Hello everyone possible to assist in the dismantling of Software and analysis
Software download from here
https://www.sendspace.com/file/fdxch8
Decrypting sw
-
aluigi
- Site Admin
- Posts: 12984
- Joined: Wed Jul 30, 2014 9:32 pm
Re: Decrypting sw
Well, let's try something like the following which is very easy and "blind", basically it's a script for QuickBMS that searches the empty spaces between the blocks of data and automatically decompresses the zlib and lzma blocks:
Is this 1506A_STG4_sat-illimite 300F_V8.07.06_20160706-2.bin the firmware of some Satellite tuner? Just curious.
*edit* moved topic in the correct section
Code: Select all
quickbmsver "0.7.5" # http://quickbms.aluigi.org
for
savepos OFFSET
findloc NEXT_OFF binary "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" 0 "" -1
if NEXT_OFF == ""
get NEXT_OFF asize
endif
xmath SIZE "NEXT_OFF - OFFSET"
string NAME p "%08x." OFFSET
get DUMMY threebyte
if DUMMY == 0x00005d # lzma
comtype lzma_dynamic
clog NAME OFFSET SIZE SIZE
elif DUMMY == 0x464544" # DEFD"
math OFFSET + 0x20
math SIZE - 0x20
comtype zlib_noerror
clog NAME OFFSET SIZE SIZE
else
log NAME OFFSET SIZE
endif
goto NEXT_OFF
do
get TMP byte
while TMP == 0xff
goto -1 0 SEEK_CUR
nextIs this 1506A_STG4_sat-illimite 300F_V8.07.06_20160706-2.bin the firmware of some Satellite tuner? Just curious.
*edit* moved topic in the correct section
-
software
- Posts: 4
- Joined: Fri Aug 19, 2016 6:54 pm
Re: Decrypting sw
yes Software Receiver Beginning decompress each block 5d000080 the zlib and lzma
DECIMAL HEX DESCRIPTION
---------------------------------------------------------------------------------
----------------------
154624 0x25C00 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 407696 bytes
376832 0x5C000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 1273060 bytes
872448 0xD5000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 8043848 bytes
3694592 0x386000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 80896 bytes
3731456 0x38F000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 67584 bytes
3756032 0x395000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 762880 bytes
4030464 0x3D8000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 992256 bytes
4341760 0x424000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 262144 bytes
4440064 0x43C000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 52224 bytes
4460544 0x441000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 15790080 bytes
7057408 0x6BB000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 264192 bytes
crc FDCE3FB7
crc table 8D97687D
Problem in re-compress each block does not infer the real size
DECIMAL HEX DESCRIPTION
---------------------------------------------------------------------------------
----------------------
154624 0x25C00 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 407696 bytes
376832 0x5C000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 1273060 bytes
872448 0xD5000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 8043848 bytes
3694592 0x386000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 80896 bytes
3731456 0x38F000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 67584 bytes
3756032 0x395000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 762880 bytes
4030464 0x3D8000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 992256 bytes
4341760 0x424000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 262144 bytes
4440064 0x43C000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 52224 bytes
4460544 0x441000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 15790080 bytes
7057408 0x6BB000 LZMA compressed data (sig 3), properties: 0x5D, d
ictionary size: 8388608 bytes, uncompressed size: 264192 bytes
crc FDCE3FB7
crc table 8D97687D
Problem in re-compress each block does not infer the real size