FirmAE icon indicating copy to clipboard operation
FirmAE copied to clipboard

Published 20 hours ago verified publisher icon pr0v3rbs

Cant start network

Open ninoosewoudt opened this issue 3 years ago • 3 comments

Hey,

Im working on a project in which i have to emulate the firmware of Foscam C2.

this firmware was a hell to extract but i got it.

the problem im running into is the following:

rwx

is there a way to solve this ?

as sh and init are rwx but it still hangs on them.

ninoosewoudt avatar May 18 '21 14:05 ninoosewoudt

When Linux kernel booting, it executes the init programs (check main.c in kernel), and it seems like the programs are failing to initialize and returned an error (/sbin/init returns -8, /bin/sh returns -13).

It needs to debug the reason that init program fails. However, it is possible that exist another of initializing programs such as preinit. FirmAE finds initializing programs and logs them in scratch/${IID}/init log file.

If you can share the firmware and the instruction that extract the filesystem, then I can debug it together.

pr0v3rbs avatar May 23 '21 15:05 pr0v3rbs

Hey thnx for your reply. i still need to look into this myself will do it later this week. in the meantime i will get you the firmware so you can look if you want do :)

its the foscam C2 https://www.foscam.eu/attachments/Foscam_C2

you want C2 Firmware 2.x.1.79 [07-05-2020] or v2 or v3 decryption works on app version 2.x.1.79

they have a lot of different versions with system and app firmware. they are encrypted with ssl the password is WWzift*v4 i found that trough brute forcing variants of the old credentials.

after that you will get a broken ubi image that you need to extract manually.

modprobe nandsim first_id_byte=0x2c second_id_byte=0xac third_id_byte=0x90 fourth_id_byte=0x15

cat /proc/mtd

flash_erase /dev/mtd0 0 0

ubiformat /dev/mtd0 -f image.ubi -O 2048 "insert the app.ubi image here"

modprobe ubi

ubiattach -p /dev/mtd0 -O 2048

mount -t ubifs /dev/ubi0_X /mnt/ubifs "use the right partition on the X it should be 1"

after this you get a ubi image in your /mnt that you can extract with binwalk.

in 1 of the folders there will be the rootfs filesystem.

i would have send you more clear steps but i lost my files due to a rollback so i got to re-do most of my steps. i will post back later when i fixed my stuff when i have some spare time.

ninoosewoudt avatar May 27 '21 12:05 ninoosewoudt

image

after giving 777 to everything and comenting 2 lines as someone else suggested i end up with this

ninoosewoudt avatar May 28 '21 09:05 ninoosewoudt