基于 Wyplayer/固件的多媒体中心
固件文件允许用户更新这些多媒体磁盘。它们由每个多媒体磁盘制造商分发,并且似乎在不同的(品牌)设备之间**不可互换/兼容**。
- 了解 .wup 文件结构(已完成)
- 了解 .wup 文件各部分格式(XML 和内核,软件尚未)
- 了解 .wup 文件各部分功能(待定)
- 使用其他设备的固件更新设备(待定)
- 生成我们自己的“内核”并安装到设备中(待定)
- 生成我们自己的“软件”并安装到设备中(待定)
- 了解每个设备的 update.wup 中软件部分使用的加密密钥(待定)
- 获取设备访问权限,以便在工作时获取更多信息(待定)
示例
<root>
<specVersion>
<major>1</major>
<minor>1</minor>
</specVersion>
<update>
<version>001.002.00014.0000007929</version>
<displayName>Grab'n'GO Wireless Media Titan</displayName>
<description>-----</description>
<target>WBD000930AA</target>
<targetList>
<target>WBD000930AB</target>
</targetList>
<level>0</level>
<provider>-----</provider>
<generationDatetime>2009-02-09T10:22:13+0100Z</generationDatetime>
<uri>announce</uri>
<signature/>
<partList>
<part>
<id>1</id>
<displayName>Kernel</displayName>
<version>2.6.17.14.617</version>
<type>kernel</type>
<uri>kernel</uri>
<compression>none</compression>
<parent>1</parent>
<generationDatetime>2009-02-09T10:22:09+0100Z</generationDatetime>
<uncompressedSize>1962745</uncompressedSize>
<signature>ddbeb13f573a12c880b1d971ff25949b</signature>
</part>
<part>
<id>2</id>
<displayName>Software</displayName>
<version>001.002.00014.0000007929</version>
<type>core</type>
<uri>core</uri>
<compression>none</compression>
<parent>2</parent>
<generationDatetime>2009-02-09T10:22:09+0100Z</generationDatetime>
<uncompressedSize>121692160</uncompressedSize>
<signature>1afb31cdc482ce22c1ae0406ee55161f</signature>
</part>
</partList>
</update>
</root>
根据 file 命令的输出(在基于 *nix 的系统中可用),内核文件类似于
System:$ file kernel2.6.17.14.617_1.2.14.7929.bin
kernel2.6.17.14.617_1.2.14.7929.bin: u-boot/PPCBoot image
在 wyplay 提供的源代码中,存在一个 uboot-
- 查看 uboot-
主文件夹中找到的 Makefile,可以找到针对不同 wyplay 板的不同(入口)。我们正在尝试为 wymdbox_config(wyplayer 多媒体盒)配置和编译,我们理解这与这些多媒体磁盘对应。 - 由于缺少 SH4 编译器(¿?)导致 Make 失败。这似乎是多媒体磁盘的处理器架构。(规格:http://lars.nocrew.org/computers/processors/SuperH/sh4cpu_sh1.pdf)。
- 已为该架构的交叉编译编译了工具链:http://wiki.debian.org/SH4/CrossToolchain
- u-boot 已为 wymdbox 编译。
- 显然,固件内核文件包含 u-boot 和内核。
此文件的头部魔数 (0x270519) 表明它是 u-boot 类型。通过分析文件的其余部分,您发现在偏移量 352 处有一个 gzip 文件(至少在目前审查的文件中),可以使用命令提取
dd if=kernel.bin bs=352 skip=1 | gzip -d > kernel.uncompressed
通过分析这个解压缩的文件,我们发现在里面(至少在大多数固件中)有两个其他压缩文件。其中一个似乎是内核配置文件,另一个是编译期间所需的 initramfs.cpio(如果设置了所需参数)。
创建了一个新的脚本,用于在其他文件中查找和解压缩 gzip 文件。作为输入,需要您要查找 gzip 文件的文件/文件(作为输入,您可以使用类似 kernel1.2* 的内容)。
#!/bin/bash
# search_gzip
# Copyright (C) 2008, 2009, 2010
# Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Original Author: Orensbruli (Esteban Martinena Guerrero)
# Current Version: 0.1
PATTERN=1f8b0800
P_LEFT=`echo $PATTERN | cut -b1`
P_RIGHT=`echo $PATTERN | cut -b2-`
for FILE in $@
do
loop=1
OFFSET=$(expr `xxd -p $FILE | tr -d '\n' | sed -e "s/$P_LEFT\($P_RIGHT\)/p\1/g" | cut -d'p' -f1-$loop | wc -c` / 2)
LAST_OFFSET="_"
OUT_DIR=uncompressed
if [ ! -d $OUT_DIR ]
then
mkdir $OUT_DIR
fi
echo "Looking inside file $FILE..."
while [ ! $OFFSET == $LAST_OFFSET ]
do
dd if=$FILE bs=1 skip=$OFFSET 2>/dev/null | gzip -dc 2>/dev/null > $OUT_DIR/$FILE\_$loop\_$OFFSET.uncomp
if [ $? -eq 1 ]
then
echo "False gzip in $OFFSET."
rm $OUT_DIR/$FILE\_$loop\_$OFFSET.uncomp
else
echo "Generating gzip file: $OUT_DIR/$FILE\\_$loop\\_$OFFSET.uncomp"
fi
loop=$(expr $loop + 1)
LAST_OFFSET=$OFFSET
OFFSET=$(expr `xxd -p $FILE | tr -d '\n' | sed -e 's/1f8b/pqrs/g' | cut -d'p' -f1-$loop | wc -c` / 2)
done
echo "End of search"
done
在这种情况下,可以用来从内核文件中获取 gzip 文件,或者用来获取从内核中提取的解压缩文件中的 gzip 文件。为了阐明所有这些内容,文件层次结构如下所示
update.wup(使用提取脚本)
- 头部(在最后 4 个字节中包含内核文件大小)
- 内核(使用 gzip 提取脚本)
- kernel.uncomp(使用 gzip 提取脚本)
- 配置(内核编译的配置文件)
- initramfs.cpio(编译所需的文件)
- kernel.uncomp(使用 gzip 提取脚本)
- 中间(在最后 4 个字节中包含软件文件大小)
- 软件
- 页脚
- infoxml(关于 update.wup 文件和设备的 xml 信息)
注意:有一个名为 Tribbox 的项目。一个与我们具有类似规格的多媒体中心(至少处理器相同),其中包含有关挂载操作系统等的信息。可能有用:http://www.tribbox.com/
迄今为止,我们尚不完全了解软件系统的格式,但知道“file”命令对此文件输出“data”。猜测它是一个 squahfs 文件系统,此外还使用 aes-cbc-plain 编码和 128 位密钥进行加密。图像可能由内核 Linux 的 dm-crypt 接口解密。
通过结合所有发现,创建了一个脚本,该脚本从从固件文件 (提取脚本) (wup) 中获得的软件文件和其他包含可能密码列表的文件中,尝试解密并了解底层文件系统。已知问题
- 我们不确定使用的加密系统,因此我们正在盲目尝试。
- 该脚本为我们提供了许多误报结果,因为系统始终被解密。决定是否成功的是 file 的输出,我们应该期望类似于 squashfs 文件系统或类似的东西。
下面,只是一个在 Linux 文件系统和完整分区中作为解密示例的教学代码。我们对使用不承担任何责任。建议在使用前进行审查。
#! /bin/bash
# soft_decrypt
# Copyright (C) 2008, 2009, 20010
# Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Original Author: Orensbruli (Esteban Martinena Guerrero)
# Current Version: 0.1
#Verifying syntax of script call
if [ $# -lt 2 ]
then
echo -e "Wrong call."
echo -e "ej: $0 <software_file wup> <password_list_file>"
exit
fi
SOFTWARE_FILE=$1
PASSWORDS_FILE=$2
#Setting up device /dev/loop0 to select software file
losetup /dev/loop0 $SOFTWARE_FILE
#For each password
for passwd in `cat $PASSWORDS_FILE`
do
#echo "Trying password $passwd..."
#Mapping device /dev/loop0 with encrypted password as aes-cbc-plain 128 bits e /dev/mapper/decrypted
echo $passwd | cryptsetup -c aes-cbc-plain -s 128 -b `blockdev --getsize /dev/loop0` create decrypted /dev/loop0 2>/dev/null
#Sometimes problems because it keep going on mapping the one before, and tries to "un-map" and map again
if [ ! $? -eq 0 ]
then
dmsetup remove decripted
#echo -e "\tTrying again password $passwd..."
echo $passwd | cryptsetup -c aes-cbc-plain -s 128 -b `blockdev --getsize /dev/loop0` create decripted /dev/loop0
fi
#Small sample file is created with the beginning of the decrypted partition
dd if=/dev/mapper/decrypted of=sample.img count=100 bs=1 2> /dev/null
#Verifying file type. If successful, we should expect squashfs filesystem or something like that
TYPE=`file sample.img | grep -v "sample.img: data"`
if [ $? -eq 0 ]
then
echo "Decrypted as \"$TYPE\" with password $passwd"
fi
#Trying to despam (?) /dev/loop0 de /dev/mapper/decrypted
cryptsetup remove decrypted 2> /dev/null
dmsetup remove decrypted 2> /dev/null
#Wait 1 sec
sleep 1
done
#Delete association between software_file and /dev/loop0
losetup -d /dev/loop0
此 bash/shell 脚本允许从一个固件更新文件 (.wup) 中获取相应的内核、软件和 XML 信息文件。它是完全 GPL 的,我们对它的使用不承担任何责任。任何对功能或效果感兴趣的人员都必须对其进行分析。当然,任何改进、建议或贡献都将受到赞赏。
迄今为止,我们从 .wup 更新文件中获得了六个文件。主要文件是内核和软件,infoxml 的兴趣有限,其他文件(header_bytes、middle_bytes 和 footer_bytes)是在文件不同部分中没有标识的字节。这样做是为了结合所有文件,我们可以获得一个新的原始文件,而不会丢失信息。
header_bytes # kernel # middle_bytes # software # footer_bytes # infoxml
此脚本已在 MediaTitan、ZoltarTv 和 Wyplayer 的最新更新文件中成功测试。
#! /bin/bash
# wup_extract
# Copyright (C) 2008, 2009, 20010
# Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Original Author: Orensbruli (Esteban Martinena Guerrero)
# Current Version: 0.2
#File needed as input parameter
if [ $# -lt 1 ]
then
echo -e "Wrong call."
echo -e "ej: $0 <update_file.wup>"
exit
fi
FILE=$1
#Obtaining XML info and storing in file
echo -e "Analyzing file $FILE."
FILE_SIZE=`du -b $FILE | cut -f1`
LINEAS=`wc -l $FILE | cut -d' ' -f1`
ROOT_BEGIN=`grep -a -n -u "root" $FILE | head -n1 | cut -d':' -f1`
echo -e "\t$LINEAS total lines. Root section begins at line $ROOT_BEGIN."
TAIL=`expr $LINEAS - $ROOT_BEGIN + 1`
tail -n $TAIL $FILE > $FILE.xml
VERSION=`cat $FILE.xml | grep version | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1 | sed -e 's/^0*//' | sed -e 's/\.0*/./g'`
XML_FILE=infoxml\_$VERSION.xml
mv $FILE.xml $XML_FILE
echo -e "\tXML info obtained from firmware version $VERSION: $XML_FILE"
#Kernel information
KERNEL_VERSION=`cat $XML_FILE | grep -A 9 "<id>1" | grep version | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
KERNEL_SIZE=`cat $XML_FILE | grep -A 9 "<id>1" | grep uncompressedSize | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
KERNEL_FILE=kernel$KERNEL_VERSION\_$VERSION.bin
KERNEL_SIGNATURE=`cat $XML_FILE | grep -A 9 "<id>1" | grep signature | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
#Software file information
SOFTWARE_FILE=software_$VERSION.bin
SOFTWARE_SIZE=`cat $XML_FILE | grep -A 9 "<id>2" | grep uncompressedSize | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SOFTWARE_SIGNATURE=`cat $XML_FILE | grep -A 9 "<id>2" | grep signature | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
echo -e "\tKernel section in the XML. Version:$KERNEL_VERSION, Size: $KERNEL_SIZE, Checksum: $KERNEL_SIGNATURE."
echo -e "\tSoftware section in the XML. Size: $SOFTWARE_SIZE, Checksum: $SOFTWARE_SIGNATURE."
echo -e "Looking for kernel and software files offset..."
for KERNEL_OFFSET in `seq 1 200`
do
dd if=$FILE of=$KERNEL_FILE bs=1 count=200 skip=$KERNEL_OFFSET 2> /dev/null
file $KERNEL_FILE | grep "u-boot/PPCBoot image" > /dev/null
if [ $? -eq 0 ]
then
break
else
echo -e "\t$KERNEL_OFFSET"
fi
done
HEADER_BYTES=$KERNEL_OFFSET
HEADER_BYTES_FILE=header_bytes_$VERSION.bin
MIDDLE_BYTES=10
MIDDLE_BYTES_FILE=middle_bytes_$VERSION.bin
SOFTWARE_OFFSET=`expr $HEADER_BYTES + $KERNEL_SIZE + 10`
FOOTER_BYTES=`expr $(expr $(du -b $FILE | cut -f1)) - $(expr $HEADER_BYTES + $KERNEL_SIZE + $MIDDLE_BYTES + $SOFTWARE_SIZE) - $(expr $(du -b $XML_FILE | cut -f1))`
FOOTER_BYTES_FILE=footer_bytes_$VERSION.bin
echo -e "\tKernel found between bytes $KERNEL_OFFSET and $( expr $KERNEL_OFFSET + $KERNEL_SIZE )."
echo -e "\tSoftware found between bytes $SOFTWARE_OFFSET and $( expr $SOFTWARE_OFFSET + $SOFTWARE_SIZE )."
echo -e "Extracting header bytes..."
dd if=$FILE of=$HEADER_BYTES_FILE bs=1 count=$HEADER_BYTES 2> /dev/null
echo -e "\tHeader file ($HEADER_BYTES_FILE) extracted."
echo -e "Extracting kernel file..."
touch $SOFTWARE_FILE
dd if=$FILE of=$KERNEL_FILE bs=1 count=$KERNEL_SIZE skip=$KERNEL_OFFSET 2> /dev/null&
DIFF=`expr $KERNEL_SIZE - $( du -b $KERNEL_FILE | cut -f1 )`
while [ ! $DIFF -eq 0 ]
do
echo -e "\t $DIFF bytes pending for extract"
sleep 5
DIFF=`expr $KERNEL_SIZE - $( du -b $KERNEL_FILE | cut -f1 )`
done
KERNEL_FILE_TYPE=`file $KERNEL_FILE`
MD5SUM=`md5sum $KERNEL_FILE | cut -d' ' -f1`
if [ $MD5SUM == $KERNEL_SIGNATURE ]
then
echo -e "\tKernel file ($KERNEL_FILE) extracted successfully"
else
echo -e "ERROR: Kernel file ($KERNEL_FILE) failed"
fi
echo -e "Extracting middle bytes..."
dd if=$FILE of=$MIDDLE_BYTES_FILE bs=1 count=$MIDDLE_BYTES skip=`expr $HEADER_BYTES + $KERNEL_SIZE` 2> /dev/null
echo -e "\tMiddle bytes file ($MIDDLE_BYTES_FILE) extracted."
echo -e "Extracting software file..."
touch $SOFTWARE_FILE
dd if=$FILE of=$SOFTWARE_FILE bs=1 count=$SOFTWARE_SIZE skip=$SOFTWARE_OFFSET 2> /dev/null&
DIFF=`expr $SOFTWARE_SIZE - $( du -b $SOFTWARE_FILE | cut -f1)`
while [ ! $DIFF -eq 0 ]
do
echo -e "\t $DIFF bytes pending for extract"
sleep 5
DIFF=`expr $SOFTWARE_SIZE - $( du -b $SOFTWARE_FILE | cut -f1)`
done
SOFTWARE_FILE_TYPE=`file $SOFTWARE_FILE`
MD5SUM=`md5sum $SOFTWARE_FILE | cut -d' ' -f1`
if [ $MD5SUM == $SOFTWARE_SIGNATURE ]
then
echo -e "\tSoftware file ($SOFTWARE_FILE) extracted successfully"
else
echo -e "ERROR: Software file ($SOFTWARE_FILE) failed"
fi
echo -e "Extracting footer bytes..."
dd if=$FILE of=$FOOTER_BYTES_FILE bs=1 count=$FOOTER_BYTES skip=`expr $HEADER_BYTES + $KERNEL_SIZE + $MIDDLE_BYTES + $SOFTWARE_SIZE` 2> /dev/null
echo -e "\tFooter bytes file ($FOOTER_BYTES_FILE) extracted."
kill `pidof dd` 2> /dev/null
发现的问题之一是,一个设备不能使用不同的设备(品牌)固件文件进行更新。原因似乎是每个设备都有一个标识符,此外,固件文件的“软件”部分对于每个设备的加密方式都不同。
如果只是这样,理论上可以为设备创建具有修改内核部分的固件,即使这样,更新也允许。更新文件中包含的每个6个部分,都会构建一个新的部分,作为一些不同固件文件的混合。
为了测试混合两个固件文件内容的概念,已经创建了一个脚本,能够从两个不同的文件中生成一个新的 .wup 文件。脚本反汇编这两个原始文件(仅当反汇编后的部分在文件夹中不可用时),并提供许多可能的组合。这对于验证这些组合中是否有任何组合允许我们更新设备很有用。作为一般规则,从脚本提供的所有选项中,我们感兴趣的是那些混合了来自不同设备的一个部分和我们设备其余部分的选项。更具体地说,是那个采用另一个设备的内核以及我们自己设备的其余部分的选项。生成的的文件尚未经过测试,因此我们建议在使用它们时谨慎行事。
重要:要运行此脚本,您需要更改变量 EXTRACT_PROGRAM 的值,并设置到提取脚本的路径。
操作很简单
wup_mix <update_file1> <update_file2>
#! /bin/bash
# wup_mix
# Copyright (C) 2008, 2009, 20010
# Free Software Foundation, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Original Author: Orensbruli (Esteban Martinena Guerrero)
# Current Version: 0.1
#PATH to extraction script
EXTRACT_PROGRAM=<PATH_TO_EXTRACTION_SCRIPT>/extract_xml
if [ ! -f $EXTRACT_PROGRAM ]
then
echo "You must set variable EXTRACT_PROGRAM to extraction script path"
fi
#File is needed as input parameter
if [ $# -lt 2 ]
then
echo -e "Wrong call."
echo -e "ej: $0 <update_file_1.wup> <update_file_2.wup>"
exit
fi
UPDATE_FILE1=$1
UPDATE_FILE2=$2
if [ $UPDATE_FILE1 == $UPDATE_FILE2 ]
then
echo "Files can not have same name even in different folders."
echo "Try to rename one of them (ej. mv update.wup update1.wup)."
exit
fi
echo -e "Checking if mixture of files is possible."
UPDATE_FILE1_SIZE=`du -b $UPDATE_FILE1 | cut -f1`
LINEAS1=`wc -l $UPDATE_FILE1 | cut -d' ' -f1`
ROOT_BEGIN1=`grep -a -n -u "root" $UPDATE_FILE1 | head -n1 | cut -d':' -f1`
TAIL1=`expr $LINEAS1 - $ROOT_BEGIN1 + 1`
tail -n $TAIL1 $UPDATE_FILE1 > $UPDATE_FILE1.xml
VERSION1=`cat $UPDATE_FILE1.xml | grep version | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1 | sed -e 's/^0*//' | sed -e 's/\.0*/./g'`
UPDATE_FILE2_SIZE=`du -b $UPDATE_FILE2 | cut -f1`
LINEAS2=`wc -l $UPDATE_FILE2 | cut -d' ' -f1`
ROOT_BEGIN2=`grep -a -n -u "root" $UPDATE_FILE2 | head -n1 | cut -d':' -f1`
TAIL2=`expr $LINEAS2 - $ROOT_BEGIN2 + 1`
tail -n $TAIL2 $UPDATE_FILE2 > $UPDATE_FILE2.xml
VERSION2=`cat $UPDATE_FILE2.xml | grep version | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1 | sed -e 's/^0*//' | sed -e 's/\.0*/./g'`
DATE_KERNEL1=`cat $UPDATE_FILE1.xml | grep -i generationDatetime | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
DATE_KERNEL2=`cat $UPDATE_FILE2.xml | grep -i generationDatetime | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
DATE_SOFTWARE1=`cat $UPDATE_FILE1.xml | grep -i generationDatetime | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
DATE_SOFTWARE2=`cat $UPDATE_FILE2.xml | grep -i generationDatetime | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIGNATURE_KERNEL1=`cat $UPDATE_FILE1.xml | grep -i signature | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIGNATURE_KERNEL2=`cat $UPDATE_FILE2.xml | grep -i signature | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIGNATURE_SOFTWARE1=`cat $UPDATE_FILE1.xml | grep -i signature | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIGNATURE_SOFTWARE2=`cat $UPDATE_FILE2.xml | grep -i signature | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIZE_KERNEL1=`cat $UPDATE_FILE1.xml | grep -i uncompressedSize | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIZE_KERNEL2=`cat $UPDATE_FILE2.xml | grep -i uncompressedSize | tail -n2 | head -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIZE_SOFTWARE1=`cat $UPDATE_FILE1.xml | grep -i uncompressedSize | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
SIZE_SOFTWARE2=`cat $UPDATE_FILE2.xml | grep -i uncompressedSize | tail -n1 | cut -d'>' -f 2 | cut -d'<' -f1`
NAME1=`cat $UPDATE_FILE1.xml | grep -i displayName | head -n1| cut -d'>' -f 2 | cut -d'<' -f1`
NAME2=`cat $UPDATE_FILE2.xml | grep -i displayName | head -n1| cut -d'>' -f 2 | cut -d'<' -f1`
if [ $VERSION1 == $VERSION2 ]
then
echo "Both update files are of same version. Must be from two different versions to be mixed."
rm $UPDATE_FILE1.xml
rm $UPDATE_FILE2.xml
exit
else
echo "Ok."
fi
rm $UPDATE_FILE1.xml
rm $UPDATE_FILE2.xml
bash $EXTRACT_PROGRAM $UPDATE_FILE1
bash $EXTRACT_PROGRAM $UPDATE_FILE2
echo "Type number of operation to do:"
select OPCION in cabecera$NAME1$VERSION1+resto$NAME2$VERSION2 kernel$NAME1$VERSION1+resto$NAME2$VERSION2 middle$NAME1$VERSION1+resto$NAME2$VERSION2 software$NAME1$VERSION1+resto$NAME2$VERSION2 footer$NAME1$VERSION1+resto$NAME2$VERSION2 xml$NAME1$VERSION1+resto$NAME2$VERSION2 cabecera$NAME2$VERSION2+resto$NAME1$VERSION1 kernel$NAME2$VERSION2+resto$NAME1$VERSION1 middle$NAME2$VERSION2+resto$NAME1$VERSION1 software$NAME2$VERSION2+resto$NAME1$VERSION1 footer$NAME2$VERSION2+resto$NAME1$VERSION1 xml$NAME2$VERSION2+resto$NAME1$VERSION1
do
NEW_NAME=$OPCION.wup
case $OPCION in
cabecera$NAME1$VERSION1+Resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
;;
cabecera$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
;;
kernel$NAME1$VERSION1+resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
cp ${PARTS[5]} ${PARTS[5]}.aux
PARTS[5]=${PARTS[5]}.aux
sed -i -e "s/$SIZE_KERNEL2/$SIZE_KERNEL1/g" -e "s/$SIGNATURE_KERNEL2/$SIGNATURE_KERNEL1/g" -e "s/$DATE_KERNEL2/$DATE_KERNEL1/g" ${PARTS[5]}
;;
kernel$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
cp ${PARTS[5]} ${PARTS[5]}.aux
PARTS[5]=${PARTS[5]}.aux
sed -i -e "s/$SIZE_KERNEL1/$SIZE_KERNEL2/g" -e "s/$SIGNATURE_KERNEL1/$SIGNATURE_KERNEL2/g" -e "s/$DATE_KERNEL1/$DATE_KERNEL2/g" ${PARTS[5]}
;;
middle$NAME1$VERSION1+resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
;;
middle$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
;;
software$NAME1$VERSION1+resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
cp ${PARTS[5]} ${PARTS[5]}.aux
PARTS[5]=${PARTS[5]}.aux
sed -i -e "s/$SIZE_SOFTWARE2/$SIZE_SOFTWARE1/g" -e "s/$SIGNATURE_SOFTWARE2/$SIGNATURE_SOFTWARE1/g" -e "s/$DATE_SOFTWARE2/$DATE_SOFTWARE1/g" ${PARTS[5]}
;;
software$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
cp ${PARTS[5]} ${PARTS[5]}.aux
PARTS[5]=${PARTS[5]}.aux
sed -i -e "s/$SIZE_SOFTWARE1/$SIZE_SOFTWARE2/g" -e "s/$SIGNATURE_SOFTWARE1/$SIGNATURE_SOFTWARE2/g" -e "s/$DATE_SOFTWARE1/$DATE_SOFTWARE2/g" ${PARTS[5]}
;;
footer$NAME1$VERSION1+resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
;;
footer$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
;;
xml$NAME1$VERSION1+resto$NAME2$VERSION2)
PARTS[0]=`ls -1 header_bytes*$VERSION2.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION2.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION2.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION2.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION2.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION1.xml | head -n1`
;;
xml$NAME2$VERSION2+resto$NAME1$VERSION1)
PARTS[0]=`ls -1 header_bytes*$VERSION1.bin | head -n1`
PARTS[1]=`ls -1 kernel*$VERSION1.bin | head -n1`
PARTS[2]=`ls -1 middle_bytes*$VERSION1.bin | head -n1`
PARTS[3]=`ls -1 software*$VERSION1.bin | head -n1`
PARTS[4]=`ls -1 footer_bytes*$VERSION1.bin | head -n1`
PARTS[5]=`ls -1 infoxml*$VERSION2.xml | head -n1`
;;
*)
continue
;;
esac
echo "Creating mixed file..."
touch $NEW_NAME
for part in $( seq 0 `expr ${#PARTS[*]} - 1` )
do
echo -e "\tAdding ${PARTS[$part]} to new file $NEW_NAME..."
dd if=${PARTS[$part]} of=$NEW_NAME bs=1 seek=`du -b $NEW_NAME | cut -f1` 2>/dev/null
done
echo "Done."
break
done
用于从 386 32 位交叉编译的 SH4 工具链。下载并在 opt 中解压缩:http://www.megaupload.com/?d=HSV19P40
用于从 386 32 位交叉编译的 SH4 工具链。下载并在 opt 中解压缩:http://www.megaupload.com/?d=HSV19P40
为了获得对设备的 telnet 访问权限,必须修改硬盘驱动器上的一个文件。为此,您需要从设备中取出硬盘驱动器并将其插入 PC 以获取访问权限。任何 Linux 发行版都允许访问硬盘驱动器并修改该文件,即使是 Ubuntu Live CD 或任何其他发行版。
要修改的文件位于分区 1 (JFS) 中。要挂载它,请执行以下命令
(注意:sda 必须更改为适合您的分区数据,并且所有命令都必须以 root 身份执行,即在命令前添加“sudo”)
$ mkdir /mnt/sda1 $ jfs_fsck /dev/sda1 $ mount /dev/sda1 /mnt/sda1
挂载后,我们必须通过在文件末尾添加以下行来编辑“local_conf.py”文件
import os
os.system('telnetd -l /bin/ash')
现在我们卸载分区 (umount /mnt/sda1) 并将硬盘驱动器重新插入设备。
从现在开始,我们应该可以访问设备的 telnet:(如果它已连接到网络,很明显)
$ telnet device_ip Wybox Release Branch 1.3.15 (Future is Now!) / $
迄今为止,我们已在以下版本上成功测试了此过程
Works Don't works Media Titan: 7983 and previous 7989 Zoltar TV: 7891 and previous 7909 Wyplayer: 8399? 8418 Mediatec: ? ?
- 2009 年 9 月:http://www.zoltartv.com/firmware/Sep-17-2009/update.zip
- 2009 年 6 月:http://www.zoltartv.com/firmware/Junio-16-2009/update.zip
- 2009 年 5 月:http://www.zoltartv.com/firmware/Mayo-27-2009/update.zip
- 2009 年 2 月:http://www.zoltartv.com/firmware/Febrero-02-2009/update.zip
CMT2D (non Wi-Fi):
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.3.15.7989_(1.3R6).zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.3.15.7984_(1.3R5).zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.3.15.7983_(1.3R4).zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.3.15.7963_BETA.zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.2.14.7929.ZIP
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.2.14.7926.zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_UPD_v1.1.13.7870.ZIP
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2D_FW_v1.1.13.7860.ZIP
CMT2DW (Wi-Fi):
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.3.15.7989_(1.3R6).zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.3.15.7983_(1.3R4).zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.3.15.7963_BETA.zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.2.14.7929.ZIP
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.2.14.7926.zip
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_UPD_v1.1.13.7870.ZIP
http://download.conceptronic.net/GrabnGo/CMT2D_CMT2DW/CMT2DW_FW_v1.1.13.7860.ZIP
- 2009 年 8 月:http://www.wyplayer.com/downloads/Wyplayer/1.3.16.8498_04.08.09/version-1.3.16.8498_1.3.16.8498_040809.zip
- 2009 年 6 月:http://www.wyplayer.com/downloads/Wyplayer/1.3.15.8418_11.06.09/version-1.3.15.8418_1.3.15.8418_110609.zip
- 2009 年 5 月:http://www.wyplayer.com/downloads/Wyplayer/1.3.15.8399_13.05.09/version-1.3.15.8399_1.3.15.8399_130509.zip
- 2009 年 4 月:http://www.wyplayer.com/downloads/Wyplayer/1.3.15.8379_20.04.09/version-1.3.15.8379_1.3.15.8379_200409.wup