本次拆解:https : //electronics-teardowns.blogspot.com/2020/07/eufy-homebase2-teardown.html
在此处为 Eufy Home Base 2 提供闪存转储:https ://anonymousfiles.io/Ve9y3cL4/
有了这个分区表:
[ 0.472000] Creating 12 MTD partitions on "raspi":
[ 0.480000] 0x000000000000-0x000002000000 : "ALL"
[ 0.484000] 0x000000000000-0x000000030000 : "Bootloader"
[ 0.492000] 0x000000030000-0x000000040000 : "Config"
[ 0.500000] 0x000000040000-0x000000050000 : "Factory"
[ 0.504000] 0x000000050000-0x0000002e02cd : "Kernel"
[ 0.512000] mtd: partition "Kernel" doesn't end on an erase block -- force read-only
[ 0.520000] 0x0000002e02cd-0x000000e50000 : "RootFS"
[ 0.524000] mtd: partition "RootFS" doesn't start on an erase block boundary -- force read-only
[ 0.536000] 0x000000050000-0x000000e50000 : "Kernel_RootFS"
[ 0.544000] 0x000000e50000-0x000000e60000 : "device_info"
[ 0.552000] 0x000000e60000-0x000000e70000 : "ocean_custom"
[ 0.560000] 0x000000e70000-0x000000f40000 : "Kernel2"
[ 0.564000] 0x000000f40000-0x000001440000 : "RootFS2"
[ 0.572000] 0x000001440000-0x000002000000 : "user_fs_jffs2"
但是 binwalk、file、unsquashfs 等似乎无法在这些偏移量处找到文件系统。例如,binwalk 只看到一堆 xz 数据(通常会解压为 MIPS 二进制文件,而不是文件系统):
$ binwalk mtd0 |head
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
83600 0x14690 U-Boot version string, "U-Boot 1.1.3 (Nov 6 2018 - 17:19:03)"
327680 0x50000 uImage header, header size: 64 bytes, header CRC: 0xD3931108, created: 2020-05-09 09:54:47, image size: 13185677 bytes, Data Address: 0x80000000, Entry Point: 0x805E9280, data CRC: 0x62435970, OS: Linux, CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image name: "Linux Kernel Image"
327744 0x50040 LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 8125672 bytes
3015469 0x2E032D xz compressed data
3064741 0x2EC3A5 xz compressed data
3112893 0x2F7FBD xz compressed data
3164133 0x3047E5 xz compressed data
...
我想研究分区表中列出的各种 rootfs 文件系统。我错过了什么?
