Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Firmware Analysis - ZLIB file conversion to Bitmap (https://forum.exetools.com/showthread.php?t=19895)

psgama 07-30-2021 12:57

Firmware Analysis - ZLIB file conversion to Bitmap
 
Hi guys,

I've been picking away at the firmware for a common security system trying to see if the bitmaps can be modified and I'm a bit stuck.

The files within the firmware are compressed using ZLIB, but after decompression, they don't resemble a bitmap file even though the firmware indicates that's what they are.

Paste the below into a HEX editor and you'll see what I mean.

Can anyone point me in the right direction on how to convert this back into a bitmap? The file below should be called: icon_ui_barrier_button_up_Bitmap

Compressed ZLIB HEX. Zlib Magic number is 789C
Code:

69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 78 9C 95 93 3F 68 53 51 18 C5 5F 4D 6B 12 1B CA B3 D5 6A 8C 7F 1A 6A AD B4 56 F1 4F 15 11 5B 74 51 D4 8A E2 E0 60 07 AD 83 88 9B 83 0A 5D A2 74 72 70 70 F0 CF E0 C3 51 44 1C 82 83 E0 64 9D DA A1 5B 5B 44 B0 16 85 0E A5 9B FA 48 3B 1C CF 77 BF 2F 1F 64 34 70 2E 37 E7 FC EE 7D E7 DD DC 3C 8C 1F 44 DD 91 7E 2E 51 C7 C3 2C 53 59 C0 C9 28 49 4F 05 C9 5C FD 63 61 CC 32 1D A6 FB 08 0B 48 91 A4 30 C9 5C BC 61 E3 8E F8 5E 19 D2 05 EA 0B 89 1F 68 89 84 CF 54 64 2E 9E 66 19 E3 0F 85 71 1D 57 E5 E9 9E A1 AA 68 0D 2B C4 AB 42 BD BC 71 07 9D 1E 25 F3 9C 29 D0 16 E8 A6 8A 7E 1F 35 66 BF B7 C9 71 FD 51 6A 8A 6D 56 B0 D1 DB AC 40 3C CD 72 C6 EF F3 FD 8B 74 2F 50 F3 D8 E2 6D E6 A1 5E D1 B8 FE 30 36 31 19 27 53 45 C9 9B 48 EF 71 CB F7 7A 93 98 6B AF 53 33 6C 52 C3 0E 6F 52 83 78 9A C5 C6 EF F1 26 7D 74 2F 53 35 74 7B 13 59 21 5E 9F 71 BB 1B 4E F1 29 D3 69 F4 3A 3D 0D F5 F2 C6 95 BD 51 33 E9 4E EA 31 1B CD A1 DF 1B CD 41 3C CD 9A 8D EF F2 67 0C D1 BD 1B C9 D9 1F F0 67 00 EA 0D 19 B7 CB CE 26 49 CF D1 5D C4 61 27 17 49 BE A0 7A A3 9D 81 D9 6E 6D 92 34 26 53 A6 BE B2 CD 32 7F 97 7A 9B 9F A4 3F 50 25 EE B4 21 2A 05 7E 9B B5 49 D2 02 39 B9 0D 9F 70 A2 A1 CD 33 EA 8A 71 45 6F 73 87 CC 5B DE D9 3A F9 97 D4 AB 70 CB B6 06 A6 D3 DB 14 C9 9C A7 BE B3 CD 6F 9C 6E B8 37 E2 95 D9 A6 3D DA 1C F8 4D DE A6 8B DC 18 F5 0D 67 FD 19 1F B9 62 2C DC E2 8E C0 75 78 9B 27 DC E7 33 EF 54 FD DE BC 23 79 3B 6A 0F 79 EC 4D 7A 98 DF A3 7E 91 5E C3 45 DB 37 49 FF 40 FD 1E 63 DB BC C5 20 DD 5B D4 2A 4F A0 4E AF 42 BD 41 E3 0A 4E CB FF ED 0D D3 59 5C 75 7A 16 EA B5 1A 97 F7 36 59 32 72 53 5E 87 5F E9 9A 9F CB 32 D4 93 2C 6B 7C CE DF 74 84 EE 04 6E F8 9B 4E 40 3C CD D7 7B 93 01 E6 EF 99 2C E1 A6 37 59 82 7A 03 C6 B5 F8 9E 2F E9 4E 42 DE 69 26 EC 39 09 F1 34 BF FF 9F E3 3F B7 0C 49 ED FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 55 CC 77 33 9A 01 00 00 97 6B 00 80 01 00 3C 21
Decompressed
Code:

69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 81 10 78 00 23 00 00 00 00 00 00 00 50 00 00 00 39 00 00 00 00 00 03 80 DF FF 3D 00 9E F7 41 00 9E F7 41 00 DF FF 3D 00 39 00 00 00 00 00 37 00 00 00 00 00 07 80 DF FF 3F 00 DF FF 82 FF DF FF F7 FF 9E F7 FF FF 9E F7 FF FF 9E F7 F7 FF 9E F7 82 FF DF FF 3F 00 37 00 00 00 00 00 34 00 00 00 00 00 03 80 DF FF 03 00 DF FF 0C 00 DF FF C3 FF 9E F7 E0 FF 05 00 9E F7 FF FF 03 80 9E F7 E0 FF DF FF C3 FF DF FF 0C 00 DF FF 03 00 34 00 00 00 00 00 32 00 00 00 00 00 02 80 DF FF 09 00 DF FF 47 00 DF FF B2 FF 0B 00 9E F7 FF FF 02 80 DF FF B2 FF DF FF 47 00 DF FF 09 00 32 00 00 00 00 00 31 00 00 00 00 00 02 80 DF FF 5C 00 9E F7 97 FF DF FF FF FF 0E 00 9E F7 FF FF 01 80 9E F7 97 FF DF FF 5C 00 31 00 00 00 00 00 2E 00 00 00 00 00 03 80 DF FF 08 00 DF FF 36 00 DF FF C9 FF 9E F7 ED FF 11 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF C9 FF DF FF 36 00 DF FF 08 00 2E 00 00 00 00 00 2C 00 00 00 00 00 02 80 DF FF 19 00 DF FF 4C 00 DF FF D7 FF 17 00 9E F7 FF FF 02 80 DF FF D7 FF DF FF 4C 00 DF FF 19 00 2C 00 00 00 00 00 2B 00 00 00 00 00 01 80 DF FF 7B 00 9E F7 B2 FF 1B 00 9E F7 FF FF 01 80 9E F7 B2 FF DF FF 7B 00 2B 00 00 00 00 00 28 00 00 00 00 00 03 80 DF FF 10 00 DF FF 60 00 DF FF CE FF 9E F7 F9 FF 1D 00 9E F7 FF FF 03 80 9E F7 F9 FF DF FF CE FF DF FF 60 00 DF FF 10 00 28 00 00 00 00 00 26 00 00 00 00 00 02 80 DF FF 2A 00 DF FF 51 00 DF FF F9 FF 23 00 9E F7 FF FF 02 80 DF FF F9 FF DF FF 51 00 DF FF 2A 00 26 00 00 00 00 00 24 00 00 00 00 00 02 80 DF FF 09 00 DF FF 92 FF DF FF CA FF 27 00 9E F7 FF FF 02 80 DF FF CA FF DF FF 92 FF DF FF 09 00 24 00 00 00 00 00 21 00 00 00 00 00 03 80 DF FF 04 00 DF FF 16 00 DF FF 8A FF 9E F7 D6 FF 2B 00 9E F7 FF FF 03 80 9E F7 D6 FF DF FF 8A FF DF FF 16 00 DF FF 04 00 21 00 00 00 00 00 20 00 00 00 00 00 02 80 DF FF 3E 00 DF FF 72 00 DF FF FF FF 2F 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 72 00 DF FF 3E 00 20 00 00 00 00 00 1F 00 00 00 00 00 01 80 9E F7 4A 00 DF FF E1 FF 33 00 9E F7 FF FF 02 80 DF FF E1 FF DF FF 98 FF DF FF 27 00 1E 00 00 00 00 00 1C 00 00 00 00 00 03 80 9E F7 10 00 9E F7 21 00 9E F7 D9 FF 9E F7 EB FF 36 00 9E F7 FF FF 03 80 9E F7 E3 FF DF FF B4 FF DF FF 1B 00 DF FF 0A 00 1B 00 00 00 00 00 1A 00 00 00 00 00 02 80 9E F7 0C 00 9E F7 5C 00 9E F7 BB FF 3B 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 96 FF DF FF 53 00 1A 00 00 00 00 00 19 00 00 00 00 00 01 80 9E F7 6B 00 9E F7 AA FF 3F 00 9E F7 FF FF 02 80 DF FF F6 FF DF FF 9D FF DF FF 47 00 18 00 00 00 00 00 16 00 00 00 00 00 03 80 9E F7 19 00 9E F7 4B 00 9E F7 DE FF 9E F7 F4 FF 42 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF DE FF 9E F7 21 00 DF FF 12 00 15 00 00 00 00 00 14 00 00 00 00 00 02 80 9E F7 20 00 9E F7 62 00 9E F7 DB FF 48 00 9E F7 FF FF 02 80 DF FF B8 FF DF FF 62 00 DF FF 09 00 13 00 00 00 00 00 13 00 00 00 00 00 01 80 9E F7 8E FF 9E F7 C1 FF 4C 00 9E F7 FF FF 01 80 9E F7 AC FF DF FF 69 00 12 00 00 00 00 00 10 00 00 00 00 00 03 80 9E F7 25 00 9E F7 76 00 9E F7 E4 FF 9E F7 FB FF 4E 00 9E F7 FF FF 02 80 9E F7 F5 FF 9E F7 76 00 9E F7 25 00 10 00 00 00 00 00 0E 00 00 00 00 00 02 80 9E F7 35 00 9E F7 67 00 9E F7 FA FF 53 00 9E F7 FF FF 02 80 9E F7 FA FF 9E F7 67 00 9E F7 35 00 0E 00 00 00 00 00 0C 00 00 00 00 00 02 80 9E F7 0B 00 9E F7 A8 FF 9E F7 D5 FF 57 00 9E F7 FF FF 02 80 9E F7 D5 FF 9E F7 A8 FF 9E F7 0B 00 0C 00 00 00 00 00 09 00 00 00 00 00 03 80 9E F7 07 00 9E F7 2B 00 9E F7 A0 FF 9E F7 EB FF 5B 00 9E F7 FF FF 03 80 9E F7 EB FF 9E F7 A0 FF 9E F7 2B 00 9E F7 07 00 09 00 00 00 00 00 08 00 00 00 00 00 01 80 9E F7 4D 00 9E F7 84 FF 61 00 9E F7 FF FF 01 80 9E F7 84 FF 9E F7 4D 00 08 00 00 00 00 00 06 00 00 00 00 00 02 80 9E F7 2D 00 9E F7 AE FF 9E F7 E7 FF 63 00 9E F7 FF FF 02 80 9E F7 E7 FF 9E F7 AE FF 9E F7 2D 00 06 00 00 00 00 00 05 00 00 00 00 00 01 80 9E F7 99 FF 9E F7 C2 FF 67 00 9E F7 CE FF 01 80 9E F7 C2 FF 9E F7 99 FF 05 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00

chants 08-01-2021 08:26

If you convert the ascii characters at the start you find: "icon_ui_barrier_button_up_Bitmap". Could be a custom encoded file format. You have to look for usual things like tags or width and height maybe computed based on data size, see where pixel data starts etc. Best is to disassemble the firmware and see how it parses it

carver 08-01-2021 20:13

looks like a regular RAW picture.
just find a larger image, not a small icon,

it will become clearer which header size need to cut off,
as well as picture format, 24bit RGB variant,
or some variant of 16bit 5:6:5

DARKER 08-02-2021 05:03

If it's common picture then it looks like it miss bitmap header or it's just some raw image (as is mentioned up).
Extracted data looks like bmp/ico type with size ~16x16 pixels and 256 colors (guess just by size, but it can be anything when you combine height, width and color depth)

Maybe it's better find in application exact image and then compare real data with extracted one.


All times are GMT +8. The time now is 20:51.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX