PFS and JFFS extraction

Started by ragingBull, December 06, 2011, 11:10:06 PM

Previous topic - Next topic

ragingBull

Hi All,

I have a binwalk with numerous lines. Example below:

3723552      0x38D120     Linux Journalled Flash filesystem, little endian
2283799      0x22D917     PFS filesystem, version NTFS Partition, 26996 files

I can dd the chunk to a file but mounting this into readable structure is where I am stuck. Any help re tool to assist would be appreciative. Furthermore, info on what a PFS FS is would be great.
Googling PFS returns anything from a pluggable FS to  personal FS etc.

Appreciate anyones time replying. Thanks

Jeremy Collake

Did you try the latest Firmware Mod Kit from the Google Code repository? http://code.google.com/p/firmware-mod-kit/wiki/Documentation . The new -ng scripts by Craig Heffner do a good job at extracting unknown firmwares. I focused the old scripts on specific firmwares, but his scripts use binwalk to help (at least extract, and usually build) unknown firmwares. Of course, there is a bit more risk since it means more untested devices might have their firmwares seemingly correctly built, but could be bricked on flash.
Software Engineer. Bitsum LLC.

ragingBull

Hi,

Appreciate the info and the suggestions. I have spent quite some time with the latest FW kit and was unfortunately making very little progress.
I have no intention of recompiling the FW as I was interested in examining some function calls and how they work rather than changing the way they work.

In relation to the "-ng" script; running the below:

# file mpfs.frm
mpfs.frm: data

# ./extract-ng.sh mpfs.frm

Scanning firmware...

DECIMAL      HEX          DESCRIPTION
-------------------------------------------------------------------------------------------------------

Extracting 0 bytes of  header image at offset 0
ERROR: No supported file system found! Aborting...


has no luck identifying any of the FS's binwalk identifies on its own. I am not sure if the script assumes a valid FS signature is sitting in byte 0? The very first identifiable sig from binwalk on the same FW bundle:

1104         0x450        ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV)

Tried running extract-ng on a dd extracted JFFS only but no luck either. The firmware mod kit is absolutely fantastic for other FW types but this one has run me into the ground. Another show-stopper is the extraction of PFS NTFS. Found a tool for PFS .9 but nothing on NTFS etc.

The FW bundle is written for VxWorks and I am looking at getting a copy for my system but finding a version that runs on my platform is a nightmare. The eval copy form WR website times out :)

Again, thanks for your help.

Jeremy Collake

You should post such issues on the Google Code project site for a final answer, in the Issues section. Some issues will not be handled, may be deferred, but are documented so that if they are addressed, you can then be notified immediately.
Software Engineer. Bitsum LLC.