-
Notifications
You must be signed in to change notification settings - Fork 13
/
DurianFirmware_extract.py
76 lines (52 loc) · 1.84 KB
/
DurianFirmware_extract.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/env python3
# Split Durian firmware blob, similar to this one:
# https://gist.github.com/woachk/6092f9ae950455dcdf8428c3ce2d639e
# Most likely called "SuperBinary image" in Apple terminology,
# split by DurianUpdaterService.
import sys
import struct
import os
def get_image_info(ftab, base_offset):
# seek at the occurence which is the name of the image
# first image should be rkos
ftab.seek(base_offset)
tag = ftab.read(4).decode()
# get address of image
ftab.seek(base_offset + 12)
offset = struct.unpack('<i', ftab.read(4))[0]
# get size of image
ftab.seek(base_offset + 16)
sz = struct.unpack('<i', ftab.read(4))[0]
return tag, offset, sz
def split_firmware(ftab):
default_offset = 0x10
tag, offset, sz = get_image_info(ftab, 0x10) # blap at offset 0x10
offset_tag = offset
print("tag : {} offset : {} size : {}".format(tag, hex(offset), hex(sz)))
while default_offset < offset_tag:
print("tag : {} offset : {} size : {}".format(tag, hex(offset), hex(sz)))
ftab.seek(offset)
img_data = ftab.read(sz)
open(tag + '.bin', 'wb').write(img_data)
default_offset += 20 # position of next magic
tag, offset, sz = get_image_info(ftab, default_offset)
if default_offset == offset_tag:
return 0
return 1
def main():
if len(sys.argv) != 2:
print("Usage: DurianFirmware_extract.py DurianFirmwareMobileAsset.bin")
return 1
firmware = sys.argv[1]
ftab = open(firmware, 'rb')
ftab.seek(0x10)
magic = ftab.read(4)
print(magic.decode())
if magic.decode() != "blap":
print("Image not starting with `blap`, different firmware format?")
return 1
split_firmware(ftab)
ftab.close()
return 0
if __name__ == '__main__':
sys.exit(main())