TransWikia.com

Why doesn't binwalk see the filesystems in this Eufy Home Base 2 flash dump?

Reverse Engineering Asked by winston_smith on August 27, 2021

This teardown:
https://electronics-teardowns.blogspot.com/2020/07/eufy-homebase2-teardown.html

Gives a flash dump for the Eufy Home Base 2 here: https://anonymousfiles.io/Ve9y3cL4/

With this partition table:

[    0.472000] Creating 12 MTD partitions on "raspi":
[    0.480000] 0x000000000000-0x000002000000 : "ALL"
[    0.484000] 0x000000000000-0x000000030000 : "Bootloader"
[    0.492000] 0x000000030000-0x000000040000 : "Config"
[    0.500000] 0x000000040000-0x000000050000 : "Factory"
[    0.504000] 0x000000050000-0x0000002e02cd : "Kernel"
[    0.512000] mtd: partition "Kernel" doesn't end on an erase block -- force read-only
[    0.520000] 0x0000002e02cd-0x000000e50000 : "RootFS"
[    0.524000] mtd: partition "RootFS" doesn't start on an erase block boundary -- force read-only
[    0.536000] 0x000000050000-0x000000e50000 : "Kernel_RootFS"
[    0.544000] 0x000000e50000-0x000000e60000 : "device_info"
[    0.552000] 0x000000e60000-0x000000e70000 : "ocean_custom"
[    0.560000] 0x000000e70000-0x000000f40000 : "Kernel2"
[    0.564000] 0x000000f40000-0x000001440000 : "RootFS2"
[    0.572000] 0x000001440000-0x000002000000 : "user_fs_jffs2"

But binwalk, file, unsquashfs, etc., can’t seem to find filesystems at those offsets. Eg., binwalk just sees a bunch of xz data (which often decompresses into MIPS binaries, but not a filesystem):

$ binwalk mtd0 |head

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
83600         0x14690         U-Boot version string, "U-Boot 1.1.3 (Nov  6 2018 - 17:19:03)"
327680        0x50000         uImage header, header size: 64 bytes, header CRC: 0xD3931108, created: 2020-05-09 09:54:47, image size: 13185677 bytes, Data Address: 0x80000000, Entry Point: 0x805E9280, data CRC: 0x62435970, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
327744        0x50040         LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 8125672 bytes
3015469       0x2E032D        xz compressed data
3064741       0x2EC3A5        xz compressed data
3112893       0x2F7FBD        xz compressed data
3164133       0x3047E5        xz compressed data
...

I’d like to study the various rootfs filesytems listed in the partition table. What am I missing?

One Answer

binwalk scans files for magic bytes. Data that does not have a signature defined for it will not be found by a signature scan.

It appears no signature is defined for RootFS file systems (the hits for rootfs below are labels for offsets in TRX headers):

no rootFS signature

Example entries for SquashFS file systems signatures, for reference:

signature entries for squashfs

Correct answer by julian on August 27, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP