nlitsme/ubidump nlitsme/ubidump

  • Stars
    star
    226
  • Rank 175,504 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 7 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
nlitsme/ubidump
github

nlitsme

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool for viewing and extracting files from an UBIFS image

UBIFS Dumper

This tool can be used to view or extract the contents of UBIFS images.

About UBIFS

UBIFS is a filesystem specifically designed for used on NAND flash chips. NAND flash is organized in eraseblocks. Eraseblocks can be erased, appended to, and read. Erasing is a relatively expensive operation, and can be done only a limited number of times.

An UBIFS image contains four abstraction layers:

  • eraseblocks
  • volumes
  • b-tree nodes
  • inodes

Each eraseblock contains info on how often it has been erased, and which volume it belongs to. A volume contains a b-tree database with keys for:

  • inodes, indexed by inode number
  • direntries, indexed by inode number + name hash
  • datablocks, indexed by inode number + block number

The inodes are basically a standard unix filesystem, with direntries, regular files, symlinks, devices, etc.

mounting images on linux

modprobe nandsim first_id_byte=0x2c second_id_byte=0xac third_id_byte=0x90 fourth_id_byte=0x26
nandwrite /dev/mtd0   firmware-image.ubi 
modprobe ubi mtd=/dev/mtd0,4096
mount -t ubifs  -o ro /dev/ubi0_0 mnt

This will mount a ubi image for a device with eraseblock size 0x40000. If your image has a blocksize of 0x20000, use fourth_id_byte=0x15, and specify a pagesize of 2048 with the second modprobe line.

Usage

View the contents of the /etc/passwd file in the filesystem image image.ubi:

python ubidump.py  -c /etc/passwd  image.ubi

List the files in all the volumes in image.ubi:

python ubidump.py  -l  image.ubi

View the contents of b-tree database from the volumes in image.ubi:

python ubidump.py  -d  image.ubi

Install

Install the required python modules using:

pip install -r requirements.txt

or as a pip package:

pip install ubidump

You may need to manually install your operarating system libraries for lzo first:

on linux:

apt install liblzo2-dev

on MacOS:

brew install lzo

maybe you need to build the python library like this:

LDFLAGS=-L/usr/local/lib CFLAGS=-I/usr/local/include/lzo pip3 install python-lzo

When you need zstd compression, you will need to install the zstandard module.

Dependencies

  • python2 or python3
  • python-lzo ( >= 1.09, which introduces the 'header=False' argument )
  • crcmod
  • optional: zstandard

TODO

  • add option to select a volume
  • add option to select a older master node
  • parse the journal
  • analyze b-tree structure for unused nodes
  • analyze fs structure for unused inodes, dirents
  • verify that data block size equals the size mentioned in the inode.
  • add support for ubifs ( without the ubi layer )
  • add option to extract a raw volume.

References

Similar tools

Author

Willem Hengeveld [email protected]

More Repositories

1

idbutil

Library and tool for reading IDApro databases.
C++
146
star
2

youtube_tool

Tool for extracting comments or subtitles from youtube video's
Python
136
star
3

pyidbutil

A python library for reading IDA pro databases.
Python
135
star
4

extfstools

Tools for extracting files from ext2,3,4 filesystem images
C++
119
star
5

eimgfs

Tool for editting Windows CE/Mobile firmware images.
C++
63
star
6

vimdecrypt

Python tool for decrypting vim encrypted files.
Python
48
star
7

zipdump

Analyze zipfile, either local, or from url
Python
33
star
8

encrypteddmg

Tool for analyzing and decrypting apple encrypted disk images
Python
31
star
9

idascripts

IDApro idc and idapython script collection
Python
28
star
10

bitcoinexplainer

Interactive examples explaining the details of how bitcoin calculations work.
JavaScript
25
star
11

cpputils

various c++ utility classes
C++
22
star
12

whatsapp-apk-proto

Changes in the whatsapp protocol as extracted from apk files
Shell
17
star
13

findstr

A tool for searching text or byte patterns in binary files.
C++
16
star
14

pyPdfCrack

Investigation in PDF encryption
Python
16
star
15

iphonetools

Tools for inspecting iOS firmware images
C++
15
star
16

hvtool

Create or View Windows CE registry `.hv` hive files.
C++
15
star
17

PythonMonkey

Drop-in replacement for the android Jython monkeyrunner library
Python
13
star
18

idcinternals

IDA plugin investigating the internal representation of IDC scripts
C++
13
star
19

python-bcutils

bitcoin utils
Python
11
star
20

hexdumper

hexdumper tool i use for just about anything.
C++
11
star
21

HACKTIC_demon_dialer

The hacktic demon dialer, from 1991
Assembly
10
star
22

idaperl

perl scripting support for IDApro
C++
10
star
23

githubtool

Commandline tool for searching github
Python
8
star
24

CelbEprDecode

Decode Cellebrite bootloaders from ufedsamsungpack_v21.epr
Python
8
star
25

SquashFSDumper

tool for listing and extracting files from SQUASHFS images
Python
7
star
26

AVRInstructionSet

Investigating the AVR / Arduino instruction set
HTML
7
star
27

pytorify

module which makes sure all sockets use the TOR proxy
Python
6
star
28

whatsapptools

A collection of python scripts i use for managing whatsapp chats from the commandline.
Python
5
star
29

pyCryptoBenchmarking

benchmarking the python pyCrypto and cryptography moduls
Python
5
star
30

hfstools

Tools for reading or recovering files from an apple HFS+ filesystem
Perl
5
star
31

xpcap

tool for analyzing packet capture dumps
Python
4
star
32

ntfs_research_tool

Tool for investigating broken ntfs partitions.
C++
4
star
33

gnubc

Gnu bc calculator with some improvements
C
3
star
34

pyCryptoAdapter

Extend pyCrypto with your own ciphers.
Python
3
star
35

GeometricShapes

Python module for generating the coordinates of the platonic solids in n dimensions
Python
3
star
36

qualcomm-q6zip

decompressor for qualcomm q6zip and delta compressed firmware sections
Python
3
star
37

fatutils

tools for reading from FAT filesytem images
Perl
3
star
38

dllloader

(old) library for loading functions from win32 binaries on macos or linux.
C++
2
star
39

ancient

various ancient documents
2
star
40

transpose

Command line tool for transforming matrices of textual data
Python
2
star
41

oldmstools

win32 tools, originally from the itsutils package.
C++
2
star
42

CompressUtils

(old) perl extension for decompressing WinCE roms.
C++
2
star
43

wikiexport

Tool for downloading the contents of a mediawiki site
Python
2
star
44

findlinks

tool for extracting links for a set of html files
C++
2
star
45

vandale2008reader

Decodes files from the 2008 edition of the vandale dictionary
C++
2
star
46

nlitsme.github.io

my github.io page
HTML
1
star
47

ift4plot

speed and accelaration plot of SpaceX IFT4
Python
1
star
48

arduino-simulator

Minimal Arduino simulator, debug your project on your laptop.
C++
1
star
49

pointenumerator

Several algorithms for enumerating points in an unbounded plane
C++
1
star
50

pyCrcExperiment

Experiment, making the relation of CRC's and polynomials explicit
Python
1
star
51

expressionfinder

Tool for solving math problems involving finding an expression for a given value. (like numberphile's 10958 problem)
C++
1
star
52

magister-tool

Tool for getting information from the magister school server
Python
1
star
53

legacy-itslib-library

Part of the old itsutils library
C++
1
star