kaitai-io / kaitai_struct_formats

Kaitai Struct: library of binary file formats (.ksy)
http://formats.kaitai.io
712 stars 203 forks source link

add specification for Reolink firmware files #667

Open armijnhemel opened 1 year ago

armijnhemel commented 1 year ago

This is a spec to parse firmware files for IP cameras from the brand Reolink: https://reolink.com/

I have tested with several firmware files.

KOLANICH commented 1 year ago

IMHO id shouldn't be just reolink

KOLANICH commented 1 year ago

It should be clear to which data crc applies. Also the exact flavour of crc. #625 can be helpful.

KOLANICH commented 1 year ago

license: GPL-3.0 is ambigious, it should be either license: GPL-3.0-only or license: GPL-3.0-or-later.

KOLANICH commented 1 year ago

(64 + 76) should be sizeofs.

armijnhemel commented 1 year ago

(64 + 76) should be sizeofs.

How? No partition has been parsed at this point yet (and this value is needed to be able to find out where partitions start) so how can a size be computed? Maybe I am missing something obvious.

generalmimon commented 1 year ago

@KOLANICH:

license: GPL-3.0 is ambigious

Yes. SPDX treats it (https://spdx.org/licenses/GPL-3.0.html) as a deprecated alias of GPL-3.0-only, but I guess it was deprecated exactly for the reason you mentioned.

armijnhemel commented 1 year ago

@KOLANICH:

license: GPL-3.0 is ambigious

Yes. SPDX treats it (https://spdx.org/licenses/GPL-3.0.html) as a deprecated alias of GPL-3.0-only, but I guess it was deprecated exactly for the reason you mentioned.

I am simply oldskool!

generalmimon commented 1 year ago

@armijnhemel:

No partition has been parsed at this point yet (and this value is needed to be able to find out where partitions start) so how can a size be computed? Maybe I am missing something obvious.

Probably not obvious, but sizeof operators currently work only at compile time (they always evaluate to an integer known at compile time, which is only substituted in the resulting expression).

KOLANICH commented 1 year ago

How? No partition has been parsed at this point yet (and this value is needed to be able to find out where partitions start) so how can a size be computed? Maybe I am missing something obvious.

(sizeof<section> + sizeof<partition>) I guess.

armijnhemel commented 1 year ago

crc32

Which one?

name  id  size    polynomial  init    xor_out reflect_in  reflect_out check_value applications
XFER  crc32_xfer  32  0xaf    0   0x0 0   0   0xbd0be338  XFER
POSIX crc32_posix 32  0x4c11db7   0   0xffffffff  0   0   0x765e7680  CKSUM, POSIX
MPEG-2    crc32_mpeg_2    32  0x4c11db7   0xffffffff  0x0 0   0   0x376e6e7   MPEG-2
JAMCRC    crc32_jamcrc    32  0x4c11db7   0xffffffff  0x0 1   1   0x340bc6d9  JAMCRC
BZIP2 crc32_dect_b    32  0x4c11db7   0xffffffff  0xffffffff  0   0   0xfc891918  BZIP2, AAL5, DECT-B
  crc32   32  0x4c11db7   0xffffffff  0xffffffff  1   1   0xcbf43926  zlib, ISO-HDLC, ADCCP, V-42, XZ
Castagnoli    crc32_castagnoli    32  0x1edc6f41  0xffffffff  0xffffffff  1   1   0xe3069283  ISCSI, BASE91-C, INTERLAKEN
CD-ROM-EDC    crc32_cd_rom_edc    32  0x8001801b  0   0x0 1   1   0x6ec2edc4  CD-ROM-EDC
AIXM  crc32_aixm  32  0x814141ab  0   0x0 0   0   0x3010bf7f  AIXM
BASE91-D  crc32_base91_d  32  0xa833982b  0xffffffff  0xffffffff  1   1   0x87315576  BASE91-D
AUTOSAR   crc32_autosar   32  0xf4acfb13  0xffffffff  0xffffffff  1   1   0x1697d06a  AUTOSAR

I have absolutely no idea.

KOLANICH commented 1 year ago

If you have a sample and know a range of bytes, it can be brute-forced. And there are tools for it.

armijnhemel commented 1 year ago

How? No partition has been parsed at this point yet (and this value is needed to be able to find out where partitions start) so how can a size be computed? Maybe I am missing something obvious.

(sizeof<section> + sizeof<partition>) I guess.

This worked.

armijnhemel commented 1 year ago

If you have a sample and know a range of bytes, it can be brute-forced. And there are tools for it.

https://github.com/hn/reolink-camera/blob/master/unpack-novatek-firmware.pl#L101

https://reolink.com/download-center/

Knock yourself out, I am not going to invest time into something that is not relevant to me at all.

KOLANICH commented 1 year ago

According to the look-up table in the script it seems to be the ordinary variant of CRC-32.

hn commented 1 year ago

I have just found that pakler is a more advanced tool for working with pak files (and probably has all missing info for the file structure).

@vmallet @AT0myks