|
最近在解决一个问题,需要解压ubuntu的initrd来查看启动脚本。 $ file /boot/initrd.img-4.15.0-32-generic /boot/initrd.img-4.15.0-32-generic: ASCII cpio archive (SVR4 with no CRC) $mkdir rootfs $cd rootfs $cpio -idvm < /boot/initrd.img-4.15.0-32-generic $ tree . └── kernel └── x86 └── microcode └── AuthenticAMD.bin
3 directories, 1 file 奇怪,没有根文件的目录和文件,只有一个微码的文件。通过Google了解,目前的initrd方式有了变化。通过反复的验证,正确的步骤如下: 步骤一:可以通过lsinitramfs命名来查看initrd含有的文件 $lsinitramfs /boot/initrd.img-4.15.0-32-generic … lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu/amdgpu.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib/chash.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast/ast.ko lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915 lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915/i915.ko ^C …..
$ binwalk /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000" 112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A" 28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000" 29212 0x721C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00170C00" 1539760 0x177EB0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
通过binwalk能够看到“ gzip compressed data,”的字段,说明从1540096 字节段开始是gzip压缩的格式。从这开始是根文件系统。之前的microcode的文件。说明是microcode文件和根文件是压缩到一起的文件
$ binwalk -y gzip /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
这里有个数字“1540096 ”,下面开始解压文件 $dd if=/boot/initrd.img-4.15.0-32-generic bs=1540096 skip=1 | zcat | cpio -id --no-absolute-filenames -v $ls bin conf etc init kernel lib lib64 run sbin scripts usr var
这里有个注意的地方,如果binwalk显示不都是gzip格式的。比如: $ binwalk /mnt/casper/initrd (binwalk工具https://github.com/ReFirmLabs/binwalk) DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000" 112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A" 28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000" 28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000" 28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000" 29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x0000002A", file size: "0x00170C00" 1539600 0x177E10 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000" 1540096 0x178000 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
这个initrd使用lzma压缩的。那么解压时候就不能用zcat命令了。应该使用如下命令: dd if=/mnt/casper/initrd bs=1540096 skip=1 | lzcat | cpio -id --no-absolute-filenames -v lzcat=xz --format=lzma --decompress --stdout(参见https://www./unix/xz.htm) 至此,解压结束。 如何重新压缩回去呢?参见:https:///questions/777260/how-to-repack-initrd-img find kernel/ | cpio -o -H newc > new_initrd.img cd rootfs find . | cpio -o | gzip -9 >> ../new_initrd.img |
|
|
