Further document the format and produce a rogue system update
* Truncate filesize to 20 bytes in hacked.toc (001b? IIRC) * Add various 0x00 as well.. firsy 0x80... gets turned into the compressed length but that fails.. needs to be bigger than 0x2000 to succeed. * LZMA size and trailer overlap.. I was too lazy to add/deal with padding so kept it short.. can be fixed... * Modified path for /etc/rc2.d.. to extract new script We seem lucky with file permissions.. that it is somehow executable even if SetFileAttributes is not set...
This commit is contained in:
parent
636fe4eab9
commit
e680aea708
|
@ -11,7 +11,17 @@ compressed update. The size of that area seems to be computed
|
|||
as:
|
||||
8 * num_diffs (maybe two CRC32?)
|
||||
4 * num_insert (maybe a single CRC32)?
|
||||
followed by lzma
|
||||
followed by lzma... TOC of size compress_sz
|
||||
LZMA again.. depends on the TOC.. delta_pos contains addr
|
||||
|
||||
|
||||
LZMA needs to be compressed in 'alone' format and needs to have
|
||||
the decompressed size in the header! 0xFF... leads to parse error
|
||||
xz -F alone demo.sh
|
||||
|
||||
LZMA: https://github.com/nobled/xz/commit/7d17818cec8597f847b0a2537fde991bbc3d9e96
|
||||
removed uncompressed_size support. So an plder version is needed..
|
||||
or use the original lzma SDK
|
||||
|
||||
|
||||
0x0000d084 in is_expected_sig ()
|
||||
|
|
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue