本帖最后由 xxcat 于 2016-3-23 22:39 编辑 - l7 }; k" E5 F7 L$ k; I2 ?
9 A& E2 |' D8 l+ F, z: c9 e
先搞定telnet登陆上去,进去shell,你可以先cat /proc/mtd,感受一下固件怎么存储的。- WAP(Dopra Linux) # cat /proc/mtd
- O% e; q. z/ |: q - dev: size erasesize name# H1 F8 t5 |$ o
- mtd0: 00100000 00020000 "startcode"- _- s7 M( r' v
- mtd1: 0ff00000 00020000 "ubifs"1 f) {% T% \( r
- mtd2: 70000000 00020000 "reserved"5 o' b, a/ k# ~" [6 L1 F
- mtd3: 0009b000 0001f000 "ubootA"
! I. b V( k! J* U) g - mtd4: 0009b000 0001f000 "ubootB"
* }, f: \' Y& B - mtd5: 0003e000 0001f000 "flash_configA"
! i& u! l! t9 i - mtd6: 0003e000 0001f000 "flash_configB"
/ M0 t) o, o) ^- a% ^- ~ - mtd7: 0003e000 0001f000 "slave_paramA"
* P$ i2 Z: [# h7 x0 C7 E# G - mtd8: 0003e000 0001f000 "slave_paramB"
, n, T6 J7 A1 r. Q0 j - mtd9: 00307000 0001f000 "kernelA"1 u0 E* x7 F' D1 P& z
- mtd10: 00307000 0001f000 "kernelB"
. {+ Z# w, L5 y$ R - mtd11: 02815000 0001f000 "rootfsA"( X) _, q! T3 o0 F! i6 S
- mtd12: 02815000 0001f000 "rootfsB"" T4 U) n$ c9 m+ m, |/ L/ D
- mtd13: 0003e000 0001f000 "wifi_paramA"
& S/ B% F! l2 K$ X* m - mtd14: 0003e000 0001f000 "wifi_paramB"/ t M; D$ k! u* L/ b
- mtd15: 0003e000 0001f000 "system_param"
6 R+ s$ v) |$ d - mtd16: 0141a000 0001f000 "file_system"
! i; K' B# Y( I - mtd17: 0801e000 0001f000 "app"+ A: |. t O" G+ p
]+ G/ _9 r+ K然后cd /var,然后cat /dev/mtdblock0 > 0.bin如此内推,到cat /dev/mtdblock16 > 16.bin,你就得到了1.bin....16.bin这样一堆文件在/var目录下,然后插个U盘拷贝出去,或者开个tftp服务器传出去,然后你需要知道怎么把固件从这一堆东西里面分离出来,然后你需要知道怎么打包成固件包,挺麻烦吧?不过现在有个新的英文版固件,改改也能用的。
: Y% L i0 q' i& b/ t
' H: P" `" e& B |
粤公网安备44152102000001号 
发表于 2016-3-23 22:35:13