look at offset 0xFFE00 It seems we have an array of size 4 with following structure, sort of section headers:
*name (reversed string) *0 *offset in dump *len in dump *0x8000000 *0 *0 *0x10005 *addresse in memory? Moreover on disk we have (raw offset+ len):: diagflsh raw offset + diagflsh len 0xB5C40+ 0x14E40 = CAA80 and CAA80 is near flshdisk raw offset (0xCAC80) with seems to confirm sort of section header descriptors addresses in memory may be interesting: 0x810C848 0x80F7808 0x80F5008 because they seem to reflect len on disk: 0x810C848-0x80F7808 = 0x15040 and diagflsh may be 0x14E40 bytes on disk 0x80F7808-0x80F5008 = 0x2800 and logoflsh may be 0x2600 on disk and for example on PE header, there is file alignment , and memory alignment which may be different from one to another. (this is just to compare) ROM:000FFE00 68 73 6C 66 DCD 0x666C7368 ; flshdisk ROM:000FFE04 6B 73 69 64 DCD 0x6469736B ROM:000FFE08 00 00 00 00 DCD 0 ROM:000FFE0C 80 AC 0C 00 DCD 0xCAC80 ROM:000FFE10 80 4F 03 00 DCD 0x34F80 ROM:000FFE14 00 00 00 08 DCD 0x8000000 ROM:000FFE18 00 00 00 00 DCD 0 ROM:000FFE1C 00 00 00 00 DCD 0 ROM:000FFE20 05 00 01 00 DCD 0x10005 ROM:000FFE24 48 C8 10 08 DCD 0x810C848 ROM:000FFE28 68 73 6C 66 DCD 0x666C7368 ; diagflsh ROM:000FFE2C 67 61 69 64 DCD 0x64696167 ROM:000FFE30 00 00 00 00 DCD 0 ROM:000FFE34 40 5C 0B 00 DCD 0xB5C40 ROM:000FFE38 40 4E 01 00 DCD 0x14E40 ROM:000FFE3C 00 00 00 08 DCD 0x8000000 ROM:000FFE40 00 00 00 00 DCD 0 ROM:000FFE44 00 00 00 00 DCD 0 ROM:000FFE48 05 00 01 00 DCD 0x10005 ROM:000FFE4C 08 78 0F 08 DCD 0x80F7808 ROM:000FFE50 68 73 6C 66 DCD 0x666C7368 ; logoflsh ROM:000FFE54 6F 67 6F 6C DCD 0x6C6F676F ROM:000FFE58 00 00 00 00 DCD 0 ROM:000FFE5C 40 34 0B 00 DCD 0xB3440 ROM:000FFE60 00 26 00 00 DCD 0x2600 ROM:000FFE64 00 00 00 08 DCD 0x8000000 ROM:000FFE68 00 00 00 00 DCD 0 ROM:000FFE6C 00 00 00 00 DCD 0 ROM:000FFE70 05 00 01 00 DCD 0x10005 ROM:000FFE74 08 50 0F 08 DCD 0x80F5008 ROM:000FFE78 00 00 00 00 DCD 0 ; logo ROM:000FFE7C 6F 67 6F 6C DCD 0x6C6F676F ROM:000FFE80 00 00 00 00 DCD 0 ROM:000FFE84 80 5B 05 00 DCD 0x55B80 ROM:000FFE88 00 26 00 00 DCD 0x2600 ROM:000FFE8C 00 00 00 08 DCD 0x8000000 ROM:000FFE90 00 00 00 00 DCD 0 ROM:000FFE94 00 00 00 00 DCD 0 ROM:000FFE98 05 00 01 00 DCD 0x10005 ROM:000FFE9C FF FF FF FF DCD 0xFFFFFFFF Next, when we look at each raw offset : 0xCAC80 (flshdisk) ROM:000CAC80 00 00 00 00 DCD 0 ROM:000CAC84 02 00 00 00 DCD 2 ROM:000CAC88 02 00 00 00 DCD 2 ROM:000CAC8C 40 00 00 00 DCD 0x40 ROM:000CAC90 00 00 00 00 DCD 0 ROM:000CAC94 80 4F 03 00 DCD 0x34F80 ROM:000CAC98 90 04 40 DD DCD 0xDD400490 ROM:000CAC9C 83 20 C0 2E DCD 0x2EC02083 at 0xB5C40 (diagflsh) ROM:000B5C40 00 00 00 00 DCD 0 ROM:000B5C44 02 00 00 00 DCD 2 ROM:000B5C48 02 00 00 00 DCD 2 ROM:000B5C4C 40 00 00 00 DCD 0x40 ROM:000B5C50 00 00 00 00 DCD 0 ROM:000B5C54 40 4E 01 00 DCD 0x14E40 ROM:000B5C58 90 04 40 DD DCD 0xDD400490 ROM:000B5C5C 9E 90 A9 F5 DCD 0xF5A9909E 000B3440 : (logoflsh) ROM:000B3440 00 00 00 00 DCD 0 ROM:000B3444 02 00 00 00 DCD 2 ROM:000B3448 02 00 00 00 DCD 2 ROM:000B344C 40 00 00 00 DCD 0x40 ROM:000B3450 00 00 00 00 DCD 0 ROM:000B3454 00 26 00 00 DCD 0x2600 ROM:000B3458 90 04 40 DD DCD 0xDD400490 ROM:000B345C 66 75 E2 35 DCD 0x35E27566 at 00055B80 (logo) ROM:00055B80 00 00 00 00 DCD 0 ROM:00055B84 02 00 00 00 DCD 2 ROM:00055B88 02 00 00 00 DCD 2 ROM:00055B8C 40 00 00 00 DCD 0x40 ROM:00055B90 00 00 00 00 DCD 0 ROM:00055B94 00 26 00 00 DCD 0x2600 ROM:00055B98 90 04 40 DD DCD 0xDD400490 ROM:00055B9C 66 75 E2 35 DCD 0x35E27566 we can see the LEN is repeated ; the section logo & logoflsh (0x2600 both) are the same So if stream cipher with same key, xor of both sould result in xor unciphered versions. (erf :) Another interesting offset: 0x4000 at 00004000 4 bytes stand for SCfg (config?) at 00004018 strange string mNrSYM7240KUVQ5 at 0000402C 4 bytes stand for Fwid (firmware id?) at 00004040 4 bytes for Hwid (hardware id?) at 0000407C 4 b: Regn (region??) at 00004090 ?? DrmV (DRM version, kikoolol . ) ROM:00004000 67 DCB 0x67 ; g ROM:00004001 66 DCB 0x66 ; f ROM:00004002 43 DCB 0x43 ; C ROM:00004003 53 DCB 0x53 ; S ROM:00004004 A4 00 00 00 DCD 0xA4 ROM:00004008 00 20 00 00 DCD 0x2000 ROM:0000400C 01 00 01 00 DCD 0x10001 ROM:00004010 00 00 00 00 DCD 0 ROM:00004014 07 00 00 00 DCD 7 ROM:00004018 6D DCB 0x6D ; m ROM:00004019 4E DCB 0x4E ; N ROM:0000401A 72 DCB 0x72 ; r ROM:0000401B 53 DCB 0x53 ; S ROM:0000401C 59 DCB 0x59 ; Y ROM:0000401D 4D DCB 0x4D ; M ROM:0000401E 37 DCB 0x37 ; 7 ROM:0000401F 32 DCB 0x32 ; 2 ROM:00004020 34 DCB 0x34 ; 4 ROM:00004021 30 DCB 0x30 ; 0 ROM:00004022 4B DCB 0x4B ; K ROM:00004023 55 DCB 0x55 ; U ROM:00004024 56 DCB 0x56 ; V ROM:00004025 51 DCB 0x51 ; Q ROM:00004026 35 DCB 0x35 ; 5 ROM:00004027 00 DCB 0 ROM:00004028 00 00 00 00 DCD 0 ROM:0000402C 64 DCB 0x64 ; d ROM:0000402D 49 DCB 0x49 ; I ROM:0000402E 77 DCB 0x77 ; w ROM:0000402F 46 DCB 0x46 ; F ROM:00004030 00 00 00 01 DCD 0x1000000 ROM:00004034 DA FA F5 19 DCD 0x19F5FADA ROM:00004038 00 27 0A 00 DCD 0xA2700 ROM:0000403C 00 00 00 00 DCD 0 ROM:00004040 64 DCB 0x64 ; d ROM:00004041 49 DCB 0x49 ; I ROM:00004042 77 DCB 0x77 ; w ROM:00004043 48 DCB 0x48 ; H ROM:00004044 FF FF FF FF DCD 0xFFFFFFFF ROM:00004048 FF FF FF FF DCD 0xFFFFFFFF ROM:0000404C FF FF FF FF DCD 0xFFFFFFFF ROM:00004050 FF FF FF FF DCD 0xFFFFFFFF ROM:00004054 72 DCB 0x72 ; r ROM:00004055 56 DCB 0x56 ; V ROM:00004056 77 DCB 0x77 ; w ROM:00004057 48 DCB 0x48 ; H ROM:00004058 00 00 00 00 DCD 0 ROM:0000405C 09 00 10 00 DCD 0x100009 ROM:00004060 00 00 00 00 DCD 0 ROM:00004064 00 00 00 00 DCD 0 ROM:00004068 23 DCB 0x23 ; # ROM:00004069 64 DCB 0x64 ; d ROM:0000406A 6F DCB 0x6F ; o ROM:0000406B 4D DCB 0x4D ; M ROM:0000406C 4D DCB 0x4D ; M ROM:0000406D 41 DCB 0x41 ; A ROM:0000406E 34 DCB 0x34 ; 4 ROM:0000406F 37 DCB 0x37 ; 7 ROM:00004070 37 DCB 0x37 ; 7 ROM:00004071 00 DCB 0 ROM:00004072 00 DCB 0 ROM:00004073 00 DCB 0 ROM:00004074 00 00 00 00 DCD 0 ROM:00004078 00 00 00 00 DCD 0 ROM:0000407C 6E DCB 0x6E ; n ROM:0000407D 67 DCB 0x67 ; g ROM:0000407E 65 DCB 0x65 ; e ROM:0000407F 52 DCB 0x52 ; R ROM:00004080 01 00 02 00 DCD 0x20001 ROM:00004084 02 00 02 00 DCD 0x20002 ROM:00004088 00 00 00 00 DCD 0 ROM:0000408C 00 00 00 00 DCD 0 ROM:00004090 56 DCB 0x56 ; V ROM:00004091 6D DCB 0x6D ; m ROM:00004092 72 DCB 0x72 ; r ROM:00004093 44 DCB 0x44 ; D ROM:00004094 00 00 00 00 DCD 0 ROM:00004098 06 00 00 00 DCD 6 ROM:0000409C 00 00 00 00 DCD 0 ROM:000040A0 00 00 00 00 DCD 0 + serpilliere _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
