526互联

windows下利用binwalk解压缩initramfs

发布时间 2023-05-21 09:16:57作者: 陈晓猫

windows下利用binwalk解压缩initramfs
1、python Python下载-Python官方版下载[编程工具]-华军软件园https://www.onlinedown.net/soft/14542.htm

勾选最下面的Add python.exe to PATH,然后选择自定义安装,安装到D:\Python312-32目录,勾选添加到环境变量。

python环境变量设置.vbs

dim msg
msg=msgbox("运行脚本将会改写环境变量,确定运行吗?",vbokcancel+vbexclamation,"运行脚本确认")
if msg=vbok then
dim wsh
Set wsh = WScript.CreateObject("WScript.Shell")
wsh.Environment("system").Item("path")="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;%ProgramFiles(x86)%\7-Zip;%ProgramFiles%\7-Zip;D:\Python312-32\;D:\Python312-32\Scripts"
'wsh.Environment("user").Item("path")="%USERPROFILE%\AppData\Local\Microsoft\WindowsApps;%ProgramFiles(x86)%\7-Zip;%ProgramFiles%\7-Zip"
end if
msg2=msgbox("环境变量已修改,建议重启下explorer的shell。",vbokcancel+vbexclamation,"环境变量已修改")

 

2、按照教程安装binwalk for windows:

Windows平台下安装binwalk_binwalk下载_烟雨天青色的博客-CSDN博客
https://blog.csdn.net/qq_38603541/article/details/126557575

安装binwalk2.3.2.bat

@echo off
rem 把python安装到D:\Python312-32\,在系统变量中添加D:\Python312-32\;D:\Python312-32\Scripts
cd /d F:\bak\cpio_for_windows\binwalk-2.3.2
python.exe setup.py install
cd /d D:\Python312-32\Scripts
python.exe binwalk -h
echo 完成
echo 运行示例:python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz
&pause

3、在windows下运行binwalk查看initrd隐藏的数据地址:

cd /d J:\initramfs
python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz

J:\initramfs>python.exe D:\Python312-32\Scripts\binwalk J:\initramfs\initrd.lz

DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
120 0x78 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
244 0xF4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
376 0x178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
540 0x21C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00696000"
6906544 0x6962B0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
6906880 0x696400 gzip compressed data, from Unix, last modified: 2023-04-27 07:39:43
28509790 0x1B3065E gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
28705404 0x1B6027C gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
28746257 0x1B6A211 gzip compressed data, from NTFS filesystem (NT), last modified: 1970-01-01 00:00:00 (null date)
36012220 0x22580BC LZ4 compressed data, legacy

4、ubuntu 下的文件系统initramfs解压缩_lsinitramfs_Robert_Y_Zhang的博客-CSDN博客
https://blog.csdn.net/weixin_40191420/article/details/107486888

5、进入ubuntu中,运行命令提取initrd中隐藏的压缩文件。
cd /d J:\initramfs
dd if=initrd.lz bs=6906880 skip=1 | zcat | cpio -id --no-absolute-filenames -v

cd /d J:\linux2\Mageia
dd if=initrd.img bs=3690496 skip=1 | xzcat | cpio -id --no-absolute-filenames -v

zcat 支持处理不同类型的文件,以There are plenty of filetypes available with zcat, so you can handle tar, cpio, dmg, jar 等文件。

要记住的最后一件事是,zcat 只能用来处理 gzip 文件,如果你想处理其他文件,比如 xz 文件,你可以使用 xzcat 代替 zcat。 zcat 命令是一个极其强大的文件压缩/解压缩工具,它能够处理 .gz 文件,并且还支持多种文件类型,例如 tar、cpio 等。它的使用非常简单,用户只需要在终端中输入 zcat 相关命令,即可处理你想要的解压缩文件。