Add WinCE file extractor plugin

[ArtificialAmateur]

Originally issued in #469, but was failing the CI because of the lack of Python 2.7 support. Shouldn't be an issue now, but I cant reopen the original issue.

Overview

The WinCE Extractor is a plugin that allows a user to extract compressed and uncompressed files from a Windows Compact Embedded ROM/firmware image. The plugin is built in pure multi-platform Python3 and requires no external dependencies to be installed (other than Python3 and binwalk of course).

Usage

binwalk <input_file> -D bin or binwalk <input_file> -e

Before

Using the latest version of ReFirmLabs/binwalk

total 122M
-rw-rw-r-- 1 artificial artificial   95 Jun 15 01:18 6CDDDF
-rw-rw-r-- 1 artificial artificial 122M Jun 15 01:18 6CDDDF.7z

After

Using the latest version of KodaSec/binwalk

total 280M
-rw-rw-r-- 1 artificial artificial    95 Jun 15 01:24 6CDDDF
-rw-rw-r-- 1 artificial artificial  122M Jun 15 01:24 6CDDDF.7z
-rw-rw-r-- 1 artificial artificial  100K Jun 15 01:23 afd.dll
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 appdata.ini
-rw-rw-r-- 1 artificial artificial  282K Jun 15 01:23 arialbd.ttf
-rw-rw-r-- 1 artificial artificial  222K Jun 15 01:23 arialbi.ttf
-rw-rw-r-- 1 artificial artificial  203K Jun 15 01:23 ariali.ttf
-rw-rw-r-- 1 artificial artificial  115K Jun 15 01:23 arialk.ttf
-rw-rw-r-- 1 artificial artificial  151K Jun 15 01:23 arial.ttf
-rw-rw-r-- 1 artificial artificial  4.1K Jun 15 01:23 arms_log.dll
-rw-rw-r-- 1 artificial artificial   70K Jun 15 01:23 arms_writer_drv.dll
-rw-rw-r-- 1 artificial artificial   12K Jun 15 01:23 arms_writer_sys.dll
-rw-rw-r-- 1 artificial artificial  3.1K Jun 15 01:23 asterisk.wav
-rw-rw-r-- 1 artificial artificial   15K Jun 15 01:23 asyncmac.dll
-rw-rw-r-- 1 artificial artificial   79K Jun 15 01:23 atlce400.dll
-rw-rw-r-- 1 artificial artificial  6.7K Jun 15 01:23 autoras.dll
-rw-rw-r-- 1 artificial artificial   10K Jun 15 01:23 battery.dll
-rw-rw-r-- 1 artificial artificial   13K Jun 15 01:23 binfs.dll
-rw-rw-r-- 1 artificial artificial   36K Jun 15 01:23 boot.hv
-rw-rw-r-- 1 artificial artificial   12K Jun 15 01:23 busenum.dll
-rw-rw-r-- 1 artificial artificial  5.9M Jun 15 01:24 Cardio.exe
-rw-rw-r-- 1 artificial artificial  9.5K Jun 15 01:23 ceconfig.h
-rw-rw-r-- 1 artificial artificial   13K Jun 15 01:23 ceddk.dll
-rw-rw-r-- 1 artificial artificial  270K Jun 15 01:23 ceshell.dll
-rw-rw-r-- 1 artificial artificial   134 Jun 15 01:23 close.2bp
-rw-rw-r-- 1 artificial artificial  3.4K Jun 15 01:23 close.wav
-rw-rw-r-- 1 artificial artificial  369K Jun 15 01:23 commctrl.dll
-rw-rw-r-- 1 artificial artificial   63K Jun 15 01:23 commdlg.dll
-rw-rw-r-- 1 artificial artificial  121K Jun 15 01:23 connmc.exe
-rw-rw-r-- 1 artificial artificial  8.2K Jun 15 01:23 connpnl.cpl
-rw-rw-r-- 1 artificial artificial  3.6K Jun 15 01:23 conshid.dll
-rw-rw-r-- 1 artificial artificial   16K Jun 15 01:23 control.exe
-rw-rw-r-- 1 artificial artificial    23 Jun 15 01:23 control.lnk
-rw-rw-r-- 1 artificial artificial   739 Jun 15 01:23 copyrts.txt
-rw-rw-r-- 1 artificial artificial  530K Jun 15 01:23 coredll.dll
-rw-rw-r-- 1 artificial artificial  178K Jun 15 01:23 cplmain.cpl
-rw-rw-r-- 1 artificial artificial  4.6K Jun 15 01:23 credprov.dll
-rw-rw-r-- 1 artificial artificial   45K Jun 15 01:23 credsvc.dll
-rw-rw-r-- 1 artificial artificial  3.0K Jun 15 01:23 critical.wav
-rw-rw-r-- 1 artificial artificial  445K Jun 15 01:23 crypt32.dll
-rw-rw-r-- 1 artificial artificial   27K Jun 15 01:23 cryptdll.dll
-rw-rw-r-- 1 artificial artificial  6.8K Jun 15 01:23 ctlpnl.exe
-rw-rw-r-- 1 artificial artificial   22K Jun 15 01:23 cxport.dll
-rw-rw-r-- 1 artificial artificial  160K Jun 15 01:23 default.hv
-rw-rw-r-- 1 artificial artificial  2.7K Jun 15 01:23 default.wav
-rw-rw-r-- 1 artificial artificial   144 Jun 15 01:23 desktopdirectory.ini
-rw-rw-r-- 1 artificial artificial  2.1K Jun 15 01:23 device.exe
-rw-rw-r-- 1 artificial artificial   34K Jun 15 01:23 devmgr.dll
-rw-rw-r-- 1 artificial artificial   26K Jun 15 01:23 dhcp.dll
-rw-rw-r-- 1 artificial artificial   40K Jun 15 01:24 dict_chn.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_cze.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_dan.dll
-rw-rw-r-- 1 artificial artificial   70K Jun 15 01:24 dict_dut.dll
-rw-rw-r-- 1 artificial artificial   65K Jun 15 01:24 dict_eng.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_fin.dll
-rw-rw-r-- 1 artificial artificial   72K Jun 15 01:24 dict_fra.dll
-rw-rw-r-- 1 artificial artificial   73K Jun 15 01:24 dict_ger.dll
-rw-rw-r-- 1 artificial artificial   70K Jun 15 01:24 dict_hun.dll
-rw-rw-r-- 1 artificial artificial   68K Jun 15 01:24 dict_ita.dll
-rw-rw-r-- 1 artificial artificial   46K Jun 15 01:24 dict_jpn.dll
-rw-rw-r-- 1 artificial artificial   46K Jun 15 01:24 dict_kor.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_nor.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_pol.dll
-rw-rw-r-- 1 artificial artificial   67K Jun 15 01:24 dict_por.dll
-rw-rw-r-- 1 artificial artificial   70K Jun 15 01:24 dict_rus.dll
-rw-rw-r-- 1 artificial artificial   68K Jun 15 01:24 dict_slo.dll
-rw-rw-r-- 1 artificial artificial   72K Jun 15 01:24 dict_spa.dll
-rw-rw-r-- 1 artificial artificial   66K Jun 15 01:24 dict_swe.dll
-rw-rw-r-- 1 artificial artificial  9.3K Jun 15 01:23 diskcache.dll
-rw-rw-r-- 1 artificial artificial   18K Jun 15 01:23 dm9isa.DLL
-rw-rw-r-- 1 artificial artificial  3.1K Jun 15 01:23 dnsapi.dll
-rw-rw-r-- 1 artificial artificial  112K Jun 15 01:23 dssdh.dll
-rw-rw-r-- 1 artificial artificial  128M Jun 15 01:23 E0000.bin
-rw-rw-r-- 1 artificial artificial  3.9K Jun 15 01:23 empty.wav
-rw-rw-r-- 1 artificial artificial  6.8K Jun 15 01:23 ethman.dll
-rw-rw-r-- 1 artificial artificial  9.0K Jun 15 01:23 exclam.wav
-rw-rw-r-- 1 artificial artificial    24 Jun 15 01:23 explore.lnk
-rw-rw-r-- 1 artificial artificial  259K Jun 15 01:23 explorer.exe
-rw-rw-r-- 1 artificial artificial   55K Jun 15 01:23 fatfsd.dll
-rw-rw-r-- 1 artificial artificial   35K Jun 15 01:23 fatutil.dll
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 favorites.ini
-rw-rw-r-- 1 artificial artificial  219K Jun 15 01:23 filesys.exe
-rw-rw-r-- 1 artificial artificial   27K Jun 15 01:23 FLASHDRV.DLL
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 fonts.ini
-rw-rw-r-- 1 artificial artificial   74K Jun 15 01:23 fsdmgr.dll
-rw-rw-r-- 1 artificial artificial  2.3M Jun 15 01:23 gulim.ac3
-rw-rw-r-- 1 artificial artificial  726K Jun 15 01:23 gwes.exe
-rw-rw-r-- 1 artificial artificial   12K Jun 15 01:23 hecspi_drv.dll
-rw-rw-r-- 1 artificial artificial   28K Jun 15 01:23 hidparse.dll
-rw-rw-r-- 1 artificial artificial   70K Jun 15 01:23 httplite.dll
-rw-rw-r-- 1 artificial artificial  7.2K Jun 15 01:23 I2CDrv.dll
-rw-rw-r-- 1 artificial artificial   27K Jun 15 01:23 IECEExt.dll
-rw-rw-r-- 1 artificial artificial  5.6K Jun 15 01:23 infbeg.wav
-rw-rw-r-- 1 artificial artificial  1.8K Jun 15 01:23 infend.wav
-rw-rw-r-- 1 artificial artificial  2.1K Jun 15 01:23 infintr.wav
-rw-rw-r-- 1 artificial artificial  7.2K Jun 15 01:23 initdb.ini
-rw-rw-r-- 1 artificial artificial   19K Jun 15 01:23 initobj.dat
-rw-rw-r-- 1 artificial artificial   48K Jun 15 01:23 intll.cpl
-rw-rw-r-- 1 artificial artificial   51K Jun 15 01:23 iphlpapi.dll
-rw-rw-r-- 1 artificial artificial  7.7K Jun 15 01:23 kbdhid.dll
-rw-rw-r-- 1 artificial artificial   28K Jun 15 01:23 kbdmouse.dll
-rw-rw-r-- 1 artificial artificial  183K Jun 15 01:23 kerberos.dll
-rw-rw-r-- 1 artificial artificial  9.1K Jun 15 01:23 lap_pw.dll
-rw-rw-r-- 1 artificial artificial   14K Jun 15 01:23 lassd.dll
-rw-rw-r-- 1 artificial artificial   834 Jun 15 01:23 menupop.wav
-rw-rw-r-- 1 artificial artificial   360 Jun 15 01:23 menusel.wav
-rw-rw-r-- 1 artificial artificial  403K Jun 15 01:23 mfcce400.dll
-rw-rw-r-- 1 artificial artificial  483K Jun 15 01:23 MiniWnnDLL.dll
-rw-rw-r-- 1 artificial artificial  5.7K Jun 15 01:23 mmtimer.dll
-rw-rw-r-- 1 artificial artificial   24K Jun 15 01:23 modemserial.dll
-rw-rw-r-- 1 artificial artificial  4.1K Jun 15 01:23 MouHid.dll
-rw-rw-r-- 1 artificial artificial   40K Jun 15 01:23 msasn1.dll
-rw-rw-r-- 1 artificial artificial  2.4M Jun 15 01:23 msgothic.ac3
-rw-rw-r-- 1 artificial artificial   19K Jun 15 01:23 mspart.dll
-rw-rw-r-- 1 artificial artificial  700K Jun 15 01:23 msxml3.dll
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 mydocuments.ini
-rw-rw-r-- 1 artificial artificial  127K Jun 15 01:23 ndis.dll
-rw-rw-r-- 1 artificial artificial  5.2K Jun 15 01:23 ndispwr.dll
-rw-rw-r-- 1 artificial artificial   22K Jun 15 01:23 ndisuio.dll
-rw-rw-r-- 1 artificial artificial   35K Jun 15 01:23 netbios.dll
-rw-rw-r-- 1 artificial artificial  3.5K Jun 15 01:23 netmui.dll
-rw-rw-r-- 1 artificial artificial  198K Jun 15 01:23 netui.dll
-rw-rw-r-- 1 artificial artificial 1014K Jun 15 01:23 nk.exe
-rw-rw-r-- 1 artificial artificial   34K Jun 15 01:23 notify.dll
-rw-rw-r-- 1 artificial artificial  8.7K Jun 15 01:23 nspm.dll
-rw-rw-r-- 1 artificial artificial   38K Jun 15 01:23 ntlmssp.dll
-rw-rw-r-- 1 artificial artificial   53K Jun 15 01:23 ohci.dll
-rw-rw-r-- 1 artificial artificial   134 Jun 15 01:23 ok.2bp
-rw-rw-r-- 1 artificial artificial  162K Jun 15 01:23 ole32.dll
-rw-rw-r-- 1 artificial artificial  172K Jun 15 01:23 oleaut32.dll
-rw-rw-r-- 1 artificial artificial  264K Jun 15 01:23 olece400.dll
-rw-rw-r-- 1 artificial artificial  3.4K Jun 15 01:23 openprog.wav
-rw-rw-r-- 1 artificial artificial  4.2K Jun 15 01:23 pbutton.dll
-rw-rw-r-- 1 artificial artificial   13K Jun 15 01:23 pcl.dll
-rw-rw-r-- 1 artificial artificial   74K Jun 15 01:23 pm.dll
-rw-rw-r-- 1 artificial artificial  108K Jun 15 01:23 ppp.dll
-rw-rw-r-- 1 artificial artificial  4.0K Jun 15 01:23 prnerr.dll
-rw-rw-r-- 1 artificial artificial  7.6K Jun 15 01:23 prnport.dll
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 programfiles.ini
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 programs.ini
-rw-rw-r-- 1 artificial artificial  1.8K Jun 15 01:23 question.wav
-rw-rw-r-- 1 artificial artificial  3.4K Jun 15 01:23 recend.wav
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 recent.ini
-rw-rw-r-- 1 artificial artificial  3.4K Jun 15 01:23 recstart.wav
-rw-rw-r-- 1 artificial artificial  128K Jun 15 01:23 redir.dll
-rw-rw-r-- 1 artificial artificial  5.1K Jun 15 01:23 regenum.dll
-rw-rw-r-- 1 artificial artificial   34K Jun 15 01:23 rnaapp.exe
-rw-rw-r-- 1 artificial artificial  167K Jun 15 01:23 rsaenh.dll
-rw-rw-r-- 1 artificial artificial  146K Jun 15 01:23 s3c2440disp.dll
-rw-rw-r-- 1 artificial artificial  109K Jun 15 01:23 schannel.dll
-rw-rw-r-- 1 artificial artificial   41K Jun 15 01:23 sdbus.dll
-rw-rw-r-- 1 artificial artificial   23K Jun 15 01:23 SDHC_SC2440.dll
-rw-rw-r-- 1 artificial artificial   12K Jun 15 01:23 sdmemory.dll
-rw-rw-r-- 1 artificial artificial   12K Jun 15 01:23 secur32.dll
-rw-rw-r-- 1 artificial artificial   30K Jun 15 01:23 ser2440.dll
-rw-rw-r-- 1 artificial artificial   26K Jun 15 01:23 serial.dll
-rw-rw-r-- 1 artificial artificial   30K Jun 15 01:23 services.exe
-rw-rw-r-- 1 artificial artificial  8.8K Jun 15 01:23 shcore.dll
-rw-rw-r-- 1 artificial artificial  180K Jun 15 01:23 shdocvw.dll
-rw-rw-r-- 1 artificial artificial  126K Jun 15 01:23 shlwapi.dll
-rw-rw-r-- 1 artificial artificial  5.3M Jun 15 01:23 simsun.ac3
-rw-rw-r-- 1 artificial artificial   38K Jun 15 01:23 spnego.dll
-rw-rw-r-- 1 artificial artificial  383K Jun 15 01:23 sqlcese30.sys.dll
-rw-rw-r-- 1 artificial artificial   29K Jun 15 01:23 ssllsp.dll
-rw-rw-r-- 1 artificial artificial    69 Jun 15 01:23 startup.ini
-rw-rw-r-- 1 artificial artificial  8.4K Jun 15 01:23 startup.wav
-rw-rw-r-- 1 artificial artificial  1.1K Jun 15 01:23 stdsm.2bp
-rw-rw-r-- 1 artificial artificial  2.0K Jun 15 01:23 stdsm.bmp
-rw-rw-r-- 1 artificial artificial  8.4K Jun 15 01:23 sysroots.p7b
-rw-rw-r-- 1 artificial artificial   16K Jun 15 01:23 system_drv.dll
-rw-rw-r-- 1 artificial artificial  532K Jun 15 01:23 t9jpn.dll
-rw-rw-r-- 1 artificial artificial  126K Jun 15 01:23 tahoma.ttf
-rw-rw-r-- 1 artificial artificial   61K Jun 15 01:23 tapi.dll
-rw-rw-r-- 1 artificial artificial  308K Jun 15 01:23 tcpstk.dll
-rw-rw-r-- 1 artificial artificial   25K Jun 15 01:23 timesvc.dll
-rw-rw-r-- 1 artificial artificial   43K Jun 15 01:23 unimodem.dll
-rw-rw-r-- 1 artificial artificial   19K Jun 15 01:23 usbd.dll
-rw-rw-r-- 1 artificial artificial   17K Jun 15 01:23 usbdisk6.dll
-rw-rw-r-- 1 artificial artificial   17K Jun 15 01:23 usbhid.dll
-rw-rw-r-- 1 artificial artificial   15K Jun 15 01:23 usbmsc.dll
-rw-rw-r-- 1 artificial artificial   13K Jun 15 01:23 usbprn.dll
-rw-rw-r-- 1 artificial artificial   36K Jun 15 01:23 user.hv
-rw-rw-r-- 1 artificial artificial   838 Jun 15 01:23 viewsm.2bp
-rw-rw-r-- 1 artificial artificial  1.7K Jun 15 01:23 viewsm.bmp
-rw-rw-r-- 1 artificial artificial  1.9M Jun 15 01:23 wince.nls
-rw-rw-r-- 1 artificial artificial  2.7K Jun 15 01:23 windmax.wav
-rw-rw-r-- 1 artificial artificial  2.8K Jun 15 01:23 windmin.wav
-rw-rw-r-- 1 artificial artificial   48K Jun 15 01:23 windowsce.bmp
-rw-rw-r-- 1 artificial artificial  4.8K Jun 15 01:23 winsock.dll
-rw-rw-r-- 1 artificial artificial   35K Jun 15 01:23 ws2.dll
-rw-rw-r-- 1 artificial artificial  7.3K Jun 15 01:23 ws2instl.dll
-rw-rw-r-- 1 artificial artificial  7.9K Jun 15 01:23 wspm.dll

And yes, it does produce readable files:

[ArtificialAmateur]

@devttys0 bump

[SourceCodeDeleted]

@ArtificialAmateur @devttys0 This doesn't work for me. Is this completely merged or is something additional needed to work?

[ArtificialAmateur]

@ArtificialAmateur @devttys0 This doesn't work for me. Is this completely merged or is something additional needed to work?

This branch has not been merged into master, are you operating off of the Kodasec fork? If so, please test the independent tool wince-extractor.

[SourceCodeDeleted]

@ArtificialAmateur @devttys0 This doesn't work for me. Is this completely merged or is something additional needed to work?

This branch has not been merged into master, are you operating off of the Kodasec fork? If so, please test the independent tool wince-extractor.

I tested and it failed. I opened an issue for it. Let me know if you can help please. @ArtificialAmateur

[ArtificialAmateur]

@ArtificialAmateur @devttys0 This doesn't work for me. Is this completely merged or is something additional needed to work?

This branch has not been merged into master, are you operating off of the Kodasec fork? If so, please test the independent tool wince-extractor.

I tested and it failed. I opened an issue for it. Let me know if you can help please. @ArtificialAmateur

The current version of the code only supports the x86 systems as those are the systems we had on hand when reverse engineering, the WinCE compression algorithm does e8 (x86 specific instruction) preprocessing.

[stkw0]

Are you still interested in maintain this plugin and the wince-decompt python module?

[ArtificialAmateur]

Are you still interested in maintain this plugin and the wince-decompt python module?

Sorry I dont have the time anymore to maintain this code myself. Open to anyone else wanting to take it over.

[stkw0]

Okay. I merged your PR to a fork of binwalk. I will be maintaing the plugin there to the best of my efforts.