-
Notifications
You must be signed in to change notification settings - Fork 1.5k
/
extract.conf
95 lines (83 loc) · 4.16 KB
/
extract.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#######################################################################################################################################
# Default extraction rules, loaded when --extract is specified.
#
# <lower-case unique string from binwalk output text>:<desired file extension>:<command to execute>:<successful command return codes>:<False to not scan extracted files/directories>
#
# Note that %e is a place holder for the extracted file name.
#
# The %% place holder is used when a unique file path is required.
# For example '%%squashfs-root%%' will be replaced with 'squashfs-root-0'
# if 'squashfs-root' already exists.
#
# The following file types are handled internally by extractor plugins:
#
# o zlib
# o cpio
# o Raw LZMA/deflate streams
# o D-Link "ROMFSv9.0" file systems
#
# There are also alternative extractors for the following file formats, implemented as plugins:
#
# o gzip
# o lzma
# o xz
#
#######################################################################################################################################
# Assumes these utilities are installed in $PATH.
^gzip compressed data:gz:gzip -d -f '%e':0,2
^lzma compressed data:7z:7z e -y '%e':0,1
^xz compressed data:xz:7z e -y '%e':0,1
^bzip2 compressed data:bz2:bzip2 -d '%e'
^compress'd data:Z:gzip -d '%e'
^posix tar archive:tar:tar xvf '%e'
^rar archive data:rar:unrar e '%e'
^rar archive data:rar:unrar -x '%e' # This is for the 'free' version
^arj archive data.*comment header:arj:arj -y e '%e'
^lha:lha:lha efi '%e'
^iso 9660:iso:7z x '%e' -oiso-root
^microsoft cabinet archive:cab:cabextract '%e'
^osx dmg:dmg:7z x '%e'
^lzo compressed data:lzo:lzop -f -d '%e'
^intel hex:hex:srec_cat '%e' -Intel -Output '%e.bin' -Binary
^motorola s-record.*header$:srec:srec_cat '%e' -Motorola -Output '%e.bin' -Binary
# jar just does a better job of extracting zip files than either
# unzip or 7z.
#
# unzip does not support files that are "missing end of central directory header".
#
# 7z handles most zip files, but fails on some zip archives, inexplicably seeing
# only the *last* entry in the zip archive (though 7z thinks it succeeded). See
# StarCam firmware CH-sys-48.53.64.67.zip.
^zip archive data:zip:unzip -P '' -o '%e':0
^zip archive data:zip:jar xvf '%e':0
^zip archive data:zip:7z x -y '%e' -p '':0,1
# Try unsquashfs first, or if not installed, sasquatch
^squashfs filesystem:squashfs:unsquashfs -d '%%squashfs-root%%' '%e':0:False
^squashfs filesystem:squashfs:sasquatch -p 1 -le -d '%%squashfs-root%%' '%e':0:False
^squashfs filesystem:squashfs:sasquatch -p 1 -be -d '%%squashfs-root%%' '%e':0:False
# Try cramfsck first; if that fails, swap the file system and try again
^cramfs filesystem:cramfs:cramfsck -x '%%cramfs-root%%' '%e':0:False
^cramfs filesystem:cramfs:cramfsswap '%e' '%e.swap' && cramfsck -x '%%cramfs-root%%' '%e.swap':0:False
# Extract EXT filesystems using sleuth kit
^linux ext:ext:tsk_recover -i raw -f ext -a -v '%e' '%%ext-root%%':0:False
# Try mounting the file system (this requires root privileges)
^squashfs filesystem:squashfs:mkdir '%%squashfs-root%%' && mount -t squashfs '%e' '%%squashfs-root%%':0:False
^cramfs filesystem:cramfs:mkdir '%%cramfs-root%%' && mount -t cramfs '%e' '%%cramfs-root%%':0:False
^linux ext filesystem:ext2:mkdir '%%ext-root%%' && mount '%e' '%%ext-root%%':0:False
^romfs filesystem:romfs:mkdir '%%romfs-root%%' && mount -t romfs '%e' '%%romfs-root%%':0:False
# Use sviehb's jefferson.py tool for JFFS2 extraction
^jffs2 filesystem:jffs2:jefferson -d '%%jffs2-root%%' '%e':0:False
# Use ubi_reader tool for UBIFS extraction
^ubifs filesystem superblock node:ubi:ubireader_extract_files -o '%%ubifs-root%%' '%e':0:False
^ubi erase count header:ubi:ubireader_extract_files -o '%%ubifs-root%%' '%e':0:False
# Experimental yaffs extractor
^yaffs filesystem:yaffs:yaffshiv --auto --brute-force -f '%e' -d '%%yaffs-root%%':0:False
# These were extractors used from FMK that still need suitable replacements.
#^bff volume entry:bff:/opt/firmware-mod-kit/src/bff/bffxtractor.py '%e'
#^wdk file system:wdk:/opt/firmware-mod-kit/src/firmware-tools/unwdk.py '%e'
# Extract, but don't run anything
#^elf,:elf
#private key:key
#certificate:crt
#html document header
#xml document:xml