Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Binary File and Image Notes
1 Introduction
Goal is to understand how image file(s) are generated and how they can be deconstructed
so that a web file set and other information can be recovered.
2 Misc.
Use the file command to obtain info about a file.
Compressed Image header: 0x
2.1 File Signatures
GZIP 1F 8B 08*
TAR 1F 9D 90
ZIP 50 4B 03 04
CRAMFS 45 3D CD 28
Table 1File Type Signatures
2.1.1 GZIP
First two bytes of the signature are the GZIP ID, the third byte is the compression method
used, which is often '08' but is not guaranteed. If the 0x1F8B08 signature can’t be found
look for 0x1F8B.
2.1.2 TAR
2.1.3 ZIP
2.1.4 CRAMFS
3 DAPDK Images
The system image is generated in the uClinux directory and contains the kernel,
applications, libraries, and some web interface functionality.
3.1 uClinux
Order in which the images are created is somewhat confusing. It looks like “.romfs.img”
file is created first in the uClinux directory and is then copied to the kernel directory as
“romfs.img”. Then we go to the kernel directory and create zImage. After zImage is
created (zImage.bin) then it is copied to the uClinux directory as the final image,
uclinux_system.img.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh