Friday, March 4, 2011

Aluratek AIREC01F #10

So let's look at the offsets found in episode 8. We'll see that most blocks are of length 16384 (which is 2^14). Those in which we find the strange 34 byte signature (beginning with ALT7021) have a strange length.

Notice that there is a clear-text XML file spanning over 2 blocks.

----
0x00-0x1f     : strange 32 byte signature
0x20-0x7f     : some kind of header ? (96 bytes)
0x80-0x4016   : data
0x4017-0x401f : repeated 0x20 bytes

$ echo $((0x401f - 0x20 + 1))
16384
----
0x4020-0x403f : strange 32 byte signature
0x4040-0x7257 : data
0x7258-0x803f : repeated 0x20 bytes

$ echo $((0x803f - 0x4040 + 1))
16384
----
0x8040-0x805f : strange 32 byte signature
0x8060-0x81d0 : repeated 0x20 bytes
0x81d1-0x81f2 : strange 34 byte signature

$ echo $((0x81f2 - 0x8060 + 1))
403
----
0x81f3-0x8212 : strange 32 byte signature
0x8213-0x9fee : data
0x9fef-0xa212 : repeated 0xFF bytes
0xa213-0xa492 : data
0xa493-0xc212 : repeated 0x00 bytes

$ echo $((0xc212 - 0x8213 + 1))
16384
----
0xc213-0xc232  : strange 32 byte signature
0xc233-0x10232 : repeated 0x00 bytes

$ echo $((0x10232 - 0xc233 + 1))
16384
----
0x10233-0x10252 : strange 32 byte signature
0x10253-0x10f32 : repeated 0x00 bytes

$ echo $((0x10f32 - 0x10253 + 1))
3296
----
0x10f55-0x10f74 : strange 32 byte signature
0x10f75-0x12f86 : data
0x12f87-0x14f74 : repeated 0xFF bytes

$ echo $((0x14f74 - 0x10f75 + 1))
16384
----
0x14f75-0x14f94 : strange 32 byte signature
0x14f95-0x18f94 : repeated 0xFF bytes

$ echo $((0x18f94 - 0x14f95 + 1))
16384
----
0x18f95-0x18fb4 : strange 32 byte signature
0x18fb5-0x1cfb4 : data

$ echo $((0x1cfb4 - 0x18fb5 + 1))
16384
----
0x1cfb5-0x1cfd4 : strange 32 byte signature
0x1cfd5-0x1dc54 : data
0x1dc55-0x20fd4 : repeated 0xFF bytes

$ echo $((0x20fd4 - 0x1cfd5 + 1))
16384
----
0x20fd5-0x20ff4 : strange 32 byte signature
0x20ff5-0x5146f : data
0x21470-0x24ff4 : repeated 0xFF bytes

$ echo $((0x24ff4 - 0x20ff5 + 1))
16384
----
0x24ff5-0x25014 : strange 32 byte signature
0x25015-0x29014 : repeated 0xFF bytes

$ echo $((0x29014 - 0x25015 + 1))
16384
----
0x29015-0x29034 : strange 32 byte signature
0x29035-0x2d034 : data

$ echo $((0x2d034-0x29035 + 1))
16384
----
This one is funny because it's in the middle of an XML file :)

0x2d035-0x2d054 : strange 32 byte signature
0x2d055-0x2f066 : data
0x2f067-0x2f088 : strange 34 byte signature

$ echo $((0x2f088 - 0x2d055 + 1))
8244
----
0x2f089-0x2f0a8 : strange 32 byte signature
0x2f0a9-0x330a8 : data

$ echo $((0x330a8 - 0x2f0a9 + 1))
16384
----
0x330a9-0x330c8 : strange 32 byte signature
0x330c9-0x34018 : data
0x34019-0x3403a : strange 34 byte signature

$ echo $((0x3403a - 0x330c9 + 1))
3954
----
0x3403b-0x3405a : strange 32 byte signature

[...]


----
0x8029b-0x802ba : strange 32 byte signature
0x802bb-0x83c0d : data
0x83c0e-0x83c2f : strange 34 byte signature

$ echo $((0x83c2f - 0x802bb + 1))
14709
----
0x83c30-0x83c4f : strange 32 byte signature
0x83c50-0x8551b : data
0x8551c-0x85c4b : repeated 0x00 bytes
0x85c4c-0x85c4f : 00 03 50 6D
0x85c50-0x8751c : data
0x8751d-0x87c4b : repeated 0x00 bytes
0x87c4c-0x87c4f : 00 03 50 6D

$ echo $((0x87c4f - 0x83c50 + 1))
16384
----
0x87c50-0x87c6f : strange 32 byte signature
0x87c70-0x8bc6f : repeated 0xFF bytes

$ echo $((0x8bc6f - 0x87c70 + 1))
16384
----
0x8bc70-0x8bc8f : strange 32 byte signature
0x8bc90-0x8bccd7 : data
0x8bccd8-0x8dc8f : repeated 0xFF bytes

$ echo $((0x8dc8f - 0x8bc90 + 1))
8192
----
0x8fc90-0x8fcaf : strange 32 byte signature
0x8fcb0-0x90be6 : data
0x90be7-0x90fbf : repeated 0xFF bytes
0x90fc0-0x90fe1 : strange 34 byte signature (ALT7021...)

----

And this is the end of the firmware.

No comments:

Post a Comment