rajeevkallur
commented
8 months ago @commonism , Please try binwalk on .fwpkg files. This is the format going forward.
Closed commonism closed 5 months ago
rajeevkallur
commented
8 months ago @commonism , Please try binwalk on .fwpkg files. This is the format going forward.
commonism
commented
8 months ago Extracting the iLO6 format is not supported by anything I'm aware of or documented.
binwalk -Mre SC_U54_ME_06.00.04.031.0.fwpkg
Scan Time: 2024-03-18 08:48:24
Target File: /tmp/SC_U54_ME_06.00.04.031.0.fwpkg
MD5 Checksum: 5b55f255c2cc225f9a25b6301f84b538
Signatures: 424
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
WARNING: Extractor.execute failed to run external extractor 'jar xvf '%e'': [Errno 2] No such file or directory: 'jar', 'jar xvf '%e'' might not be installed correctly
2115 0x843 Zip archive data, at least v2.0 to extract, compressed size: 9407, uncompressed size: 9407, name: payload.json
11564 0x2D2C Zip archive data, at least v2.0 to extract, compressed size: 8390837, uncompressed size: 8390837, name: SC_U54_ME_06.00.04.031.0.signed.bin
8402466 0x803622 Zip archive data, at least v2.0 to extract, compressed size: 3563, uncompressed size: 23470, name: SC_U54_ME_06.00.04.031.0.xml
8406300 0x80451C End of Zip archive, footer length: 22
Scan Time: 2024-03-18 08:48:25
Target File: /tmp/_SC_U54_ME_06.00.04.031.0.fwpkg-1.extracted/SC_U54_ME_06.00.04.031.0.xml
MD5 Checksum: 2b90e2176776441ccb312662f395eec4
Signatures: 424
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 XML document, version: "1.0"
Scan Time: 2024-03-18 08:48:25
Target File: /tmp/_SC_U54_ME_06.00.04.031.0.fwpkg-1.extracted/SC_U54_ME_06.00.04.031.0.signed.bin
MD5 Checksum: 183f7dfce1da8ad0f71d01ef9ec8c8d4
Signatures: 424
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
874480 0xD57F0 ESP Image (ESP32): segment count: 5, flash mode: QUIO, flash speed: 40MHz, flash size: 1MB, entry address: 0x4400
1416116 0x159BB4 ESP Image (ESP32): segment count: 0, flash mode: QUIO, flash speed: 40MHz, flash size: 1MB, entry address: 0x0
1927164 0x1D67FC ESP Image (ESP32): segment count: 5, flash mode: QUIO, flash speed: 40MHz, flash size: 1MB, entry address: 0x4400
2488372 0x25F834 ESP Image (ESP32): segment count: 0, flash mode: QUIO, flash speed: 40MHz, flash size: 1MB, entry address: 0x0
Scan Time: 2024-03-18 08:48:26
Target File: /tmp/_SC_U54_ME_06.00.04.031.0.fwpkg-1.extracted/payload.json
MD5 Checksum: fd18a184404b9d08651bf6a99904272e
Signatures: 424
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------Using https://github.com/airbus-seclab/ilo4_toolbox next:
ilo4_toolbox/scripts/iLO5# python3 ilo5_extract.py /tmp/_SC_U54_ME_06.00.04.031.0.fwpkg-1.extracted/SC_U54_ME_06.00.04.031.0.signed.bin /tmp/x
[+] iLO HPIMAGE header :
> img_magic : HPIMAGE
> version major : 0x1
> version minor : 0x1
> field_A : 0x00
> device id : MANAGEMENT_ENG
0000 77 56 4e b3 dc 21 d3 45 87 2b 42 f7 6f ee 90 53 wVN..!.E.+B.o..S
> field_1C : 0x0
> field_20 : 0x0
> field_24 : 0x0
> field_28 : 0x0
> field_2C : 0x0
> field_30 : 0x0
> field_34 : 0x0
> field_38 : 0x0
> field_3C : 0xd0107e7
> version : 06.00.04.031
> name : U54 ME Seamless Update Image
> gap
[+] iLO boot block footer:
> module : b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
> fw_magic : 0xffffffff
> header_type : 0xffffffff
> field_28 : 0x-1
> type : 0x-1
> flags : 0xffffffff
> field_30 : 0xffffffff
> field_34 : 0xffffffff
> field_38 : 0xffffffff
> backward_crc_offset : 0xffffffff
> forward_crc_offset : 0xffffffff
> img_crc : 0xffffffff
> compressed_size : 0xffffffff
> decompressed_size : 0xffffffff
> field_50 : 0xffffffff
> field_54 : 0xffffffff
> crypto_params_index : 0xffff
> crypto_params_index 2 : 0xffff
> header_crc : 0xffffffff
> field_60 : 0xffffffff
> field_64 : 0xffffffff
> field_68 : 0xffffffff
> field_6C : 0xffffffff
> field_70 : 0xffffffff
> field_74 : 0xffffffff
> field_78 : 0xffffffff
> field_7C : 0xffffffff
> copyright : b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff'
> signature
0000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0020 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0030 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0040 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0050 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0060 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0070 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0080 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0090 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00b0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00e0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0100 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0110 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0120 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0130 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0140 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0150 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0160 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0170 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0180 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0190 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01a0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01b0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01e0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
01f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
> fw_magic_end : 0xffffffff
[+] header crc ok: 0xe2b03c14
[x] failed to check header crc: 0xffffffffNot an issue from our end.
commonism
commented
5 months ago As it is very inconvenient and error prone to interface HPE Oem Extensions without description documents, and HPE is the only one in a position to provide these documents, I'd be glad if you'd reconsider this.
The implementation provided by HPE project does qualify, it does not include any type of data validation, and it is up to the user to make sure the data received matches the documentation. Not having a validating client library requires validation in the application code, in best duplicating the effort for all users, worst case, running without validation. As shown in the examples provided by HPE - rebooting a server in 50 lines without any data validation: https://github.com/HewlettPackard/python-ilorest-library/blob/7094f3a8b4bce5951a60a6e9ea6030d748b14e02/examples/Redfish/reboot_server.py#L27-L72
For generic tasks such as rebooting a server, the DMTF OpenAPI3 description documents can be used to validate when interfacing HPE devices, this allows moving the validation to the client library and limits the application to the code required for the functionality, e.g. - rebooting a server, 6 lines, complete validation in the client library.
config = aiopenapi3_redfish.Config(target=url, username=auth[0], password=auth[1])
c = aiopenapi3_redfish.client.AsyncClient(config, api)
api.authenticate(None, basicAuth=(auth[0], auth[1]))
await c.asyncInit()
system = await c.Systems.index("System.Embedded.1")
await system.Reset("PowerCycle")For the Oem extensions provided by HPE e.g. HpeAutomaticCertEnrollment there is no option of validation without description documents.
Description documents will boost the customer value of HPE Oem extensions. Currently HPE iLO has Oem extensions, but description documents will actually make them usable to your customers - existing customers and new customers, those who already paid for the development and those whom you need to pay for the development tomorrow.
Hi,
I'm with the aiopenapi3_redfish project and just wanted to ask for iLO6 OpenAPI description documents. From what I can see HPE is best in town wrt. to Redfish OpenAPI documentation, and I'd like to make sure I got basics covered for HPE as well. I do not have any access to HPE devices, tried binwalk on U30_3.00_10_19_2023.signed.flash without any success and therefore would appreciate if could help me out.