You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have what I believe to be a fairly standard initramfs embedded into a kernel bzImage. Running binwalk on the bzImage I had hoped would successfully extract the cpio archive. It seems that the CPIO archive is partially extracted, but it doesn't seem to work as expected. binwalk prints the following when run:
binwalk --run-as=root -S --extract /bzImage-6.6.3
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 Microsoft executable, portable (PE)
7549241 0x733139 Zlib compressed data, default compression
7653261 0x74C78D Private key in DER format (PKCS header length: 4, sequence length: 1189
7661537 0x74E7E1 AES S-Box
7661793 0x74E8E1 AES S-Box
11771337 0xB39DC9 gzip compressed data, maximum compression, from Unix, last modified: 1970-01-01 00:00:00 (null date)
12467410 0xBE3CD2 MySQL MISAM index file Version 10
Since I know my initramfs is a gzipped cpio , 0xB39DC9 looks good.
Unfortunately, trying to decompress the extracted element gives an error.
The fragment decompressed is identified as a cpio:
# file decompressed
decompressed: ASCII cpio archive (SVR4 with no CRC)
But it only contains entries, and I would expect several more:
# busybox cpio -t <decompressed
bin
busybox
Also, this cpio is only about 1.1M, I was able to recreate the cpio
by booting the kernel with the rdinit parameter and poking around,
and the cpio seems to be about 6 megs decompressed (the bzImage is approximately 16).
The text was updated successfully, but these errors were encountered:
I have what I believe to be a fairly standard initramfs embedded into a kernel bzImage. Running binwalk on the bzImage I had hoped would successfully extract the cpio archive. It seems that the CPIO archive is partially extracted, but it doesn't seem to work as expected. binwalk prints the following when run:
Since I know my initramfs is a gzipped cpio , 0xB39DC9 looks good.
Unfortunately, trying to decompress the extracted element gives an error.
The fragment decompressed is identified as a cpio:
But it only contains entries, and I would expect several more:
Also, this cpio is only about 1.1M, I was able to recreate the cpio
by booting the kernel with the rdinit parameter and poking around,
and the cpio seems to be about 6 megs decompressed (the bzImage is approximately 16).
The text was updated successfully, but these errors were encountered: