Author Topic: Firmware extraction / compression algorithm?  (Read 161 times)

cweiske

  • Newbie
  • *
  • Posts: 2
Firmware extraction / compression algorithm?
« on: 14:20:47 | 23 May, 2019 »
I'm trying to extract the actual firmware itself from the .bin files, but even after 4 days of staring at the bytes in my hex editor, I was not successful (apart from extracting the web-accessible files).

What I know up to now:

- Each firmware .bin file contains this strings and numbers:
-- DecompBuffer
-- CompSize
-- DecompSize
-- CodeSize
-- CompBuffer
- CompSize and DecompSize indicate that the data are compressed.
- in every ir-mmi-FS2026-0500* firmware, the actual firmware data begins at 0x592c (TechniSat DigitRadio 580 is one of them)
- extracting the bytes from 0x592c until 0x592c+CompSize gives us exactly the bytes until the next big all-zeros block, just before the FSH1 file system.

Now I'm stuck finding the decompression method to get the firmware :/
Maybe one of you has an idea.

Hiddenvision

  • Newbie
  • *
  • Posts: 3
Re: Firmware extraction / compression algorithm?
« Reply #1 on: 10:59:09 | 15 June, 2019 »
How about reading it from the Flash chip itself.
I did this recently to repair a Roberts 93i that showed PC WIZARD.

The Flash is configured as 528 bytes per page so could not find anything off the shelf to read so cooked my own with an Arduino.

The IC was adesto AT45DB321E.

But be careful with them as they have some one time fuses that can lock you out of erasing if they get odd opcodes.
I think this is what may happen during power glitches causing them to fail with firmware updates.

Did you have any info about the DFU test mode that can be used to reflash via USB.?

I see that PURE have the driver and a USB uploader but not Roberts.