search

radareorg / ideas

4 stars 1 forks source link

Cisco IOS BIN #56

Open Maijin opened 8 years ago

Maijin commented 8 years ago

Apparently is a custom elf file format:

So maybe could be added like CGC bin was added https://github.com/radare/radare2/commit/6a517aa66b511d2943905fb6d14f93bee999e2cc from @ret2libc

XVilka commented 8 years ago

@Maijin looks like it can be implemented in the same ELF code, yep

radare commented 8 years ago

Any distributable sample out there?

On 11 Oct 2015, at 23:16, Anton Kochkov notifications@github.com wrote:

@Maijin looks like it can be implemented in the same ELF code, yep

— Reply to this email directly or view it on GitHub.

Maijin commented 8 years ago

Yep the example quoted in the article is here apparently http://certs4u.info/ciscoios/c2600/

http://certs4u.info/ciscoios/c2600/c2600-bino3s3-mz.123-22.bin

radare commented 8 years ago

those bins seems to load fine by r2, but capstone have many bugs for that arch, so the disasm is not as good as it should. gnu sparc disassembler seems to work better.

can someone paste the output of IDA disassembling this thing? maybe cisco have its own objdump tool too?

can we get this 2600.bin into our testsuite and write some tests for it?

On 12 Oct 2015, at 00:21, Maijin notifications@github.com wrote:

Yep http://certs4u.info/ciscoios/c2600/ http://certs4u.info/ciscoios/c2600/ — Reply to this email directly or view it on GitHub https://github.com/radare/radare2/issues/3442#issuecomment-147251272.

Maijin commented 8 years ago 
===============================
= IOS BIN Structure =
===============================
[ Elf header ]
[ SFX ]
[ 0xfeedface ]
[ Uncompressed image size ]
[ Compressed image size ]
[ Compressed image checksum ]
[ Uncompressed image checksum ]
[ PKzip data ]
===================================

Ida doesn't support it natively, see the doc

ret2libc commented 4 years ago

This issue has been moved from radareorg/radare2 to radareorg/ideas as we are trying to clean our backlog and this issue has probably been created a long while ago. This is an effort to help contributors understand what are the actionable items they can work on, prioritize issues better and help users find active/duplicated issues more easily. If this is not an enhancement/improvement/general idea but a bug, feel free to ask for re-transfer to main repo. Thanks for your understanding and contribution with this issue.