a set of scripts and tools for various firmware analysis tasks
parse-uboot-dump.py - Use this tool to parse the picocom output of a uboot memory dump and create a firmware.bin file from it. There is also little endian support (needed for fritz 7141 i.e.). I reccomend to create a binary from the parse-uboot-dump.py with:
pyinstaller parse-uboot-dump.py --onefile --clean
You can find the static binary in the ./dist folder which I use in the following example.
Let's say we dump some memory data like this from the uboot prompt and we have captured the output :
picocom -b 38400 -l -r /dev/ttyUSB0 --logfile `date +"%Y%m%d_%H%M%S"`_picocom.log
...
Eva_AVM >dm 0x90000000 1000
0x90000000: 0x40809000 0x40809800 0x401A6000 0x241BFFFE
0x90000010: 0x035BD024 0x3C1BFFBF 0x377BFFFF 0x035BD024
0x90000020: 0x409A6000 0x40806800 0x24080003 0x40888000
...
0x90000F60: 0x3C08A861 0x35081604 0x24090001 0xAD090000
0x90000F70: 0x00000000 0x03E00008 0xBC800000 0x24044000
0x90000F80: 0x24050010 0x3C068000 0x00C43821 0x00E53823
0x90000F90: 0xBCC00000 0x14C7FFFE 0x00C53021 0x03E00008
parse-uboot-dump -h
Usage: parse-uboot-dump [options]
Options:
-h, --help show this help message and exit
-i FILE, --infile=FILE
read data from FILE (required)
-o FILE, --outfile=FILE
write binary data to FILE (default: firmware.bin)
-l, --little-endian convert data to little endian (default:big endian)
-f, --force force overwrite existing outfile
-v, --verbose be verbose
We can now parse the picocom output and convert it to a nice firmware.bin file which has the correct little endian mapping already done:
parse-uboot-dump -i 20241026_232645_picocom.log -l
Now you can nicely binwalk through the binary "firmware.bin" or use xxd to analyze the data...
xxd firmware.bin
00000000: 0090 8040 0098 8040 0060 1a40 feff 1b24 ...@...@.`.@...$
00000010: 24d0 5b03 bfff 1b3c ffff 7b37 24d0 5b03 $.[....<..{7$.[.
00000020: 0060 9a40 0068 8040 0300 0824 0080 8840 .`.@.h.@...$...@
...
00000830: ffff 616e 6e65 7800 4200 7573 625f 6d61 ..annex.B.usb_ma
00000840: 6e75 6661 6374 7572 6572 5f6e 616d 6500 nufacturer_name.
00000850: 4156 4d00 7573 625f 7265 7669 7369 6f6e AVM.usb_revision
00000860: 5f69 6400 3078 3030 3030 0075 7362 5f64 _id.0x0000.usb_d
00000870: 6576 6963 655f 6964 0030 7830 3030 3000 evice_id.0x0000.
00000880: 5365 7269 616c 4e75 6d62 6572 0030 3030 SerialNumber.000
00000890: 3030 3030 3030 3030 3030 3030 3000 5072 0000000000000.Pr
000008a0: 6f64 7563 7449 4400 4672 6974 7a5f 426f oductID.Fritz_Bo
000008b0: 785f 3731 3431 0048 5752 6576 6973 696f x_7141.HWRevisio
000008c0: 6e00 3130 3800 7265 7365 7276 6564 0000 n.108.reserved..
000008d0: 626c 7565 746f 6f74 6800 0075 7362 5f72 bluetooth..usb_r
...
Happy coding, Jens