How to update a file in firmware initramfs image

575 views
Skip to first unread message

Pander

unread,
Jan 31, 2018, 9:49:35 AM1/31/18
to BeagleBoard
Hi all,

I have a device with a black Beagle Bone and I would like to update a file inside the firmware from which the device boots. I don't have the original source code. At the moment I use the following steps on a 64-bit GNU/Linux desktop (Ubuntu) to try to accomplish this, but unfortunately the device does not boot from the resulting firmware. What do I need to change in order to alter an image successfully?

sudo su
tar xf FIRMWARE.tar.gz
mkimage -l initramfs.bin.SD
tail -c+65 < initramfs.bin.SD > Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio.gz
mv initramfs.bin.SD initramfs.bin.SD.orig
gunzip  Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio.gz
mkdir unpacked
cd unpacked
cat ../Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio | cpio -i
# here change a text file
mkdir ../new
find . | cpio -H newc -o > ../new/Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio
cd ../new
gzip -9 Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio
mv Angstrom-xxxxxxxx_m-eglibc-ipk-v2013.06-beaglebone.rootfs.cpio.gz initramfs.gz
mkimage -A arm -O linux -n Angstrom-xxxxxxxx_m-eglibc-ipk-v -d initramfs.gz ../initramfs.bin.SD
cd ..
tar cfvz FIRMWARE_new.tar.gz am335x-boneblack-xxxxxxxxx.dtb initramfs.bin.SD runme.sh
# use FIRMWARE_new.tar.gz to install on a running device and reboot

Thanks,

Pander

Pander

unread,
Feb 6, 2018, 7:24:35 AM2/6/18
to BeagleBoard
Is adding "-T ramdisk" to the final mkimage needed? Or perhaps omitting the "-9" in the gzip?

Jason Kridner

unread,
Feb 6, 2018, 5:16:05 PM2/6/18
to beagl...@googlegroups.com
We chatted for a while on IRC, but most of the pertinent information is still missing from your post. Did you create a backup from an eMMC somehow? You didn’t even provide a boot log. See Smart Questions on bbb.io/chat.
On Tue, Feb 6, 2018 at 7:24 AM Pander <pan...@users.sourceforge.net> wrote:
Is adding "-T ramdisk" to the final mkimage needed? Or perhaps omitting the "-9" in the gzip?

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/43756d69-f97a-4781-a841-09cc8c909429%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--

Pander

unread,
Feb 16, 2018, 12:28:25 PM2/16/18
to BeagleBoard


On Tuesday, 6 February 2018 23:16:05 UTC+1, Jason Kridner wrote:
We chatted for a while on IRC, but most of the pertinent information is still missing from your post. Did you create a backup from an eMMC somehow? You didn’t even provide a boot log. See Smart Questions on bbb.io/chat.


Jason, thanks for your reply. The device doesn't have a screen or anything. I do have original firmware and a firmware version modified by someone else. The manufacturer and that independent other person who modified it both won't give out how to unpack and pack. But for someone that has some experience with this, it should not be that difficult. Can I send firmware to you to have a look? Is only 12 MB. Thanks, Pander

Jason Kridner

unread,
Feb 20, 2018, 4:14:43 PM2/20/18
to beagl...@googlegroups.com
Can you post publicly with your description of how you are trying to modify it? 
 

--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.
--

Pander

unread,
Mar 3, 2018, 12:14:47 PM3/3/18
to BeagleBoard
Dear Jason,

Yes, please see https://etherpad.net/p/6593482373898978934789jkl

Best,

Pander

cmu...@gmail.com

unread,
Mar 3, 2018, 3:19:53 PM3/3/18
to BeagleBoard
He / we simply want to remove an instruction in the altered firmware, as the original stock firmware is insecure but the adjusted firmware, even though open source, has a pa

I just stumbled on this threat also looking for pointers on the same challenging file. i think we just need to be able to decompile this 12 MB file initramfs.bin.SD . once thats done and the file is readable, it should be easy to adjust, recompile and create our own custom FW.

in terminal i got some more intel on the file:

              |ZZ, Linux/ARM, RAMDisk Image (gzip), 12433818 bytes, TIMESTAMP, Load Address: 0x00000000, Entry Point: 0x00000000, Header CRC: 0xAD016372, Data CRC: 0xF726ECDB


I can also provide a kernel Log and Monitor log if needed to


Any pinput is still appreciated.


warmly,

chris



clinton...@gmail.com

unread,
Jul 11, 2018, 7:27:55 AM7/11/18
to BeagleBoard
Did you ever figure out the correct process Chris? I've been trying to figure this process out for about a month. 

Kindly,

-Clinton
Reply all
Reply to author
Forward
0 new messages