[arch-general] Clone a block device using 'cat'

[Maciek Borzecki]

On Fri, Dec 15, 2017 at 8:37 PM, Foxtrot Mike via arch-general
<arch-general at archlinux.org> wrote:
> Note: This is not an Arch related question. I tried asking this question elsewhere, but didnt get any useful response. In the past I have received very helpful responses on this mail list so I am posting this here in the hope that someone would be willing/able to help me out.
>
> Hi,
>
> I am able to telnet into a router that's running a customized linux firmware. It was compiled using 'buildroot'.
>
> I was able to dig out some specs of the router. I intend to clone the router's firmware for further study. 'dd' is not available so I tried using cat to throw the entire contents of the flash drive (mtdblock0) to my pc using netcat:
>
> Router:
>     cat /dev/mtdblock0 | nc ip port
>
> PC:
>     nc -lp port > routerFirmware
>
> Then on my PC I used 'binwalk' to examine the downloaded file. The result is:
>
> DECIMAL       HEXADECIMAL     DESCRIPTION
> --------------------------------------------------------------------------------
> 0             0x0             Squashfs filesystem, little endian, non-standard signature, version 4.0, compression:gzip, size: xxxxxxx bytes, xxx inodes, blocksize: xxxxxx bytes, created: xxxx-xx-xx xx:xx:xx
>
> Seems good so far. But '# unsquash routerFlash' results in:
>
>     Can't find a SQUASHFS superblock on routerFlash
>
> The most probable reason I think is that 'cat' and 'nc' are not able to clone the entire flash as I intend. I am stuck here. Any help would be appreciated!

It's possible that squashfs used to build the image carried some
vendor modifications. Is not that uncommon actually. You can try your
luck with: https://github.com/devttys0/sasquatch or
https://github.com/rampageX/firmware-mod-kit

Cheers,
-- 
Maciek Borzecki