4 min read Tutorial

Tutorial decompress file lzs rom-0

Tutorial kali ini adalah cara decompress file lzs rom-0 yang berisi firmware dari Modem. Rasanya lebih aman kalau melakukan dekompresi file pada komputer atau server sendiri daripada memakai software atau melalui website šŸ™‚
* Peringatan : tutorial ini hanya untuk belajar, dan jaga-jaga jika suatu saat kita lupa password modem maupun password speedy kita, dan bukan ditujukan untuk aktifitas hacking yang merusak.
 
Source code untuk compress/decompress bisa didownload dari snapshot terakhir di http://git.kopf-tisch.de/?p=zyxel-revert;a=summary

# cd /root
# mkdir src && cd src
download snapshot terakhir, misalnya zyxel-revert-779bfd5.tar.gz
# tar xf zyxel-revert-779bfd5.tar.gz
# cd zyxel*
# make

make
 
hasil
Upload file rom-0 dan lakukan decompress dengan perintah berikut, dan hasilnya adalah file rom-0.decomp

# ./decompress rom-0
header of previous block is=0x080000e2 expected=0x080000e2 OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x080000e3 expected=0x080000e3 OK
header of previous block is=0x0800009d expected=0x0800009d OK
header of previous block is=0x08000081 expected=0x08000081 OK
header of previous block is=0x080000b2 expected=0x080000b2 OK
header of previous block is=0x08000073 expected=0x08000073 OK
header of previous block is=0x0800004b expected=0x0800004b OK
header of previous block is=0x08000056 expected=0x08000056 OK
header of previous block is=0x080000a1 expected=0x080000a1 OK
header of previous block is=0x0800007c expected=0x0800007c OK
header of previous block is=0x08000065 expected=0x08000065 OK
header of previous block is=0x0800004c expected=0x0800004c OK
header of previous block is=0x0800004d expected=0x0800004d OK
header of previous block is=0x0800004b expected=0x0800004b OK
header of previous block is=0x0800004d expected=0x0800004d OK
header of previous block is=0x0800004e expected=0x0800004e OK
header of previous block is=0x08000049 expected=0x08000049 OK
header of previous block is=0x0800004e expected=0x0800004e OK
header of previous block is=0x0800004c expected=0x0800004c OK
header of previous block is=0x0800004b expected=0x0800004b OK
header of previous block is=0x0800004e expected=0x0800004e OK
header of previous block is=0x0800004c expected=0x0800004c OK
header of previous block is=0x0800004b expected=0x0800004b OK
header of previous block is=0x0800004f expected=0x0800004f OK
header of previous block is=0x08000054 expected=0x08000054 OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x080000b0 expected=0x080000b0 OK
header of previous block is=0x08000063 expected=0x08000063 OK
header of previous block is=0x0800004e expected=0x0800004e OK
header of previous block is=0x0800009c expected=0x0800009c OK
header of previous block is=0x080000c8 expected=0x080000c8 OK
header of previous block is=0x08000091 expected=0x08000091 OK
header of previous block is=0x0800005a expected=0x0800005a OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x080000bf expected=0x080000bf OK
header of previous block is=0x080000a3 expected=0x080000a3 OK
header of previous block is=0x0800007c expected=0x0800007c OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x08000048 expected=0x08000048 OK
header of previous block is=0x08000061 expected=0x08000061 OK
header of previous block is=0x08000063 expected=0x08000063 OK
header of previous block is=0x0402003d expected=0x0402003d OK
lzs_unpack: decompressed 4943 (4943) bytes to 89090 (65536) bytes
*** glibc detected *** ./decompress: double free or corruption (out): 0x08e03028
 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6adba)[0xb7652dba]
/lib/libc.so.6(+0x6c608)[0xb7654608]
/lib/libc.so.6(cfree+0x6d)[0xb765774d]
./decompress[0x8048caa]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb75fec96]
./decompress[0x8048541]
======= Memory map: ========
08048000-08049000 r-xp 00000000 fe:01 219817     /root/src/zyxel-revert-779bfd5/
decompress
08049000-0804a000 rw-p 00001000 fe:01 219817     /root/src/zyxel-revert-779bfd5/
decompress
08dff000-08e20000 rw-p 00000000 00:00 0          [heap]
b7400000-b7421000 rw-p 00000000 00:00 0
b7421000-b7500000 ---p 00000000 00:00 0
b75c4000-b75e1000 r-xp 00000000 fe:01 40681      /lib/libgcc_s.so.1
b75e1000-b75e2000 rw-p 0001c000 fe:01 40681      /lib/libgcc_s.so.1
b75e7000-b75e8000 rw-p 00000000 00:00 0
b75e8000-b7726000 r-xp 00000000 fe:01 40677      /lib/libc-2.11.3.so
b7726000-b7727000 ---p 0013e000 fe:01 40677      /lib/libc-2.11.3.so
b7727000-b7729000 r--p 0013e000 fe:01 40677      /lib/libc-2.11.3.so
b7729000-b772a000 rw-p 00140000 fe:01 40677      /lib/libc-2.11.3.so
b772a000-b772d000 rw-p 00000000 00:00 0
b7731000-b7734000 rw-p 00000000 00:00 0
b7734000-b7735000 r-xp 00000000 00:00 0          [vdso]
b7735000-b7750000 r-xp 00000000 fe:01 40670      /lib/ld-2.11.3.so
b7750000-b7751000 r--p 0001b000 fe:01 40670      /lib/ld-2.11.3.so
b7751000-b7752000 rw-p 0001c000 fe:01 40670      /lib/ld-2.11.3.so
bffe2000-bfff7000 rw-p 00000000 00:00 0          [stack]
Aborted

Mungkin akan muncul keterangan error, namun kita masih bisa melihat hasil extract yang berisi string. Untuk melihat string apa saja yang ada di file rom-0.decomp, ketik perintah betikut :

# strings rom-0.decomp
biasanya-password-ada-di-baris-pertama

string

Member discussion