[arch-general] Clone a block device using 'cat'
Foxtrot Mike
fulcrummike at hotmail.com
Sat Dec 16 11:03:05 UTC 2017
On 12/16/2017 01:03 AM, Maciek Borzecki wrote:
> On Fri, Dec 15, 2017 at 8:37 PM, Foxtrot Mike via arch-general
> <arch-general at archlinux.org> wrote:
>> Note: This is not an Arch related question. I tried asking this question elsewhere, but didnt get any useful response. In the past I have received very helpful responses on this mail list so I am posting this here in the hope that someone would be willing/able to help me out.
>>
>> Hi,
>>
>> I am able to telnet into a router that's running a customized linux firmware. It was compiled using 'buildroot'.
>>
>> I was able to dig out some specs of the router. I intend to clone the router's firmware for further study. 'dd' is not available so I tried using cat to throw the entire contents of the flash drive (mtdblock0) to my pc using netcat:
>>
>> Router:
>> cat /dev/mtdblock0 | nc ip port
>>
>> PC:
>> nc -lp port > routerFirmware
>>
>> Then on my PC I used 'binwalk' to examine the downloaded file. The result is:
>>
>> DECIMAL HEXADECIMAL DESCRIPTION
>> --------------------------------------------------------------------------------
>> 0 0x0 Squashfs filesystem, little endian, non-standard signature, version 4.0, compression:gzip, size: xxxxxxx bytes, xxx inodes, blocksize: xxxxxx bytes, created: xxxx-xx-xx xx:xx:xx
>>
>> Seems good so far. But '# unsquash routerFlash' results in:
>>
>> Can't find a SQUASHFS superblock on routerFlash
>>
>> The most probable reason I think is that 'cat' and 'nc' are not able to clone the entire flash as I intend. I am stuck here. Any help would be appreciated!
> It's possible that squashfs used to build the image carried some
> vendor modifications. Is not that uncommon actually. You can try your
> luck with: https://github.com/devttys0/sasquatch or
> https://github.com/rampageX/firmware-mod-kit
>
> Cheers,
Thanks a lot for the very helpful pointer. I got it working with
sasquatch. Turns out the file is actually compressed with lzma, not gzip
as was reported by unsquash.
Regards,
More information about the arch-general
mailing list