: 0 132: www\cgi-bin\upgrade_firm_browse.exe ?1:0xac514ecd offset: 0 size: 0 133: www\cgi-bin\upnp_eb.exe ?1:0xac514ecd offset: 0 size: 0 134: www\cgi-bin\wireless.exe ?1:0xac514ecd offset: 0 size: 0 135: www\cgi-bin\wireless1X.exe ?1:0xac514ecd offset: 0 size: 0 136: www\cgi-bin\wireless_country.exe ?1:0xac514ecd offset: 0 size: 0 137: www\cgi-bin\wireless_e.exe ?1:0xac514ecd offset: 0 size: 0 138: www\cgi-bin\wireless_eb.exe ?1:0xac514ecd offset: 0 size: 0 139: www\cgi-bin\wireless_eb_burst.exe ?1:0xac514ecd offset: 0 size: 0 140: www\cgi-bin\wireless_f.exe ?1:0xac514ecd offset: 0 size: 0 141: www\cgi-bin\wireless_info.exe ?1:0xac514ecd offset: 0 size: 0 142: www\cgi-bin\wireless_ssid.exe ?1:0xac514ecd offset: 0 size: 0 143: www\cgi-bin\wireless_wep.exe ?1:0xac514ecd offset: 0 size: 0 144: www\cgi-bin\wireless_wpa.exe ?1:0xac514ecd offset: 0 size: 0 145: www\cgi-bin\wiretype.exe ?1:0xac514ecd offset: 0 size: 0 146: www\cgi-bin\wsetup_wan_pptp.exe ?1:0xac514ecd offset: 0 size: 0 147: www\CPE\cpe.cgi ?1:0xac514ecd offset: 0 size: 0 148: www\doc\adsl.stm ?1:0xac514ecd offset: 0 size: 443 149: www\doc\adsl_status101.stm ?1:0xac514ecd offset: 443 size: 443 150: www\doc\atmpvc.stm ?1:0xac514ecd offset: 886 size: 434 151: www\doc\clonetemp.stm ?1:0xac514ecd offset: 1320 size: 398 152: www\doc\ddns_main105.stm ?1:0xac514ecd offset: 1718 size: 438 153: www\doc\firewall.stm ?1:0xac514ecd offset: 2156 size: 446 154: www\doc\firewall_tmp.stm ?1:0xac514ecd offset: 2602 size: 408 155: www\doc\fw_info.stm ?1:0xacb71284 offset: 3010 size: 230 156: www\doc\f_a81.stm ?1:0xac514ecd offset: 3240 size: 443 157: www\doc\f_add810.stm ?1:0xac514ecd offset: 3683 size: 446 158: www\doc\f_add811.stm ?1:0xac514ecd offset: 4129 size: 446 159: www\doc\f_add8111.stm ?1:0xac514ecd offset: 4575 size: 445 160: www\doc\f_add812.stm ?1:0xac514ecd offset: 5020 size: 446 161: www\doc\f_add813.stm ?1:0xac514ecd offset: 5466 size: 446 162: www\doc\f_add814.stm ?1:0xac514ecd offset: 5912 size: 446 163: www\doc\f_add815.stm ?1:0xac514ecd offset: 6358 size: 446 164: www\doc\f_add816.stm ?1:0xac514ecd offset: 6804 size: 446 165: www\doc\f_add817.stm ?1:0xac514ecd offset: 7250 size: 446 166: www\doc\f_add818.stm ?1:0xac514ecd offset: 7696 size: 446 167: www\doc\f_add819.stm ?1:0xac514ecd offset: 8142 size: 446 168: www\doc\f_d86.stm ?1:0xac514ecd offset: 8588 size: 443 169: www\doc\f_mac82.stm ?1:0xac514ecd offset: 9031 size: 445 170: www\doc\f_rule84.stm ?1:0xac514ecd offset: 9476 size: 446 171: www\doc\f_rule841.stm ?1:0xac514ecd offset: 9922 size: 448 172: www\doc\f_rule8410.stm ?1:0xac514ecd offset: 10370 size: 449 173: www\doc\f_rule8411.stm ?1:0xac514ecd offset: 10819 size: 449 174: www\doc\f_rule8412.stm ?1:0xac514ecd offset: 11268 size: 449 175: www\doc\f_rule8413.stm ?1:0xac514ecd offset: 11717 size: 449 176: www\doc\f_rule8414.stm ?1:0xac514ecd offset: 12166 size: 449 177: www\doc\f_rule8415.stm ?1:0xac514ecd offset: 12615 size: 449 178: www\doc\f_rule8416.stm ?1:0xac514ecd offset: 13064 size: 449 179: www\doc\f_rule8417.stm ?1:0xac514ecd offset: 13513 size: 449 180: www\doc\f_rule8418.stm ?1:0xac514ecd offset: 13962 size: 449 181: www\doc\f_rule8419.stm ?1:0xac514ecd offset: 14411 size: 449 182: www\doc\f_spi_h85.stm ?1:0xac514ecd offset: 14860 size: 447 183: www\doc\f_u83.stm ?1:0xac514ecd offset: 15307 size: 443 184: www\doc\igd.xml ?1:0xac514ecd offset: 15750 size: 4518 185: www\doc\igd_l3f.xml ?1:0xac514ecd offset: 20268 size: 895 186: www\doc\igd_osf.xml ?1:0xac514ecd offset: 21163 size: 700 187: www\doc\igd_wcic.xml ?1:0xac514ecd offset: 21863 size: 3878 188: www\doc\igd_wdsl.xml ?1:0xac514ecd offset: 25741 size: 1876 189: www\doc\igd_wec.xml ?1:0xac514ecd offset: 27617 size: 756 190: www\doc\igd_wic.xml ?1:0xac514ecd offset: 28373 size: 10086 191: www\doc\igd_wpc.xml ?1:0xac514ecd offset: 38459 size: 11798 192: www\doc\index.stm ?1:0xac514ece offset: 50257 size: 477 193: www\doc\lan.stm ?1:0xac514ece offset: 50734 size: 436 194: www\doc\lan_dns51.stm ?1:0xac514ece offset: 51170 size: 435 195: www\doc\mm_atminttemp10.stm ?1:0xac514ece offset: 51605 size: 505 196: www\doc\mm_atminttemp11.stm ?1:0xac514ece offset: 52110 size: 506 197: www\doc\mm_atminttemp12.stm ?1:0xac514ece offset: 52616 size: 506 198: www\doc\mm_atminttemp13.stm ?1:0xac514ece offset: 53122 size: 506 199: www\doc\mm_atminttemp14.stm ?1:0xac514ece offset: 53628 size: 506 200: www\doc\mm_atminttemp15.stm ?1:0xac514ece offset: 54134 size: 506 201: www\doc\mm_atminttemp16.stm ?1:0xac514ece offset: 54640 size: 506 202: www\doc\mm_atminttemp17.stm ?1:0xac514ece offset: 55146 size: 506 203: www\doc\mm_atminttemp18.stm ?1:0xac514ece offset: 55652 size: 506 204: www\doc\mm_atminttemp3.stm ?1:0xac514ece offset: 56158 size: 504 205: www\doc\mm_atminttemp4.stm ?1:0xac514ece offset: 56662 size: 504 206: www\doc\mm_atminttemp5.stm ?1:0xac514ece offset: 57166 size: 504 207: www\doc\mm_atminttemp6.stm ?1:0xac514ece offset: 57670 size: 504 208: www\doc\mm_atminttemp7.stm ?1:0xac514ece offset: 58174 size: 504 209: www\doc\mm_atminttemp8.stm ?1:0xac514ece offset: 58678 size: 504 210: www\doc\mm_atminttemp9.stm ?1:0xac514ece offset: 59182 size: 504 211: www\doc\mm_qstatus.stm ?1:0xac514ece offset: 59686 size: 499 212: www\doc\mm_r_tbl911.stm ?1:0xac514ece offset: 60185 size: 500 213: www\doc\mm_r_tbl9110.stm ?1:0xac514ece offset: 60685 size: 502 214: www\doc\mm_r_tbl912.stm ?1:0xac514ece offset: 61187 size: 500 215: www\doc\mm_r_tbl913.stm ?1:0xac514ece offset: 61687 size: 500 216: www\doc\mm_r_tbl914.stm ?1:0xac514ece offset: 62187 size: 500 217: www\doc\mm_r_tbl915.stm ?1:0xac514ece offset: 62687 size: 500 218: www\doc\mm_r_tbl916.stm ?1:0xac514ece offset: 63187 size: 500 219: www\doc\mm_r_tbl917.stm ?1:0xac514ece offset: 63687 size: 500 220: www\doc\mm_r_tbl918.stm ?1:0xac514ece offset: 64187 size: 500 221: www\doc\mm_r_tbl919.stm ?1:0xac514ece offset: 64687 size: 500 222: www\doc\mm_setupw_2.stm ?1:0xaca529f4 offset: 65187 size: 414 223: www\doc\mm_setupw_3.stm ?1:0xac514ece offset: 65601 size: 501 224: www\doc\mm_setupw_4.stm ?1:0xac514ece offset: 66102 size: 502 225: www\doc\mm_setupw_5.stm ?1:0xac514ece offset: 66604 size: 501 226: www\doc\mm_setupw_51.stm ?1:0xac514ece offset: 67105 size: 504 227: www\doc\mr_tbl911.stm ?1:0xac514ece offset: 67609 size: 439 228: www\doc\mr_tbl9110.stm ?1:0xac514ece offset: 68048 size: 440 229: www\doc\mr_tbl912.stm ?1:0xac514ece offset: 68488 size: 439 230: www\doc\mr_tbl913.stm ?1:0xac514ece offset: 68927 size: 439 231: www\doc\mr_tbl914.stm ?1:0xac514ece offset: 69366 size: 439 232: www\doc\mr_tbl915.stm ?1:0xac514ece offset: 69805 size: 439 233: www\doc\mr_tbl916.stm ?1:0xac514ece offset: 70244 size: 439 234: www\doc\mr_tbl917.stm ?1:0xac514ece offset: 70683 size: 439 235: www\doc\mr_tbl918.stm ?1:0xac514ece offset: 71122 size: 439 236: www\doc\mr_tbl919.stm ?1:0xac514ece offset: 71561 size: 439 237: www\doc\m_adsl_status101.stm ?1:0xac514ece offset: 72000 size: 500 238: www\doc\m_atminttemp10.stm ?1:0xac514ece offset: 72500 size: 441 239: www\doc\m_atminttemp11.stm ?1:0xac514ece offset: 72941 size: 441 240: www\doc\m_atminttemp12.stm ?1:0xac514ece offset: 73382 size: 441 241: www\doc\m_atminttemp13.stm ?1:0xac514ece offset: 73823 size: 441 242: www\doc\m_atminttemp14.stm ?1:0xac514ece offset: 74264 size: 441 243: www\doc\m_atminttemp15.stm ?1:0xac514ece offset: 74705 size: 441 244: www\doc\m_atminttemp16.stm ?1:0xac514ece offset: 75146 size: 441 245: www\doc\m_atminttemp17.stm ?1:0xac514ece offset: 75587 size: 441 246: www\doc\m_atminttemp18.stm ?1:0xac514ece offset: 76028 size: 441 247: www\doc\m_atminttemp3.stm ?1:0xac514ece offset: 76469 size: 440 248: www\doc\m_atminttemp4.stm ?1:0xac514ece offset: 76909 size: 440 249: www\doc\m_atminttemp5.stm ?1:0xac514ece offset: 77349 size: 440 250: www\doc\m_atminttemp6.stm ?1:0xac514ece offset: 77789 size: 440 251: www\doc\m_atminttemp7.stm ?1:0xac514ecf offset: 78229 size: 440 252: www\doc\m_atminttemp8.stm ?1:0xac514ecf offset: 78669 size: 440 253: www\doc\m_atminttemp9.stm ?1:0xac514ecf offset: 79109 size: 440 254: www\doc\m_atmpvc.stm ?1:0xac514ecf offset: 79549 size: 500 255: www\doc\m_ddns_main.stm ?1:0xac514ecf offset: 80049 size: 498 256: www\doc\m_firewall_a.stm ?1:0xac514ecf offset: 80547 size: 498 257: www\doc\m_firewall_add.stm ?1:0xac514ecf offset: 81045 size: 507 258: www\doc\m_firewall_add0.stm ?1:0xac514ecf offset: 81552 size: 670 259: www\doc\m_firewall_add1.stm ?1:0xac514ecf offset: 82222 size: 670 260: www\doc\m_firewall_add2.stm ?1:0xac514ecf offset: 82892 size: 670 261: www\doc\m_firewall_add3.stm ?1:0xac514ecf offset: 83562 size: 670 262: www\doc\m_firewall_add4.stm ?1:0xac514ecf offset: 84232 size: 670 263: www\doc\m_firewall_add5.stm ?1:0xac514ecf offset: 84902 size: 670 264: www\doc\m_firewall_add6.stm ?1:0xac514ecf offset: 85572 size: 670 265: www\doc\m_firewall_add7.stm ?1:0xac514ecf offset: 86242 size: 670 266: www\doc\m_firewall_add8.stm ?1:0xac514ecf offset: 86912 size: 670 267: www\doc\m_firewall_add9.stm ?1:0xac514ecf offset: 87582 size: 670 268: www\doc\m_firewall_d.stm ?1:0xac514ecf offset: 88252 size: 498 269: www\doc\m_firewall_mac.stm ?1:0xac514ecf offset: 88750 size: 500 270: www\doc\m_firewall_main.stm ?1:0xac514ecf offset: 89250 size: 500 271: www\doc\m_firewall_rule.stm ?1:0xac514ecf offset: 89750 size: 501 272: www\doc\m_firewall_rule_a.stm ?1:0xac514ecf offset: 90251 size: 504 273: www\doc\m_firewall_rule_a0.stm ?1:0xac514ecf offset: 90755 size: 508 274: www\doc\m_firewall_rule_a1.stm ?1:0xac514ecf offset: 91263 size: 508 275: www\doc\m_firewall_rule_a2.stm ?1:0xac514ecf offset: 91771 size: 508 276: www\doc\m_firewall_rule_a3.stm ?1:0xac514ecf offset: 92279 size: 508 277: www\doc\m_firewall_rule_a4.stm ?1:0xac514ecf offset: 92787 size: 508 278: www\doc\m_firewall_rule_a5.stm ?1:0xac514ecf offset: 93295 size: 508 279: www\doc\m_firewall_rule_a6.stm ?1:0xac514ecf offset: 93803 size: 508 280: www\doc\m_firewall_rule_a7.stm ?1:0xac514ecf offset: 94311 size: 508 281: www\doc\m_firewall_rule_a8.stm ?1:0xac514ecf offset: 94819 size: 508 282: www\doc\m_firewall_rule_a9.stm ?1:0xac514ecf offset: 95327 size: 508 283: www\doc\m_firewall_spi_h.stm ?1:0xac514ecf offset: 95835 size: 502 284: www\doc\m_firewall_u.stm ?1:0xac514ecf offset: 96337 size: 498 285: www\doc\m_lan_dns.stm ?1:0xac514ecf offset: 96835 size: 497 286: www\doc\m_lan_main.stm ?1:0xac514ecf offset: 97332 size: 498 287: www\doc\m_nat_m.stm ?1:0xac514ecf offset: 97830 size: 493 288: www\doc\m_nat_main.stm ?1:0xac514ecf offset: 98323 size: 495 289: www\doc\m_nat_sp.stm ?1:0xac514ecf offset: 98818 size: 494 290: www\doc\m_nat_table.stm ?1:0xac514ecf offset: 99312 size: 498 291: www\doc\m_nat_v.stm ?1:0xac514ecf offset: 99810 size: 493 292: www\doc\m_qos_main.stm ?1:0xac514ecf offset: 100303 size: 495 293: www\doc\m_qos_tfm.stm ?1:0xac514ecf offset: 100798 size: 498 294: www\doc\m_qos_tfs.stm ?1:0xac514ecf offset: 101296 size: 497 295: www\doc\m_route_tbl.stm ?1:0xac514ecf offset: 101793 size: 497 296: www\doc\m_r_mort.stm ?1:0xac514ecf offset: 102290 size: 495 297: www\doc\m_r_rip.stm ?1:0xac514ecf offset: 102785 size: 493 298: www\doc\m_setupw_2.stm ?1:0xaca529f4 offset: 103278 size: 401 299: www\doc\m_setupw_3.stm ?1:0xac514ecf offset: 103679 size: 441 300: www\doc\m_setupw_4.stm ?1:0xac514ecf offset: 104120 size: 441 301: www\doc\m_setupw_5.stm ?1:0xac514ecf offset: 104561 size: 441 302: www\doc\m_setupw_51.stm ?1:0xac514ecf offset: 105002 size: 442 303: www\doc\m_snmp.stm ?1:0xac514ecf offset: 105444 size: 493 304: www\doc\m_status_main.stm ?1:0xac514ecf offset: 105937 size: 499 305: www\doc\m_system_c.stm ?1:0xac514ecf offset: 106436 size: 497 306: www\doc\m_system_f.stm ?1:0xac514ecf offset: 106933 size: 497 307: www\doc\m_system_p.stm ?1:0xac514ed0 offset: 107430 size: 496 308: www\doc\m_system_r.stm ?1:0xac514ed0 offset: 107926 size: 497 309: www\doc\m_system_r1.stm ?1:0xac514ed0 offset: 108423 size: 498 310: www\doc\m_system_t.stm ?1:0xac514ed0 offset: 108921 size: 496 311: www\doc\m_sy_remote_mgmt.stm ?1:0xac514ed0 offset: 109417 size: 507 312: www\doc\m_tools_backup.stm ?1:0xac514ed0 offset: 109924 size: 502 313: www\doc\m_tools_restore.stm ?1:0xac514ed0 offset: 110426 size: 503 314: www\doc\m_upnp_main.stm ?1:0xac514ed0 offset: 110929 size: 498 315: www\doc\m_vlan.stm ?1:0xac514ed0 offset: 111427 size: 494 316: www\doc\m_vlan_a.stm ?1:0xac514ed0 offset: 111921 size: 496 317: www\doc\m_vlan_a0.stm ?1:0xac514ed0 offset: 112417 size: 499 318: www\doc\m_vlan_a1.stm ?1:0xac514ed0 offset: 112916 size: 499 319: www\doc\m_vlan_a2.stm ?1:0xac514ed0 offset: 113415 size: 499 320: www\doc\m_vlan_a3.stm ?1:0xac514ed0 offset: 113914 size: 499 321: www\doc\m_vlan_a4.stm ?1:0xac514ed0 offset: 114413 size: 499 322: www\doc\m_v_lan_a.stm ?1:0xac514ed0 offset: 114912 size: 495 323: www\doc\m_wan_clone.stm ?1:0xac514ed0 offset: 115407 size: 493 324: www\doc\m_wan_main.stm ?1:0xac514ed0 offset: 115900 size: 496 325: www\doc\m_wireless_1x.stm ?1:0xac514ed0 offset: 116396 size: 504 326: www\doc\m_wireless_e.stm ?1:0xac514ed0 offset: 116900 size: 503 327: www\doc\m_wireless_id.stm ?1:0xac514ed0 offset: 117403 size: 499 328: www\doc\m_wireless_mac.stm ?1:0xac514ed0 offset: 117902 size: 500 329: www\doc\m_wireless_main.stm ?1:0xac514ed0 offset: 118402 size: 500 330: www\doc\m_wireless_wep.stm ?1:0xac514ed0 offset: 118902 size: 505 331: www\doc\m_wireless_wpa.stm ?1:0xac514ed0 offset: 119407 size: 505 332: www\doc\nat.stm ?1:0xac514ed0 offset: 119912 size: 436 333: www\doc\nattemp.stm ?1:0xac514ed0 offset: 120348 size: 402 334: www\doc\nat_m71.stm ?1:0xac514ed0 offset: 120750 size: 433 335: www\doc\nat_sp73.stm ?1:0xac514ed0 offset: 121183 size: 434 336: www\doc\nat_table74.stm ?1:0xac514ed0 offset: 121617 size: 437 337: www\doc\nat_v72.stm ?1:0xac514ed0 offset: 122054 size: 433 338: www\doc\nw_mm_qstatus.stm ?1:0xac514ed0 offset: 122487 size: 502 339: www\doc\nw_qstatus.stm ?1:0xac514ed0 offset: 122989 size: 443 340: www\doc\n_firewall.stm ?1:0xac514ed0 offset: 123432 size: 411 341: www\doc\n_nat.stm ?1:0xac514ed0 offset: 123843 size: 401 342: www\doc\n_wireless.stm ?1:0xac514ed0 offset: 124244 size: 411 343: www\doc\qos.stm ?1:0xac514ed0 offset: 124655 size: 435 344: www\doc\qos_tfm111.stm ?1:0xac514ed0 offset: 125090 size: 434 345: www\doc\qos_tfs112.stm ?1:0xac514ed0 offset: 125524 size: 434 346: www\doc\qstatus.stm ?1:0xac514ed0 offset: 125958 size: 440 347: www\doc\reset_main.stm ?1:0xac514ed0 offset: 126398 size: 440 348: www\doc\route.stm ?1:0xac514ed0 offset: 126838 size: 439 349: www\doc\route_tbl91.stm ?1:0xac514ed0 offset: 127277 size: 439 350: www\doc\r_mort93.stm ?1:0xac514ed0 offset: 127716 size: 436 351: www\doc\r_rip92.stm ?1:0xac514ed0 offset: 128152 size: 435 352: www\doc\setupw_2.stm ?1:0xac514ed0 offset: 128587 size: 521 353: www\doc\setupw_3.stm ?1:0xac514ed0 offset: 129108 size: 526 354: www\doc\setupw_4.stm ?1:0xac514ed0 offset: 129634 size: 527 355: www\doc\setupw_5.stm ?1:0xac514ed0 offset: 130161 size: 527 356: www\doc\snmp103.stm ?1:0xac514ed0 offset: 130688 size: 433 357: www\doc\status.stm ?1:0xac514ed0 offset: 131121 size: 444 358: www\doc\system.stm ?1:0xac514ed0 offset: 131565 size: 439 359: www\doc\system_c33.stm ?1:0xac514ed0 offset: 132004 size: 439 360: www\doc\system_f34.stm ?1:0xac514ed0 offset: 132443 size: 439 361: www\doc\system_p32.stm ?1:0xac514ed0 offset: 132882 size: 439 362: www\doc\system_r35.stm ?1:0xac514ed0 offset: 133321 size: 439 363: www\doc\system_t31.stm ?1:0xac514ed0 offset: 133760 size: 439 364: www\doc\sy_remote_mgmt102.stm ?1:0xac514ed0 offset: 134199 size: 443 365: www\doc\tools_backup332.stm ?1:0xac514ed0 offset: 134642 size: 443 366: www\doc\tools_restore333.stm ?1:0xac514ed0 offset: 135085 size: 444 367: www\doc\tr69.stm ?1:0xac8235a8 offset: 135529 size: 5260 368: www\doc\upnp_main104.stm ?1:0xac514ed0 offset: 140789 size: 438 369: www\doc\v_lan52.stm ?1:0xac514ed0 offset: 141227 size: 432 370: www\doc\v_lan_a53.stm ?1:0xac514ed1 offset: 141659 size: 435 371: www\doc\v_lan_a530.stm ?1:0xac514ed1 offset: 142094 size: 435 372: www\doc\v_lan_a531.stm ?1:0xac514ed1 offset: 142529 size: 435 373: www\doc\v_lan_a532.stm ?1:0xac514ed1 offset: 142964 size: 435 374: www\doc\v_lan_a533.stm ?1:0xac514ed1 offset: 143399 size: 435 375: www\doc\v_lan_a534.stm ?1:0xac514ed1 offset: 143834 size: 435 376: www\doc\wait0.stm ?1:0xac514ed1 offset: 144269 size: 771 377: www\doc\wan.stm ?1:0xac514ed1 offset: 145040 size: 436 378: www\doc\wan_clone49.stm ?1:0xac514ed1 offset: 145476 size: 437 379: www\doc\wireless.stm ?1:0xac514ed1 offset: 145913 size: 446 380: www\doc\wireless_tmp.stm ?1:0xac514ed1 offset: 146359 size: 409 381: www\doc\wl_1x66.stm ?1:0xac514ed1 offset: 146768 size: 444 382: www\doc\wl_e63.stm ?1:0xac514ed1 offset: 147212 size: 443 383: www\doc\wl_id61.stm ?1:0xac514ed1 offset: 147655 size: 444 384: www\doc\wl_mac62.stm ?1:0xac514ed1 offset: 148099 size: 445 385: www\doc\wl_wep64.stm ?1:0xac514ed1 offset: 148544 size: 445 386: www\doc\wl_wpa65.stm ?1:0xac514ed1 offset: 148989 size: 445 387: www\images\a1.gif ?1:0xac514ed1 offset: 149434 size: 368 388: www\images\bar_bg3.gif ?1:0xac514ed1 offset: 149802 size: 293 389: www\images\bg.gif ?1:0xac514ed1 offset: 150095 size: 651 390: www\images\clear.gif ?1:0xac514ed1 offset: 150746 size: 54 391: www\images\close.gif ?1:0xac514ed1 offset: 150800 size: 317 392: www\images\france.gif ?1:0xac514ed1 offset: 151117 size: 131 393: www\images\kingdom.gif ?1:0xac514ed1 offset: 151248 size: 672 394: www\images\logo.gif ?1:0xac912e4f offset: 151920 size: 2726 395: www\images\logo_m_adsl.gif ?1:0xacb64f50 offset: 154646 size: 3685 396: www\images\logo_m_apro.gif ?1:0xacb64f6e offset: 158331 size: 3525 397: www\images\logo_nb.gif ?1:0xac514f51 offset: 161856 size: 970 398: www\images\logo_s.gif ?1:0xac912e4f offset: 162826 size: 2726 399: www\images\logo_t.gif ?1:0xac912e4f offset: 165552 size: 2726 400: www\images\logo_w.gif ?1:0xaca54238 offset: 168278 size: 3052 401: www\images\p1.gif ?1:0xac514ed1 offset: 171330 size: 842 402: www\images\p2.gif ?1:0xac514ed1 offset: 172172 size: 823 403: www\images\p4.gif ?1:0xac514ed1 offset: 172995 size: 53 404: www\images\pixel.gif ?1:0xac514ed1 offset: 173048 size: 54 405: www\images\sa3_1.gif ?1:0xac514ed1 offset: 173102 size: 866 406: www\images\sw1_2.gif ?1:0xac514ed1 offset: 173968 size: 866 407: www\images\top_3.gif ?1:0xac514ed1 offset: 174834 size: 161 408: www\images\v_p5.gif ?1:0xac514ed1 offset: 174995 size: 49
Thanks a lot for a quite informative post. I too am trying to reverse Eng some FW bundles. My binwalk uncovered a PFS as below:
ReplyDelete2283799 0x22D917 PFS filesystem, version NTFS Partition, 26996 files
This seems to be different to your .9 version. Any tools that you're aware of to inflate this PFS/NTFS chunk?
Of course, a really interesting post, many thanks !
ReplyDeleteI would like to know if there would be a way to "explore" blindly the content of a binary file ?I followed each steps of your post, and I have now one binary file containing the data I would like to modify (by adding just a program). I wonder how to go further now ... Any kind of help would be greatly appreciated !
Thanks in advance,
Jean
Hi Jean the data that you have should be either a filesystem that you can simply mount, or a compressed archive that you can just extract.
DeleteWhat can i do if couldn't find any archive file. So what will be the next step for it? Or is there any other option to make different archive files for firmware which i am using..
ReplyDeletehow to rebuild the firmware files by using bin walk??
ReplyDeleteGoogle "Firmware Mod Kit" to mod firmware. Binwalk is more for reverse engineering.
ReplyDelete