+ Reply to Thread
Page 1 of 5 1 2 3 4 5 LastLast
Results 1 to 10 of 46
Like Tree3Likes

Thread: [DEV] Reversing the compiled scripts

  1. #1
    Currently Offline Android 1.0 ***
    Join Date
    Jan 2012
    Posts
    48

    [DEV] Reversing the compiled scripts

    The A10 platforms bootloader (a small built-in pre-boot-loader, in Brom) does not contain any hardware information and identical on every board. Thus, the boot process needs a file what tells where to look for what (so no time is spent with mostly meaningless interface pings). The definition files are located in the bootfs, or /dev/block/nanda (mount it as vfat), and called Script.bin (plus same file just different name, Script0.bin). This is just a "compiled" configuration file, so it has the values encoded.

    I'm developing for the device Pioneer Aurora F1 (the tablet A710), and as it had no config file in the released kit, I need to use the only one released binary, what is pretty annoying as I'm trying to put a whole source tree together, with every device, etc etc.

    For that, I would need help with disassembling and reversing two tools from the released Ainol firmware making kit: script.exe and update_23.exe. These two first compile the script into binary format, then merge it with the three loaders (nand, usb and mmc).

    The ultimate goal is to have a tool what can recreate the original sys_config1.fex from the Script.bin files.

    I've began working on it with IDA, but as I really lack the knowledge of Assembly language, I can't really do much. If there's anyone who knows generic x86 Assembly, and would like to help, it would be a great improvement for the tools we have!
    underall likes this.

  2. The Following 2 Users Say Thank You to fonix232 For This Useful Post:

    srdn_b (04-27-2013), underall (09-23-2013)



  3. #2
    Currently Offline Beta
    Join Date
    Jan 2012
    Location
    Moscow, Russia
    Posts
    5
    Hi.

    I have written a simple utility to decompile a bin file to the fex format
    Attached Files
    Last edited by A6PAMOB; 01-29-2012 at 06:07 AM.
    underall likes this.

  4. The Following 5 Users Say Thank You to A6PAMOB For This Useful Post:

    jelreyn (03-07-2013), moch84bdg (06-28-2013), mwdespi (01-10-2013), roji (08-05-2013), underall (09-22-2013)

  5. #3
    Join Date
    Jan 2012
    Posts
    2
    I have good news for you. While trying to mod new firmwares onto the Ainol Novo 7, I reverse-engineered the format of script.bin, which is actually pretty simpler and easier than disassemblying the script tool.

    So, here is a tool I made to convert script.bin back to the .fex file:

    https://github.com/zenitraM/a10tools

    Happy hacking


    EDIT: LOL, now this is luck. A6PAMOB posted his tool while I was posting mine. Oh well

  6. The Following 4 Users Say Thank You to iamzenitraM For This Useful Post:

    A6PAMOB (01-26-2012), moch84bdg (06-28-2013), roji (08-05-2013), underall (09-22-2013)

  7. #4
    Currently Offline Android 1.0 ***
    Join Date
    Jan 2012
    Posts
    48
    No problem, the more tools the better :-D
    I'm not too good in Ruby, could you post the exact way how to extract it? Want to examine it further!

  8. #5
    Join Date
    Jan 2012
    Posts
    2
    To run the script just execute: ./script2fex.rb script.bin > script.fex

    The format of the file can be seen on an hex editor. First there is the number of sections in the file, then 1, 2, and all of the sections with the number of elements on them (and what I guess is the offset, but I don't use it), then all of the elements with their size and type of variable (int, string or port), and finally all of the data in the same order. (the size is multiplied by 4 bytes, I guess offsets are too). All ints are little-endian.

    I just read everything in order and assume the sizes are correct, ignoring the offsets. (they aren't really needed for getting back the .fex).

    I checked and the script'ed .bin from the output of the script is the same as the original one, so I guess it works fine.

  9. #6
    Currently Offline Android 1.0 ***
    Join Date
    Jan 2012
    Posts
    48
    Thanks for the explanation! As soon as I get home I'll take a look at it!

  10. #7
    Currently Offline Android 1.0 ***
    Join Date
    Jan 2012
    Posts
    48
    Quote Originally Posted by iamzenitraM View Post
    To run the script just execute: ./script2fex.rb script.bin > script.fex

    The format of the file can be seen on an hex editor. First there is the number of sections in the file, then 1, 2, and all of the sections with the number of elements on them (and what I guess is the offset, but I don't use it), then all of the elements with their size and type of variable (int, string or port), and finally all of the data in the same order. (the size is multiplied by 4 bytes, I guess offsets are too). All ints are little-endian.

    I just read everything in order and assume the sizes are correct, ignoring the offsets. (they aren't really needed for getting back the .fex).

    I checked and the script'ed .bin from the output of the script is the same as the original one, so I guess it works fine.

    Could you extend your script with offset-reading, so there won't be any problem for sure?


    Quote Originally Posted by A6PAMOB View Post
    Hi.

    I have written a simple utility to decompile a bin file to the fex format
    Can you tell me which script.exe did you add to your package? What I've got Ainol tools for image-making have two (script.exe and script_old.exe), but neither matches the one in your zip!
    Last edited by fonix232; 01-26-2012 at 12:16 PM.

  11. #8
    Currently Offline Beta
    Join Date
    Jan 2012
    Location
    Moscow, Russia
    Posts
    5
    fonix232, this file from crane-win-v2\pctools\mod_update in tools.rar

  12. #9
    Currently Offline Android 1.0 ***
    Join Date
    Jan 2012
    Posts
    48
    Quote Originally Posted by A6PAMOB View Post
    fonix232, this file from crane-win-v2\pctools\mod_update in tools.rar
    I've got the same package, and your script.exe is 36864b in size, mine are 20480 and 24576!

  13. #10
    Currently Offline Beta
    Join Date
    Jan 2012
    Location
    Moscow, Russia
    Posts
    5
    My mistake, the size of script.exe must be 24576 bytes.
    I have reuploaded the unscript.zip.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts