Tutorial kali ini adalah cara decompress file lzs rom-0 yang berisi firmware dari Modem. Rasanya lebih aman kalau melakukan dekompresi file pada komputer atau server sendiri daripada memakai software atau melalui website 🙂
* Peringatan : tutorial ini hanya untuk belajar, dan jaga-jaga jika suatu saat kita lupa password modem maupun password speedy kita, dan bukan ditujukan untuk aktifitas hacking yang merusak.
Source code untuk compress/decompress bisa didownload dari snapshot terakhir di http://git.kopf-tisch.de/?p=zyxel-revert;a=summary
1 2 3 4 5 6 |
# cd /root # mkdir src && cd src download snapshot terakhir, misalnya zyxel-revert-779bfd5.tar.gz # tar xf zyxel-revert-779bfd5.tar.gz # cd zyxel* # make |
Upload file rom-0 dan lakukan decompress dengan perintah berikut, dan hasilnya adalah file rom-0.decomp
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# ./decompress rom-0 header of previous block is=0x080000e2 expected=0x080000e2 OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x080000e3 expected=0x080000e3 OK header of previous block is=0x0800009d expected=0x0800009d OK header of previous block is=0x08000081 expected=0x08000081 OK header of previous block is=0x080000b2 expected=0x080000b2 OK header of previous block is=0x08000073 expected=0x08000073 OK header of previous block is=0x0800004b expected=0x0800004b OK header of previous block is=0x08000056 expected=0x08000056 OK header of previous block is=0x080000a1 expected=0x080000a1 OK header of previous block is=0x0800007c expected=0x0800007c OK header of previous block is=0x08000065 expected=0x08000065 OK header of previous block is=0x0800004c expected=0x0800004c OK header of previous block is=0x0800004d expected=0x0800004d OK header of previous block is=0x0800004b expected=0x0800004b OK header of previous block is=0x0800004d expected=0x0800004d OK header of previous block is=0x0800004e expected=0x0800004e OK header of previous block is=0x08000049 expected=0x08000049 OK header of previous block is=0x0800004e expected=0x0800004e OK header of previous block is=0x0800004c expected=0x0800004c OK header of previous block is=0x0800004b expected=0x0800004b OK header of previous block is=0x0800004e expected=0x0800004e OK header of previous block is=0x0800004c expected=0x0800004c OK header of previous block is=0x0800004b expected=0x0800004b OK header of previous block is=0x0800004f expected=0x0800004f OK header of previous block is=0x08000054 expected=0x08000054 OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x080000b0 expected=0x080000b0 OK header of previous block is=0x08000063 expected=0x08000063 OK header of previous block is=0x0800004e expected=0x0800004e OK header of previous block is=0x0800009c expected=0x0800009c OK header of previous block is=0x080000c8 expected=0x080000c8 OK header of previous block is=0x08000091 expected=0x08000091 OK header of previous block is=0x0800005a expected=0x0800005a OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x080000bf expected=0x080000bf OK header of previous block is=0x080000a3 expected=0x080000a3 OK header of previous block is=0x0800007c expected=0x0800007c OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x08000048 expected=0x08000048 OK header of previous block is=0x08000061 expected=0x08000061 OK header of previous block is=0x08000063 expected=0x08000063 OK header of previous block is=0x0402003d expected=0x0402003d OK lzs_unpack: decompressed 4943 (4943) bytes to 89090 (65536) bytes *** glibc detected *** ./decompress: double free or corruption (out): 0x08e03028 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6adba)[0xb7652dba] /lib/libc.so.6(+0x6c608)[0xb7654608] /lib/libc.so.6(cfree+0x6d)[0xb765774d] ./decompress[0x8048caa] /lib/libc.so.6(__libc_start_main+0xe6)[0xb75fec96] ./decompress[0x8048541] ======= Memory map: ======== 08048000-08049000 r-xp 00000000 fe:01 219817 /root/src/zyxel-revert-779bfd5/ decompress 08049000-0804a000 rw-p 00001000 fe:01 219817 /root/src/zyxel-revert-779bfd5/ decompress 08dff000-08e20000 rw-p 00000000 00:00 0 [heap] b7400000-b7421000 rw-p 00000000 00:00 0 b7421000-b7500000 ---p 00000000 00:00 0 b75c4000-b75e1000 r-xp 00000000 fe:01 40681 /lib/libgcc_s.so.1 b75e1000-b75e2000 rw-p 0001c000 fe:01 40681 /lib/libgcc_s.so.1 b75e7000-b75e8000 rw-p 00000000 00:00 0 b75e8000-b7726000 r-xp 00000000 fe:01 40677 /lib/libc-2.11.3.so b7726000-b7727000 ---p 0013e000 fe:01 40677 /lib/libc-2.11.3.so b7727000-b7729000 r--p 0013e000 fe:01 40677 /lib/libc-2.11.3.so b7729000-b772a000 rw-p 00140000 fe:01 40677 /lib/libc-2.11.3.so b772a000-b772d000 rw-p 00000000 00:00 0 b7731000-b7734000 rw-p 00000000 00:00 0 b7734000-b7735000 r-xp 00000000 00:00 0 [vdso] b7735000-b7750000 r-xp 00000000 fe:01 40670 /lib/ld-2.11.3.so b7750000-b7751000 r--p 0001b000 fe:01 40670 /lib/ld-2.11.3.so b7751000-b7752000 rw-p 0001c000 fe:01 40670 /lib/ld-2.11.3.so bffe2000-bfff7000 rw-p 00000000 00:00 0 [stack] Aborted |
Mungkin akan muncul keterangan error, namun kita masih bisa melihat hasil extract yang berisi string. Untuk melihat string apa saja yang ada di file rom-0.decomp, ketik perintah betikut :
1 2 |
# strings rom-0.decomp biasanya-password-ada-di-baris-pertama |