Basic steps for reverse engineering Cisco image
1. Creating tool program.
C source program.
Compiling this C source file is created unix command line
program which can create pure pkzip compressed elf32-mips
image file.
Example of compilation:
[linux_box] gcc -s -o CutPKSignature CutPKSignature.c
2. Creating pure compressed elf32-mips image file.
Example of creating...:
[linux_box] ./CutPKSignature Output. < c6msfc2-boot-mz.121-8a.EX
Output in this directory is a file Output.000.
[linux_box] mv Output.000 Data.zip
[linux_box] unzip -t Data.zip (Shuld be OK)
[linux_box] unzip Data.zip
Archive: Data.zip
inflating: C6MSFC2-.BIN
3. Creating bfd utility with elf32-mips-cisco patch
Example of creating...:
[linux_box] wget ftp://ftp.cvt.stuba.sk/pub/gnu/binutils/binutils-2.13.2.1.tar.bz2
[linux_box] wget binutils-2.13.2.1_elf32-mips-cisco.patch
[linux_box] wget Apply_binutils-2.13.2.1_elf32-mips-cisco_patch.sh
[linux_box] tar -jxvf binutils-2.13.2.1.tar.bz2
[linux_box] cd binutils-2.13.2.1
[linux_box] ../Apply_binutils-2.13.2.1_elf32-mips-cisco_patch.sh
or
[linux_box] patch -b -p1 < binutils-2.13.2.1_elf32-mips-cisco.patch
[linux_box] ./configure --prefix=/usr/local/binutils-2.13.2.1 \
--enable-target=all 2>&1 | tee configure.rep.0
[linux_box] gmake install 2>&1 | tee gmake.install.rep.0
4. Looking for elf section.
[linux_box] /usr/local/binutils-2.13.2.1/bin/objdump -h C6MSFC2-.BIN
5. Dumping text section
[linux_box] /usr/local/binutils-2.13.2.1/bin/objdump -s C6MSFC2-.BIN
6. Disassembling text section
[linux_box] /usr/local/binutils-2.13.2.1/bin/objdump -m mips -d C6MSFC2-.BIN
7. Succesfuly tested on Cisco Catalyst 6509