Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2021, 12:57
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 100
Rept. Given: 0
Rept. Rcvd 6 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 75 Times in 44 Posts
psgama Reputation: 6
Firmware Analysis - ZLIB file conversion to Bitmap

Hi guys,

I've been picking away at the firmware for a common security system trying to see if the bitmaps can be modified and I'm a bit stuck.

The files within the firmware are compressed using ZLIB, but after decompression, they don't resemble a bitmap file even though the firmware indicates that's what they are.

Paste the below into a HEX editor and you'll see what I mean.

Can anyone point me in the right direction on how to convert this back into a bitmap? The file below should be called: icon_ui_barrier_button_up_Bitmap

Compressed ZLIB HEX. Zlib Magic number is 789C
Code:
69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 78 9C 95 93 3F 68 53 51 18 C5 5F 4D 6B 12 1B CA B3 D5 6A 8C 7F 1A 6A AD B4 56 F1 4F 15 11 5B 74 51 D4 8A E2 E0 60 07 AD 83 88 9B 83 0A 5D A2 74 72 70 70 F0 CF E0 C3 51 44 1C 82 83 E0 64 9D DA A1 5B 5B 44 B0 16 85 0E A5 9B FA 48 3B 1C CF 77 BF 2F 1F 64 34 70 2E 37 E7 FC EE 7D E7 DD DC 3C 8C 1F 44 DD 91 7E 2E 51 C7 C3 2C 53 59 C0 C9 28 49 4F 05 C9 5C FD 63 61 CC 32 1D A6 FB 08 0B 48 91 A4 30 C9 5C BC 61 E3 8E F8 5E 19 D2 05 EA 0B 89 1F 68 89 84 CF 54 64 2E 9E 66 19 E3 0F 85 71 1D 57 E5 E9 9E A1 AA 68 0D 2B C4 AB 42 BD BC 71 07 9D 1E 25 F3 9C 29 D0 16 E8 A6 8A 7E 1F 35 66 BF B7 C9 71 FD 51 6A 8A 6D 56 B0 D1 DB AC 40 3C CD 72 C6 EF F3 FD 8B 74 2F 50 F3 D8 E2 6D E6 A1 5E D1 B8 FE 30 36 31 19 27 53 45 C9 9B 48 EF 71 CB F7 7A 93 98 6B AF 53 33 6C 52 C3 0E 6F 52 83 78 9A C5 C6 EF F1 26 7D 74 2F 53 35 74 7B 13 59 21 5E 9F 71 BB 1B 4E F1 29 D3 69 F4 3A 3D 0D F5 F2 C6 95 BD 51 33 E9 4E EA 31 1B CD A1 DF 1B CD 41 3C CD 9A 8D EF F2 67 0C D1 BD 1B C9 D9 1F F0 67 00 EA 0D 19 B7 CB CE 26 49 CF D1 5D C4 61 27 17 49 BE A0 7A A3 9D 81 D9 6E 6D 92 34 26 53 A6 BE B2 CD 32 7F 97 7A 9B 9F A4 3F 50 25 EE B4 21 2A 05 7E 9B B5 49 D2 02 39 B9 0D 9F 70 A2 A1 CD 33 EA 8A 71 45 6F 73 87 CC 5B DE D9 3A F9 97 D4 AB 70 CB B6 06 A6 D3 DB 14 C9 9C A7 BE B3 CD 6F 9C 6E B8 37 E2 95 D9 A6 3D DA 1C F8 4D DE A6 8B DC 18 F5 0D 67 FD 19 1F B9 62 2C DC E2 8E C0 75 78 9B 27 DC E7 33 EF 54 FD DE BC 23 79 3B 6A 0F 79 EC 4D 7A 98 DF A3 7E 91 5E C3 45 DB 37 49 FF 40 FD 1E 63 DB BC C5 20 DD 5B D4 2A 4F A0 4E AF 42 BD 41 E3 0A 4E CB FF ED 0D D3 59 5C 75 7A 16 EA B5 1A 97 F7 36 59 32 72 53 5E 87 5F E9 9A 9F CB 32 D4 93 2C 6B 7C CE DF 74 84 EE 04 6E F8 9B 4E 40 3C CD D7 7B 93 01 E6 EF 99 2C E1 A6 37 59 82 7A 03 C6 B5 F8 9E 2F E9 4E 42 DE 69 26 EC 39 09 F1 34 BF FF 9F E3 3F B7 0C 49 ED FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 55 CC 77 33 9A 01 00 00 97 6B 00 80 01 00 3C 21
Decompressed
Code:
69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 81 10 78 00 23 00 00 00 00 00 00 00 50 00 00 00 39 00 00 00 00 00 03 80 DF FF 3D 00 9E F7 41 00 9E F7 41 00 DF FF 3D 00 39 00 00 00 00 00 37 00 00 00 00 00 07 80 DF FF 3F 00 DF FF 82 FF DF FF F7 FF 9E F7 FF FF 9E F7 FF FF 9E F7 F7 FF 9E F7 82 FF DF FF 3F 00 37 00 00 00 00 00 34 00 00 00 00 00 03 80 DF FF 03 00 DF FF 0C 00 DF FF C3 FF 9E F7 E0 FF 05 00 9E F7 FF FF 03 80 9E F7 E0 FF DF FF C3 FF DF FF 0C 00 DF FF 03 00 34 00 00 00 00 00 32 00 00 00 00 00 02 80 DF FF 09 00 DF FF 47 00 DF FF B2 FF 0B 00 9E F7 FF FF 02 80 DF FF B2 FF DF FF 47 00 DF FF 09 00 32 00 00 00 00 00 31 00 00 00 00 00 02 80 DF FF 5C 00 9E F7 97 FF DF FF FF FF 0E 00 9E F7 FF FF 01 80 9E F7 97 FF DF FF 5C 00 31 00 00 00 00 00 2E 00 00 00 00 00 03 80 DF FF 08 00 DF FF 36 00 DF FF C9 FF 9E F7 ED FF 11 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF C9 FF DF FF 36 00 DF FF 08 00 2E 00 00 00 00 00 2C 00 00 00 00 00 02 80 DF FF 19 00 DF FF 4C 00 DF FF D7 FF 17 00 9E F7 FF FF 02 80 DF FF D7 FF DF FF 4C 00 DF FF 19 00 2C 00 00 00 00 00 2B 00 00 00 00 00 01 80 DF FF 7B 00 9E F7 B2 FF 1B 00 9E F7 FF FF 01 80 9E F7 B2 FF DF FF 7B 00 2B 00 00 00 00 00 28 00 00 00 00 00 03 80 DF FF 10 00 DF FF 60 00 DF FF CE FF 9E F7 F9 FF 1D 00 9E F7 FF FF 03 80 9E F7 F9 FF DF FF CE FF DF FF 60 00 DF FF 10 00 28 00 00 00 00 00 26 00 00 00 00 00 02 80 DF FF 2A 00 DF FF 51 00 DF FF F9 FF 23 00 9E F7 FF FF 02 80 DF FF F9 FF DF FF 51 00 DF FF 2A 00 26 00 00 00 00 00 24 00 00 00 00 00 02 80 DF FF 09 00 DF FF 92 FF DF FF CA FF 27 00 9E F7 FF FF 02 80 DF FF CA FF DF FF 92 FF DF FF 09 00 24 00 00 00 00 00 21 00 00 00 00 00 03 80 DF FF 04 00 DF FF 16 00 DF FF 8A FF 9E F7 D6 FF 2B 00 9E F7 FF FF 03 80 9E F7 D6 FF DF FF 8A FF DF FF 16 00 DF FF 04 00 21 00 00 00 00 00 20 00 00 00 00 00 02 80 DF FF 3E 00 DF FF 72 00 DF FF FF FF 2F 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 72 00 DF FF 3E 00 20 00 00 00 00 00 1F 00 00 00 00 00 01 80 9E F7 4A 00 DF FF E1 FF 33 00 9E F7 FF FF 02 80 DF FF E1 FF DF FF 98 FF DF FF 27 00 1E 00 00 00 00 00 1C 00 00 00 00 00 03 80 9E F7 10 00 9E F7 21 00 9E F7 D9 FF 9E F7 EB FF 36 00 9E F7 FF FF 03 80 9E F7 E3 FF DF FF B4 FF DF FF 1B 00 DF FF 0A 00 1B 00 00 00 00 00 1A 00 00 00 00 00 02 80 9E F7 0C 00 9E F7 5C 00 9E F7 BB FF 3B 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 96 FF DF FF 53 00 1A 00 00 00 00 00 19 00 00 00 00 00 01 80 9E F7 6B 00 9E F7 AA FF 3F 00 9E F7 FF FF 02 80 DF FF F6 FF DF FF 9D FF DF FF 47 00 18 00 00 00 00 00 16 00 00 00 00 00 03 80 9E F7 19 00 9E F7 4B 00 9E F7 DE FF 9E F7 F4 FF 42 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF DE FF 9E F7 21 00 DF FF 12 00 15 00 00 00 00 00 14 00 00 00 00 00 02 80 9E F7 20 00 9E F7 62 00 9E F7 DB FF 48 00 9E F7 FF FF 02 80 DF FF B8 FF DF FF 62 00 DF FF 09 00 13 00 00 00 00 00 13 00 00 00 00 00 01 80 9E F7 8E FF 9E F7 C1 FF 4C 00 9E F7 FF FF 01 80 9E F7 AC FF DF FF 69 00 12 00 00 00 00 00 10 00 00 00 00 00 03 80 9E F7 25 00 9E F7 76 00 9E F7 E4 FF 9E F7 FB FF 4E 00 9E F7 FF FF 02 80 9E F7 F5 FF 9E F7 76 00 9E F7 25 00 10 00 00 00 00 00 0E 00 00 00 00 00 02 80 9E F7 35 00 9E F7 67 00 9E F7 FA FF 53 00 9E F7 FF FF 02 80 9E F7 FA FF 9E F7 67 00 9E F7 35 00 0E 00 00 00 00 00 0C 00 00 00 00 00 02 80 9E F7 0B 00 9E F7 A8 FF 9E F7 D5 FF 57 00 9E F7 FF FF 02 80 9E F7 D5 FF 9E F7 A8 FF 9E F7 0B 00 0C 00 00 00 00 00 09 00 00 00 00 00 03 80 9E F7 07 00 9E F7 2B 00 9E F7 A0 FF 9E F7 EB FF 5B 00 9E F7 FF FF 03 80 9E F7 EB FF 9E F7 A0 FF 9E F7 2B 00 9E F7 07 00 09 00 00 00 00 00 08 00 00 00 00 00 01 80 9E F7 4D 00 9E F7 84 FF 61 00 9E F7 FF FF 01 80 9E F7 84 FF 9E F7 4D 00 08 00 00 00 00 00 06 00 00 00 00 00 02 80 9E F7 2D 00 9E F7 AE FF 9E F7 E7 FF 63 00 9E F7 FF FF 02 80 9E F7 E7 FF 9E F7 AE FF 9E F7 2D 00 06 00 00 00 00 00 05 00 00 00 00 00 01 80 9E F7 99 FF 9E F7 C2 FF 67 00 9E F7 CE FF 01 80 9E F7 C2 FF 9E F7 99 FF 05 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00
Reply With Quote
  #2  
Old 08-01-2021, 08:26
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,053 Times in 478 Posts
chants Reputation: 48
If you convert the ascii characters at the start you find: "icon_ui_barrier_button_up_Bitmap". Could be a custom encoded file format. You have to look for usual things like tags or width and height maybe computed based on data size, see where pixel data starts etc. Best is to disassemble the firmware and see how it parses it
Reply With Quote
  #3  
Old 08-01-2021, 20:13
carver carver is offline
Friend
 
Join Date: Jan 2005
Location: Nauru
Posts: 14
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 3
Thanks Rcvd at 3 Times in 3 Posts
carver Reputation: 2
looks like a regular RAW picture.
just find a larger image, not a small icon,

it will become clearer which header size need to cut off,
as well as picture format, 24bit RGB variant,
or some variant of 16bit 5:6:5
Reply With Quote
The Following User Says Thank You to carver For This Useful Post:
niculaita (08-02-2021)
  #4  
Old 08-02-2021, 05:03
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Somewhere Over the Rainbow
Posts: 454
Rept. Given: 15
Rept. Rcvd 119 Times in 51 Posts
Thanks Given: 11
Thanks Rcvd at 734 Times in 194 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
If it's common picture then it looks like it miss bitmap header or it's just some raw image (as is mentioned up).
Extracted data looks like bmp/ico type with size ~16x16 pixels and 256 colors (guess just by size, but it can be anything when you combine height, width and color depth)

Maybe it's better find in application exact image and then compare real data with extracted one.

Last edited by DARKER; 08-02-2021 at 15:19.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What are the alternatives to Binwalk for firmware analysis? SMH17 General Discussion 2 05-31-2021 21:02
usefull idc file for MIPS elf analysis router General Discussion 0 11-04-2004 16:41


All times are GMT +8. The time now is 23:04.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )