Reverse Engineering a JFTTS2/UBI Filesystem from .bin file to files and folders.
REVERSE ENGINEERING JFFS2 UBI FILESYSTEM (TP-LINK ROUTER) - for education only DEPENDANCIES:
binwalk: https://github.com/ReFirmLabs/binwalk
ubi_reader: https://github.com/jrspruitt/ubi_reader
jefferson-git: https://github.com/sviehb/jefferson
Linux kernel: https://www.kernel.org/
Extracts a bin file to a filesystem (-e=extract, -M=recursivly, =Input .bin file)
binwalk -e -M
Handy tool mtd-utils which includes:
ubinfo - provides information about UBI devices and volumes found in the system;
ubiattach - attaches MTD devices (which describe raw flash) with UBI which creates corresponding UBI devices;
ubidetach - detaches MTD devices from UBI devices (the opposite to what ubiattach does);
ubimkvol - creates UBI volumes on UBI devices;
ubirmvol - removes UBI volumes from UBI devices;
ubiblock - manages block interfaces for UBI volumes. See here for more information;
ubiupdatevol - updates UBI volumes; this tool uses the UBI volume update feature which leaves the volume in "corrupted" state if the update was interrupted; additionally, this tool may be used to wipe out UBI volumes;
ubicrc32 - calculates CRC-32 checksum of a file with the same initial seed as UBI would use;
ubinize - generates UBI images;
ubiformat - formats empty flash, erases flash and preserves erase counters, flashes UBI images to MTD devices;
mtdinfo - reports information about MTD devices found in the system.
REF: http://www.linux-mtd.infradead.org/doc/ubi.html
(Always needs to be formatted to avoid corruption)
sudo modprobe nandsim first_id_byte=0x2c second_id_byte=0xda third_id_byte=0x90 fourth_id_byte=0x95
sudo flash_erase /dev/mtd0 0 0
sudo ubiformat /dev/mtd0 -s 2048 -O 2048
sudo modprobe ubi
sudo ubiattach -m 0 -d 0 -O 2048
sudo ubimkvol /dev/ubi0 -N RFS -s $((0xA00000))
sudo ubiupdatevol /dev/ubi0_0 RFS.bin
sudo mount /dev/ubi0_0 /mnt