CN113961236A - Firmware file modification method and system, readable storage medium and computer equipment - Google Patents
Firmware file modification method and system, readable storage medium and computer equipment Download PDFInfo
- Publication number
- CN113961236A CN113961236A CN202111205222.3A CN202111205222A CN113961236A CN 113961236 A CN113961236 A CN 113961236A CN 202111205222 A CN202111205222 A CN 202111205222A CN 113961236 A CN113961236 A CN 113961236A
- Authority
- CN
- China
- Prior art keywords
- file
- kernel
- decompressed
- firmware
- modifying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/72—Code refactoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/174—Redundancy elimination performed by the file system
- G06F16/1744—Redundancy elimination performed by the file system using compression, e.g. sparse files
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a method and a system for modifying a firmware file, a readable storage medium and computer equipment, wherein the method comprises the following steps: acquiring a firmware file in a device memory, and extracting a kernel file in the firmware file; decompressing the kernel file to obtain a first decompressed file; modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file; compressing the modified first decompressed file to form a compressed file; and acquiring a mirror image header file and synthesizing the mirror image header file and the compressed file into a new firmware file. According to the invention, the kernel section of the firmware file in the kernel starting program is modified, so that the kernel starts a half-initialized Shell, and parts of a guidance system and a file system with various types and huge version differences are avoided, so that safety researchers can obtain a complete unprotected Shell; on the other hand, the method for modifying the kernel section and the positioning feature independent of the instruction set is used, and the method has better universality.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and a system for modifying a firmware file, a readable storage medium, and a computer device.
Background
As the security awareness of the vendor increases, or simply for code protection purposes. The scenes of directly starting the unprotected shell on the serial port are less and less, the method is not limited to setting strong password protection, starting the customized limited shell, directly closing the serial port and the like to set obstacles. How to effectively break through these obstacles is a daily issue facing security researchers of the internet of things.
There are several ways to break or bypass these restricted serial ports. Many researchers prefer to modify the shadow file, but the complexity of the embedded system always causes some problems: the squashfs system often encounters an algorithm version problem, so that an internal firmware file cannot be decompressed and operated after being modified, and a generated image is larger than an original space, so that the firmware file system is damaged. The jffs2 system often suffers from language translation and partition alignment problems, often resulting in a chaotic indexing of the repackaged firmware files. This also results in an inability to stably obtain a complete unprotected Shell under the various protections set by the vendor.
Disclosure of Invention
The embodiment of the application provides a method, a system, a readable storage medium and a computer device for modifying a firmware file, so as to at least solve the deficiencies in the related art.
In a first aspect, an embodiment of the present application provides a method for modifying a firmware file, including:
acquiring a firmware file in a device memory, and extracting a kernel file in the firmware file;
decompressing the kernel file to obtain a first decompressed file;
modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
compressing the modified first decompressed file to form a compressed file;
and acquiring a mirror image header file and synthesizing the mirror image header file and the compressed file into a new firmware file.
In some embodiments, the modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file includes:
locating a string to the kernel section in the first decompressed file;
and modifying the program header of the character string of the kernel section to obtain a modified first decompressed file.
In some embodiments, before the step of compressing the modified first decompressed file to form a compressed file, the method includes:
judging whether the modified first decompressed file has initialization parameters or not;
and when the initialization parameters exist in the first decompressed file, shielding the initialization parameters.
In some embodiments, before the step of obtaining the image header file and synthesizing the new firmware file with the compressed file, the method further comprises:
judging the compression type of the compressed file;
and deleting the last four bytes of the compressed file when the compression type of the compressed file is the Gzip type.
In some embodiments, the step of obtaining the image header file and synthesizing the new firmware file with the compressed file comprises:
judging the mirror image type of the mirror image header file;
when the mirror image type of the mirror image header file is a special compressed file type of a boot loader, adding the special file header of the boot loader to the compressed file to form a new compressed file;
and inputting the new compressed file into the mirror image header file to synthesize a new firmware file.
In a second aspect, an embodiment of the present application provides a firmware file modification system, including:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a firmware file in a device memory and extracting a kernel file in the firmware file;
the decompression module is used for decompressing the kernel file to obtain a first decompressed file;
the modification module is used for modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
the compression module is used for compressing the modified first decompressed file to form a compressed file;
and the processing module is used for acquiring the mirror image header file and synthesizing a new firmware file with the compressed file.
In some embodiments, the modification module is specifically configured to:
locating a string to the kernel section in the first decompressed file;
and modifying the program header of the character string of the kernel section to obtain a modified first decompressed file.
In some of these embodiments, the system further comprises:
the first judgment module is used for judging whether the modified first decompressed file has initialization parameters;
and the shielding module is used for shielding the initialization parameters when the initialization parameters exist in the first decompressed file.
In a third aspect, the present application provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the firmware file modification method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the processor implements the method for modifying a firmware file according to the first aspect.
Compared with the related art, the firmware file modification method, the firmware file modification system, the readable storage medium and the computer device provided by the embodiment of the application enable the kernel to start a half-initialized Shell by modifying the kernel section of the firmware file in the kernel starting program, avoid parts of a boot system and a file system which are various and have huge version differences, and enable safety researchers to obtain a complete unprotected Shell; on the other hand, the method for modifying the kernel section and the positioning feature independent of the instruction set is used, and the method has better universality.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of a method for modifying a firmware file according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a method for modifying a firmware file according to a second embodiment of the present invention;
FIG. 3 is a block diagram showing a modification system of firmware files according to a third embodiment of the present invention;
fig. 4 is a block diagram showing a computer device according to a fourth embodiment of the present invention.
Description of the main element symbols:
| |
10 | |
12 |
| Processor with a memory having a plurality of |
20 | |
13 |
| |
30 | |
14 |
| |
11 | |
15 |
The following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
First, it should be noted that:
shell is commonly referred to as a Shell (to distinguish it from a core), and refers to software (command interpreter) that provides an operation interface for users. It is similar to command.com and later cmd.exe under DOS. It receives user command and calls relative application program; it is relative to the kernel because it is based on the kernel, one representation facing the user, such as we see a sphere, what we see is its shell, not the kernel; the shell in Linux refers to a command interface facing a user, and the representation form is an interface which can be input by the user and can also feed back operation information.
Linux is a kernel and interface separated, which can be run independently from the graphical interface, and can also run graphical desktop based on kernel. Thus, in the Linux system, two shell expressions appear, one is a shell under a terminal running environment without a graphical interface, and the other is a MS-DOS running window similar to Windows running on a desktop, wherein the former is often and conventionally called a terminal for short, and the latter is often and directly called a shell.
The shadow file refers to a shadow password file, and a file under the Linux operating system is responsible for passwords of all users. That is the shadow. The shadow file in Linux is a file which only a system administrator has right to view and modify.
The squashFS system is a set of compressed read-only file systems used based on a Linux kernel. The file system can compress documents, inodes and directories in the system, and the maximum support of the file is 2^64 bytes.
The jffs2 system is a flash journaling file system that functions to manage journaling file systems implemented on MTD devices.
The init process, PID 1, is the first user-level process initiated by the kernel, and is also the parent process of all subsequent processes (except PID 0 and PID 2), and it will complete the initialization of the system. All processes in Linux are created and run by init processes. Firstly, a Linux kernel is started, then an init process is started in a user space, and then other system processes are started. After the system is started, init will become a daemon process to monitor other processes of the system.
For manufacturers, starting a customized init process is a good method for protecting equipment safety, and the customized init process can meet any requirements of manufacturers, such as serial port closing, only small part of commands setting and the like. Even if the init process is not customized, the protection can be effectively achieved by modifying part of the content in the original init process.
If the init process can be modified, Linux starts a designated init process, and all protection measures made by a manufacturer in the init process are completely invalid. Therefore, according to the idea, the invention obtains a right by modifying the source code of the kernel part.
Example one
Referring to fig. 1, a method for modifying a firmware file according to a first embodiment of the present invention is shown, and the method specifically includes steps S101 to S105:
s101, acquiring a firmware file in a device memory, and extracting a kernel file in the firmware file;
in the implementation, the firmware file is obtained from the device memory, and the kernel file in the firmware file is extracted, and the obtained firmware file is the bin file, so that the kernel file needs to be extracted in the first step. The first premise of including the kernel file in the bin is that the firmware must be extracted from a flash or the like, and the firmware downloaded from the vendor's official network generally does not include the uboot and kernel files.
It is understood that uboot is a boot loader primarily used in embedded systems and can support a variety of different computer system architectures including PPC, ARM, AVR32, MIPS, x86, 68k, Nios, and MicroBlaze. This is also a free software release under the GNU universal public license.
S102, decompressing the kernel file to obtain a first decompressed file;
the kernel file that is usually extracted is compressed, typically of the gzip, xz or lzma type of compression; therefore, in specific implementation, the compression type of the kernel file needs to be determined, the compression algorithms adopted by different compression types are different, when the kernel file belongs to the Gzip type, the Gzip compression algorithm needs to be called to decompress the kernel file, and when the kernel file does not belong to the Gzip type, the compression algorithm corresponding to the compression type of the kernel file needs to be called to decompress the kernel file.
It should be noted that in the present application, the compression algorithm is determined by a file header, for example: "\ x1F \ x8B \ x 08" is gzip compression and "\ x 5D" is lzma compression. Then the gzip-cd or unlzma commands (compression algorithm) are executed for decompression.
S103, modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
it should be noted that, through analysis of the Linux kernel boot flow, it can be found that the init process of the kernel boot finally is determined by three parts.
The kernel needs to be directly started/bin/sh, and the kernel is started/bin/sh is a relatively pure shell. In specific implementation, the program header "/sbin/init" in the content of the try _ to _ run _ init _ process ("/sbin/init") parameter of the kernel section in the first decompressed file is modified into "/bin/sh", so that a very clean shell without any interference can be started.
It can be understood that init is one of programs indispensable in the operation of the Linux system. The so-called init process, which is a user-level process initiated by the kernel. After the kernel is started by itself (loaded into the memory, started to run, and initialized with all device drivers and data structures, etc.), the boot process is completed by starting a user-level program init. Therefore, init is always the first process (its process number is always 1).
In the present application, the specific location to the location to be modified can be realized by locating a string, such as "Try leaving in to kernel", so it is only necessary to locate the string in the kernel section and then find the front-most program header of the section, which is not necessarily/bin/init, but may be other files written by the manufacturer itself, so it is necessary to locate the front-most program header instead of/bin/init. The observation shows that all the character strings are in a Linux directory structure, so that the search method can be realized through regular matching.
S104, compressing the modified first decompressed file to form a compressed file;
in specific implementation, the modified first decompressed file is compressed by using the same compression algorithm in step S102 to form a compressed file, and a specific compression algorithm command can be found in the Linux kernel source code.
It should be noted that, after the compression is performed by the Gzip-cd command (compression algorithm), the compressed file is an identification byte with a Gzip type, and therefore, when the compression type of the kernel file in step S102 is the Gzip type, the last 4 bytes of the compressed file need to be deleted in this step.
And S105, acquiring the mirror image header file and synthesizing the mirror image header file and the compressed file into a new firmware file.
It should be noted that, in the present application, it is necessary to determine a mirror header type of the mirror header file, and when the mirror header type belongs to a special compressed file type (UImage) for a boot loader, directly add a file header special for the boot loader to the compressed file to form a new compressed file; and inputting the new compressed file into the mirror image header file to synthesize a new firmware file.
And when the image header type belongs to a common compressed kernel image file type (zImage), directly inputting the compressed file into the image header file to synthesize a new firmware file.
It will be appreciated that zmmage is typically the default compressed kernel image file, compressed kernel file, plus a piece of decompressed boot code. The uinmage is obtained by processing a general compressed kernel image (zmmage) by using a tool mkimage. The kernel is an image file special for uboot, and a header with the length of 64 bytes is added before zImage, so that the information of the kernel, such as version, loading position, generation time, size and the like, is described; its 0x40 is no different from zImage thereafter. The file header of the uinimage needs to be added into the compressed file, so that the automatic operation is realized.
In summary, in the modification method of the firmware file in the above embodiment of the present invention, the kernel section of the firmware file in the kernel start program is modified, so that the kernel starts a half-initialized Shell, and parts of a boot system and a file system with a great variety and a great version difference are avoided, so that a security researcher can obtain a complete unprotected Shell; on the other hand, the method for modifying the kernel section and the positioning feature independent of the instruction set is used, and the method has better universality.
Example two
Referring to fig. 2, a method for modifying a firmware file according to a second embodiment of the present invention is shown, and the method specifically includes steps S201 to S212:
s201, acquiring a firmware file in a device memory, and extracting a kernel file in the firmware file;
in the implementation, the firmware file is obtained from the device memory, and the kernel file in the firmware file is extracted, and the obtained firmware file is the bin file, so that the kernel file needs to be extracted in the first step. The first premise of including the kernel file in the bin is that the firmware must be extracted from a flash or the like, and the firmware downloaded from the vendor's official network generally does not include the uboot and kernel files.
It is understood that uboot is a boot loader primarily used in embedded systems and can support a variety of different computer system architectures including PPC, ARM, AVR32, MIPS, x86, 68k, Nios, and MicroBlaze. This is also a free software release under the GNU universal public license.
S202, decompressing the kernel file to obtain a first decompressed file;
the kernel file that is usually extracted is compressed, typically of the gzip, xz or lzma type of compression; therefore, in specific implementation, the compression type of the kernel file needs to be determined, the compression algorithms adopted by different compression types are different, when the kernel file belongs to the Gzip type, the Gzip compression algorithm needs to be called to decompress the kernel file, and when the kernel file does not belong to the Gzip type, the compression algorithm corresponding to the compression type of the kernel file needs to be called to decompress the kernel file.
It should be noted that in the present application, the compression algorithm is determined by a file header, for example: "\ x1F \ x8B \ x 08" is gzip compression and "\ x 5D" is lzma compression. Then the gzip-cd or unlzma commands (compression algorithm) are executed for decompression.
S203, locating the character string of the kernel section in the first decompressed file;
it should be noted that, through analysis of the Linux kernel boot flow, it can be found that the init process of the kernel boot finally is determined by three parts.
The kernel needs to be directly started/bin/sh, and the kernel is started/bin/sh is a relatively pure shell. In specific implementation, the program header "/sbin/init" in the content of the try _ to _ run _ init _ process ("/sbin/init") parameter of the kernel section in the first decompressed file is modified into "/bin/sh", so that a very clean shell without any interference can be started.
It can be understood that init is one of programs indispensable in the operation of the Linux system. The so-called init process, which is a user-level process initiated by the kernel. After the kernel is started by itself (loaded into the memory, started to run, and initialized with all device drivers and data structures, etc.), the boot process is completed by starting a user-level program init. Therefore, init is always the first process (its process number is always 1).
In the present application, the specific location to the location to be modified can be realized by locating a string, such as "Try leaving in to kernel", so it is only necessary to locate the string in the kernel section and then find the front-most program header of the section, which is not necessarily/bin/init, but may be other files written by the manufacturer itself, so it is necessary to locate the front-most program header instead of/bin/init. The observation shows that all the character strings are in a Linux directory structure, so that the search method can be realized through regular matching.
S204, modifying the program header of the character string of the kernel section to obtain a modified first decompressed file;
s205, judging whether the modified first decompressed file has initialization parameters;
it should be noted that, besides modifying the parameter value of try _ to _ run _ init _ process, since it is not known whether the start parameter coming in from the uboot has two parameters, namely rdinit and init, which will be executed first in the kernel, if there are two parameters, the modified content will not be executed, so the influence of rdinit and init needs to be masked. Since the actual code segment after each kernel is compiled is different; from the re-analysis of the source code, it can be known that "rdinit" and "init" will be placed in a segment called "init. Then a match lookup is performed in the ". init.setup" segment. If a value of the ". init.setup" segment is erased or replaced with another value, it cannot be matched later. By this method we can mask both rdinit and init. Even if the parameter of uboot has the two values, the subsequent operation cannot be influenced if the parameter is not matched.
S206, when the initialization parameters exist in the first decompressed file, shielding the initialization parameters;
s207, compressing the modified first decompressed file to form a compressed file;
in specific implementation, the modified first decompressed file is compressed by using the same compression algorithm in step S102 to form a compressed file, and a specific compression algorithm command can be found in the Linux kernel source code.
S208, judging the compression type of the compressed file;
s209, deleting the last four bytes of the compressed file when the compression type of the compressed file is a Gzip type;
it should be noted that, after the compression is performed by the Gzip-cd command (compression algorithm), the compressed file is an identification byte with a Gzip type, and therefore, when the compression type of the kernel file in step S102 is the Gzip type, the last 4 bytes of the compressed file need to be deleted in this step.
S210, judging the mirror image type of the mirror image header file;
s211, when the mirror image type of the mirror image header file is a special compressed file type of a boot loader, adding the special file header of the boot loader to the compressed file to form a new compressed file;
it should be noted that, in the present application, it is necessary to determine a mirror header type of the mirror header file, and when the mirror header type belongs to a special compressed file type (UImage) for a boot loader, directly add a file header special for the boot loader to the compressed file to form a new compressed file; and inputting the new compressed file into the mirror image header file to synthesize a new firmware file.
And when the image header type belongs to a common compressed kernel image file type (zImage), directly inputting the compressed file into the image header file to synthesize a new firmware file.
It will be appreciated that zmmage is typically the default compressed kernel image file, compressed kernel file, plus a piece of decompressed boot code. The uinmage is obtained by processing a general compressed kernel image (zmmage) by using a tool mkimage. The kernel is an image file special for uboot, and a header with the length of 64 bytes is added before zImage, so that the information of the kernel, such as version, loading position, generation time, size and the like, is described; its 0x40 is no different from zImage thereafter. The file header of the uinimage needs to be added into the compressed file, so that the automatic operation is realized.
S212, inputting the new compressed file into the mirror image header file, and synthesizing a new firmware file.
In summary, in the modification method of the firmware file in the above embodiment of the present invention, the kernel section of the firmware file in the kernel start program is modified, so that the kernel starts a half-initialized Shell, and parts of a boot system and a file system with a great variety and a great version difference are avoided, so that a security researcher can obtain a complete unprotected Shell; on the other hand, the method for modifying the kernel section and the positioning feature independent of the instruction set is used, and the method has better universality.
EXAMPLE III
Referring to fig. 3, a system for modifying a firmware file according to a third embodiment of the present invention is shown, and the system includes:
an obtaining module 11, configured to obtain a firmware file in an apparatus memory, and extract a kernel file in the firmware file;
the decompression module 12 is configured to decompress the kernel file to obtain a first decompressed file;
a modifying module 13, configured to modify the content of the kernel section in the first decompressed file, to obtain a modified first decompressed file;
further, the modification module 13 is specifically configured to:
locating a string to the kernel section in the first decompressed file;
and modifying the program header of the character string of the kernel section to obtain a modified first decompressed file.
The compression module 14 is configured to compress the modified first decompressed file to form a compressed file;
and the processing module 15 is used for acquiring the mirror image header file and synthesizing a new firmware file with the compressed file.
Further, the processing module 15 is specifically configured to:
judging the mirror image type of the mirror image header file;
when the mirror image type of the mirror image header file is a special compressed file type of a boot loader, adding the special file header of the boot loader to the compressed file to form a new compressed file;
and inputting the new compressed file into the mirror image header file to synthesize a new firmware file.
Further, the system further comprises:
the first judgment module is used for judging whether the modified first decompressed file has initialization parameters;
and the shielding module is used for shielding the initialization parameters when the initialization parameters exist in the first decompressed file.
The second judging module is used for judging the compression type of the compressed file;
and the control module is used for deleting the last four bytes of the compressed file when the compression type of the compressed file is the Gzip type.
The functions or operation steps of the above modules when executed are substantially the same as those of the above method embodiments, and are not described herein again.
The implementation principle and the generated technical effect of the firmware file modification system provided by the embodiment of the invention are the same as those of the method embodiment, and for brief description, no part of the system embodiment is mentioned, and reference may be made to the corresponding contents in the method embodiment.
Example four
Referring to fig. 4, a computer device according to a fourth embodiment of the present invention is shown, which includes a memory 10, a processor 20, and a computer program 30 stored on the memory 10 and executable on the processor 20, where the processor 20 implements the method for modifying a firmware file when executing the computer program 30.
In specific implementation, the processor 20 obtains a firmware file in the device memory, and extracts a kernel file in the firmware file;
the processor 20 decompresses the kernel file to obtain a first decompressed file;
the processor 20 modifies the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
the processor 20 compresses the modified first decompressed file to form a compressed file;
the processor 20 takes the image header file and synthesizes a new firmware file with the compressed file.
The memory 10 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 20 may in some embodiments be an internal storage unit of the vehicle, such as a hard disk of the vehicle. The memory 20 may also be an external storage device in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 20 may also include both an internal storage unit and an external storage device of the vehicle. The memory 20 may be used not only to store application software installed in the vehicle and various types of data, but also to temporarily store data that has been output or will be output.
In some embodiments, the processor 20 may be an Electronic Control Unit (ECU), a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor or other data Processing chip, and is configured to run program codes stored in the memory 10 or process data, such as executing an access restriction program.
It should be noted that the configuration shown in fig. 4 does not constitute a limitation of the computer device, and in other embodiments, the computer device may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components may be used.
In the computer equipment, the processor 20 enables the kernel to start a half-initialized Shell by modifying the kernel section of the firmware file in the kernel starting program, avoids parts of a guide system and a file system with various types and large version differences, and enables safety researchers to obtain a complete unprotected Shell; on the other hand, the method for modifying the kernel section and the positioning feature independent of the instruction set is used, and the method has better universality.
The embodiment of the present invention further provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for modifying a firmware file as described above.
Those of skill in the art will understand that the logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be viewed as implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for modifying a firmware file, comprising:
acquiring a firmware file in a device memory, and extracting a kernel file in the firmware file;
decompressing the kernel file to obtain a first decompressed file;
modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
compressing the modified first decompressed file to form a compressed file;
and acquiring a mirror image header file and synthesizing the mirror image header file and the compressed file into a new firmware file.
2. The method for modifying a firmware file according to claim 1, wherein the step of modifying the content of the kernel section in the first decompressed file to obtain the modified first decompressed file comprises:
locating a string to the kernel section in the first decompressed file;
and modifying the program header of the character string of the kernel section to obtain a modified first decompressed file.
3. The method for modifying a firmware file according to claim 1, wherein before the step of compressing the modified first decompressed file to form a compressed file, the method comprises:
judging whether the modified first decompressed file has initialization parameters or not;
and when the initialization parameters exist in the first decompressed file, shielding the initialization parameters.
4. The method for modifying firmware files according to claim 1, wherein before the step of obtaining the image header file and synthesizing the image header file with the compressed file, the method further comprises:
judging the compression type of the compressed file;
and deleting the last four bytes of the compressed file when the compression type of the compressed file is the Gzip type.
5. The method for modifying firmware file according to claim 1, wherein the step of acquiring the image header file and synthesizing the new firmware file with the compressed file comprises:
judging the mirror image type of the mirror image header file;
when the mirror image type of the mirror image header file is a special compressed file type of a boot loader, adding the special file header of the boot loader to the compressed file to form a new compressed file;
and inputting the new compressed file into the mirror image header file to synthesize a new firmware file.
6. A system for modifying a firmware file, comprising:
the device comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a firmware file in a device memory and extracting a kernel file in the firmware file;
the decompression module is used for decompressing the kernel file to obtain a first decompressed file;
the modification module is used for modifying the content of the kernel section in the first decompressed file to obtain a modified first decompressed file;
the compression module is used for compressing the modified first decompressed file to form a compressed file;
and the processing module is used for acquiring the mirror image header file and synthesizing a new firmware file with the compressed file.
7. The system for modifying a firmware file according to claim 6, wherein the modification module is specifically configured to:
locating a string to the kernel section in the first decompressed file;
and modifying the program header of the character string of the kernel section to obtain a modified first decompressed file.
8. The system for modifying a firmware file according to claim 6, further comprising:
the first judgment module is used for judging whether the modified first decompressed file has initialization parameters;
and the shielding module is used for shielding the initialization parameters when the initialization parameters exist in the first decompressed file.
9. A readable storage medium on which a computer program is stored, which when executed by a processor implements a method of modifying a firmware file as claimed in any one of claims 1 to 5.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of modifying a firmware file according to any one of claims 1 to 5 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205222.3A CN113961236A (en) | 2021-10-15 | 2021-10-15 | Firmware file modification method and system, readable storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205222.3A CN113961236A (en) | 2021-10-15 | 2021-10-15 | Firmware file modification method and system, readable storage medium and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113961236A true CN113961236A (en) | 2022-01-21 |
Family
ID=79464162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111205222.3A Pending CN113961236A (en) | 2021-10-15 | 2021-10-15 | Firmware file modification method and system, readable storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113961236A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117648110A (en) * | 2024-01-29 | 2024-03-05 | 麒麟软件有限公司 | Method for independently packaging kernel images by separating AOSP compiling environment |
-
2021
- 2021-10-15 CN CN202111205222.3A patent/CN113961236A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117648110A (en) * | 2024-01-29 | 2024-03-05 | 麒麟软件有限公司 | Method for independently packaging kernel images by separating AOSP compiling environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7913252B2 (en) | Portable platform for executing software applications in a virtual environment | |
| US10162965B2 (en) | Portable media system with virus blocker and method of operation thereof | |
| US7320126B2 (en) | Implementation of in system programming to update firmware on memory cards | |
| JP6700351B2 (en) | System and method for detection of malicious code in a process's address space | |
| CN107563201B (en) | Associated sample searching method and device based on machine learning and server | |
| EP1347379A2 (en) | On demand, network accessible runtime compile server | |
| KR20110050592A (en) | Dynamic file system restriction for portable storage devices | |
| US8079032B2 (en) | Method and system for rendering harmless a locked pestware executable object | |
| US20060136134A1 (en) | Information processing apparatus and method for obtaining software processing log | |
| WO2013016567A2 (en) | System and method for virtual partition monitoring | |
| US20100241815A1 (en) | Hybrid Storage Device | |
| CN104217165B (en) | The processing method of file and device | |
| CN110502423B (en) | Vulnerability identification method, device, equipment and storage medium of firmware | |
| CN113961236A (en) | Firmware file modification method and system, readable storage medium and computer equipment | |
| WO2023016481A1 (en) | Data processing method and related apparatus | |
| CN116522368A (en) | Firmware decryption analysis method for Internet of things equipment, electronic equipment and medium | |
| US20160134652A1 (en) | Method for recognizing disguised malicious document | |
| CN111552517B (en) | Application program starting method and device, electronic equipment and computer storage medium | |
| CN109298891B (en) | System starting method and device, system compiling method and device | |
| CN112632536B (en) | Memory loading method based on PE file transformation | |
| CN115758353A (en) | Application program protection method, device, equipment and storage medium | |
| RU2665910C1 (en) | System and method of detecting the harmful code in the address process space | |
| US7007273B2 (en) | Object oriented model of preloading software | |
| CN109002710B (en) | Detection method, detection device and computer readable storage medium | |
| CN111722880B (en) | Equipment production method and device, terminal equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |