Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.
Created
May 15, 2018 16:06
-
-
Save decidedlygray/f0d9067df556e6b52276a41872add6cc to your computer and use it in GitHub Desktop.
Reversing Aruba Instant Firmware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| file image.uimage.data | |
| #image.uimage.data: Linux kernel ARM boot executable zImage (little-endian) | |
| # Yet another compressed file is revealed | |
| binwalk image.uimage.data | |
| # | |
| #DECIMAL HEXADECIMAL DESCRIPTION | |
| #-------------------------------------------------------------------------------- | |
| #7128 0x1BD8 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: -1 bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Extract the header | |
| dd if=image.bin bs=514 count=1 of=image.header | |
| #1+0 records in | |
| #1+0 records out | |
| #514 bytes (514 B) copied, 0.000580873 s, 885 kB/s | |
| # Extract the body | |
| tail -c+515 < image.bin > image.uimage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Extract the file | |
| tail -c+94209 < image.uimage.data.compressed > image.uimage.data.compressed.cpio.lzma | |
| # Decompress it | |
| 7z x image.uimage.data.compressed.cpio.lzma | |
| # | |
| #7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 | |
| #p7zip Version 9.20 (locale=en_GB.UTF-8,Utf16=on,HugeFiles=on,2 CPUs) | |
| # | |
| #Processing archive: image.uimage.data.compressed.cpio.lzma | |
| # | |
| #Extracting image.uimage.data.compressed.cpio | |
| # | |
| #Everything is Ok | |
| # | |
| #Size: 34330624 | |
| #Compressed: 12126080 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Verify the extracted file contents | |
| binwalk image.uimage | |
| #DECIMAL HEXADECIMAL DESCRIPTION | |
| #-------------------------------------------------------------------------------- | |
| #0 0x0 uImage header, header size: 64 bytes, header CRC: 0x26175460, created: Wed May 27 14:22:39 2015, image size: 10090700 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x63E746B1, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: none, image name: "Linux-2.6.35" | |
| #7192 0x1C18 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: -1 bytes | |
| # Extract the header of the new U-Boot image | |
| dd if=image.uimage bs=64 count=1 of=image.uimage.header | |
| #1+0 records in | |
| #1+0 records out | |
| #64 bytes (64 B) copied, 0.00699276 s, 9.2 kB/s | |
| # Extract the body of the new U-Boot image | |
| tail -c+65 < image.uimage > image.uimage.data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Extract the header | |
| dd if=image.uimage.data bs=1 count=7128 of=image.uimage.data.header | |
| # Extract the compressed file | |
| tail -c+7129 < image.uimage.data > image.uimage.data.compressed.lzma | |
| # Decompress it | |
| 7z x image.uimage.data.compressed.lzma | |
| # | |
| #7-Zip 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 | |
| #p7zip Version 9.20 (locale=en_GB.UTF-8,Utf16=on,HugeFiles=on,2 CPUs) | |
| # | |
| #Processing archive: image.uimage.data.compressed.lzma | |
| # | |
| #Extracting image.uimage.data.compressed | |
| # | |
| #Everything is Ok | |
| # | |
| #Size: 12220288 | |
| #Compressed: 10085616 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| binwalk image.uimage.data.compressed | |
| # | |
| #DECIMAL HEXADECIMAL DESCRIPTION | |
| #-------------------------------------------------------------------------------- | |
| #94208 0x17000 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 34330624 bytes | |
| #11455148 0xAECAAC Copyright string: " (c) 2002-2015, Aruba Networks, Inc. Inc." | |
| #11455868 0xAECD7C ASCII cpio archive (SVR4 with no CRC), file name: "cate dir_entry buffer", file name length: "0xR!!!", file size: "0x>Initram" | |
| #11462204 0xAEE63C Unix home path string: "/home/p4build/depot/margot/IAP4.1.1.7_50209/aos-cmn/platform/os" | |
| #12206595 0xBA4203 LZMA compressed data, properties: 0xC0, dictionary size: 524288 bytes, uncompressed size: 720896 bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| binwalk image.bin | |
| # | |
| #DECIMAL HEXADECIMAL DESCRIPTION | |
| #-------------------------------------------------------------------------------- | |
| #514 0x202 uImage header, header size: 64 bytes, header CRC: 0x26175460, created: Wed May 27 14:22:39 2015, image size: 10090700 bytes, Data Address: 0x80008000, Entry Point: 0x80008000, data CRC: 0x63E746B1, OS: Linux, CPU: ARM, image type: OS Kernel Image, compression type: none, image name: "Linux-2.6.35" | |
| #7706 0x1E1A LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: -1 bytes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Create a new directory to hold the root file system | |
| mkdir rootfs | |
| # Extract the files | |
| cd rootfs/ | |
| cpio --quiet -i --make-directories --preserve-modification-time --no-absolute-filenames -F ../image.uimage.data.compressed.cpio | |
| #cpio: Removing leading `/' from member names | |
| #cpio: dev/console: Cannot mknod: Operation not permitted | |
| #cpio: dev/mem: Cannot mknod: Operation not permitted | |
| #cpio: dev/ptmx: Cannot mknod: Operation not permitted | |
| #cpio: dev/null: Cannot mknod: Operation not permitted | |
| # (...) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment