|
最近在解決一個問題,,需要解壓ubuntu的initrd來查看啟動腳本,。 $ file /boot/initrd.img-4.15.0-32-generic /boot/initrd.img-4.15.0-32-generic: ASCII cpio archive (SVR4 with no CRC) $mkdir rootfs $cd rootfs $cpio -idvm < /boot/initrd.img-4.15.0-32-generic $ tree . └── kernel └── x86 └── microcode └── AuthenticAMD.bin
3 directories, 1 file 奇怪,沒有根文件的目錄和文件,,只有一個微碼的文件。通過Google了解,目前的initrd方式有了變化,。通過反復(fù)的驗證,正確的步驟如下: 步驟一:可以通過lsinitramfs命名來查看initrd含有的文件 $lsinitramfs /boot/initrd.img-4.15.0-32-generic … lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu/amdgpu.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib/chash.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast/ast.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915 lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915/i915.ko ^C …..
$ binwalk /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000" 112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A" 28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000" 29212 0x721C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00170C00" 1539760 0x177EB0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
通過binwalk能夠看到“ gzip compressed data,”的字段,,說明從1540096 字節(jié)段開始是gzip壓縮的格式,。從這開始是根文件系統(tǒng)。之前的microcode的文件,。說明是microcode文件和根文件是壓縮到一起的文件
$ binwalk -y gzip /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
這里有個數(shù)字“1540096 ”,下面開始解壓文件 $dd if=/boot/initrd.img-4.15.0-32-generic bs=1540096 skip=1 | zcat | cpio -id --no-absolute-filenames -v $ls bin conf etc init kernel lib lib64 run sbin scripts usr var
這里有個注意的地方,,如果binwalk顯示不都是gzip格式的。比如: $ binwalk /mnt/casper/initrd (binwalk工具https://github.com/ReFirmLabs/binwalk) DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000" 112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A" 28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x0000002A", file size: "0x00170C00" 1539600 0x177E10 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 1540096 0x178000 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
這個initrd使用lzma壓縮的,。那么解壓時候就不能用zcat命令了,。應(yīng)該使用如下命令: dd if=/mnt/casper/initrd bs=1540096 skip=1 | lzcat | cpio -id --no-absolute-filenames -v lzcat=xz --format=lzma --decompress --stdout(參見https://www./unix/xz.htm) 至此,解壓結(jié)束,。 如何重新壓縮回去呢,?參見:https:///questions/777260/how-to-repack-initrd-img find kernel/ | cpio -o -H newc > new_initrd.img cd rootfs find . | cpio -o | gzip -9 >> ../new_initrd.img |
|
|
