Unpack and repack a firmware update

From ArchosDocs

Jump to: navigation, search

On this page we will explain the process of adding a sample application to a target firmware. We will add a telnet daemon to a pre-patched firmware version 1.7.02. For this task you will need to have aos-tools already compiled and installed on your system.

As you might understand from reading the AOS_update_from_file() disassembly, a .aos file is a container. It contains 'blocks' of data that are parsed to update the firmware. These blocks are read in the order they appear in the .aos file when the firmware is being updated.

The aos-unpack tool will parse a .aos file and write a file named digest. The digest contains one line for each block in the .aos file. In a normal firmware file you will find bootloader parts (FLSH blocks), some files will be replaced (COPY blocks), and some old files will be deleted (DLET blocks). Now the aos-unpack tool will extract the data from every FLSH and COPY blocks and conveniently write them to the disk so you can modify them easily.

In addition, the aos-unpack tool will analyse every FLSH and COPY blocks and it will write two small shell scripts: unpack.sh and repack.sh. A normal firmware update will contain many files that can be further decompressed, for example, the cramfs files are crompressed filesystems, and the bootloader typically contains two cpio filesystems used to bootstrap from the kernel into the rootfs. The unpack.sh script will decompress these files so you can modify their contents, and then repack.sh can compress them again the way they were.

Lastly the aos-repack tool will read the digest file and create a new .aos file that you can flash on your device. So the whole process is like this:

aos-unpack > unpack.sh > modify the firmware > repack.sh > aos-repack

Unpacking

Now the first step is to download a pre-patched firmware update and decompress it. We will be using this firmware, version 1.7.02.

aos-unpack firmware-a57-1.7.02-patched.aos
cd firmware-a57-1.7.02-patched
sudo bash unpack.sh

The reason why we want to execute unpack.sh as root is because we want to preserve the file permissions on the filesystems that are exctracted. After these simple commands you will have the contents of the rootfs in the firmware-a57-1.7.02-patched/unpacked/rootfs.cramfs/ folder, and this is where we will install telnetd.

Modifying

You can do whatever you want to the firmware at this point, so as an example we will install telnetd. Remember that we are working in the firmware-a57-1.7.02-patched/unpacked/rootfs.cramfs/ folder. First, copy the telnetd executable to usr/sbin/. Remember that the permissions you set on this file will be the permissions that will be kept on your device, so we need to make telnetd executable:

sudo chmod a+rx telnetd

Now open etc/inittab as root in a text editor, and add this line just above avos_helper.sh:

::sysinit:/usr/sbin/telnetd -l /bin/sh -d

And that's all, telnetd will start as root when your device boots.

Repacking

Repacking is very simple:

cd firmware-a57-1.7.02-patched
sudo bash repack.sh
sudo aos-repack digest

You will have a file created, output.aos, which is ready to be installed on your device. After that is done, connect to a wireless access point and enjoy to the telnet daemon on your device!

Personal tools