PDA

View Full Version : How to Disassemble vxworks System?


wsgtrsys
December 28th, 2005, 06:53
i want Disassemble an vxworks system,vxworks system have a elf image file,,and i use IDA Pro Disassemble it ,but have a problem.

http://www.routerclub.com/attachments/Snap1a_NP0RpFNROu4B.gif

this system is a bas system, it use network card mac address to register it.
underside is the system file.

ftp://61.161.79.48/router/vxwork.rar

0xf001
January 13th, 2006, 13:50
mr. routerclub,

please its getting boring, _what_ is your problem? what did you do to try to solve it???

--
0xf001

wsgtrsys
January 23rd, 2006, 08:18
this vxworks system is crack by me ,thanks 0xf001

evilkings
August 22nd, 2007, 09:19
will you give more information about this ? we are facing some problem in analyzing a vxworks binary .

JMI
August 22nd, 2007, 12:33
And what did YOU do to try to solve it?

Regards,

evilkings
August 22nd, 2007, 19:19
i tried to load the binary into ida and its running for more than 24 hours and i couldnt able to get the section info.
And more than, when i loaded it, few of the variables thats within the text section is not linked.
for ex,

push 0xnnnnnnnn -> Actually this is part of text section

And IDA is not linking it properly. In few of the places all the strings used in the function is included between the function,
any idea howto automate this ? did anyone faced the same kind of problems ?

hazard
September 1st, 2007, 14:32
I tried once to crack some vxwoks firmware. Inside the original file was another zlib compressed file that needed to be extracted. I used simple python script to extract data and continue analysis. Could find script if interested.
Did you set correct processor for your binary?

evilkings
September 4th, 2007, 01:43
yes.it was an interesting exercise to try !! after playing with the large binary for lonnng time, i could manage to disassemble it correctly . whatever i had was x86 binary and i loaded that in the ida pro as binary file and after doing few more analysis, i could able to create few function and then on...it was a nice experience !!
"hazard" if you could share that script, please send it across . it will be useful in few cases if you are reversing Linux kernel binary also. please share that !!

hazard
September 4th, 2007, 06:26
it's super simple but effective
Code:

from sys import *
from struct import *
from zlib import *

def main():
print "\nextract and decompress zlib"
if len(argv) is not 3:
print """
Usage:
<argv1> source file
<argv2> dest file
"""
exit()
else:
print """
Using:
Source: %s
Dest: %s
""" % (argv[1],argv[2])
try:
in_fd=open(argv[1],"rb"
except:
print "[-]Could't open file %s" % argv[1]
exit()

try:
out_fd=open(argv[2],"wb"
except:
print "[-]Could't open file %s" % argv[2]
exit()

buff=in_fd.read()
print 'Length', hex(len(buff))

for i in range(len(buff)):
try:
decomS = decompress(buff[i:])
except:
# print '.'
continue

print "Got it ", i, hex(i)
out_fd.write(decomS)
print "[+]Done writing to '%s'" % argv[2]

if __name__=="__main__":
main()