Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2021, 12:57
psgama psgama is offline
Friend
 
Join Date: Jul 2014
Posts: 83
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 10
Thanks Rcvd at 66 Times in 39 Posts
psgama Reputation: 3
Firmware Analysis - ZLIB file conversion to Bitmap

Hi guys,

I've been picking away at the firmware for a common security system trying to see if the bitmaps can be modified and I'm a bit stuck.

The files within the firmware are compressed using ZLIB, but after decompression, they don't resemble a bitmap file even though the firmware indicates that's what they are.

Paste the below into a HEX editor and you'll see what I mean.

Can anyone point me in the right direction on how to convert this back into a bitmap? The file below should be called: icon_ui_barrier_button_up_Bitmap

Compressed ZLIB HEX. Zlib Magic number is 789C
Code:
69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 78 9C 95 93 3F 68 53 51 18 C5 5F 4D 6B 12 1B CA B3 D5 6A 8C 7F 1A 6A AD B4 56 F1 4F 15 11 5B 74 51 D4 8A E2 E0 60 07 AD 83 88 9B 83 0A 5D A2 74 72 70 70 F0 CF E0 C3 51 44 1C 82 83 E0 64 9D DA A1 5B 5B 44 B0 16 85 0E A5 9B FA 48 3B 1C CF 77 BF 2F 1F 64 34 70 2E 37 E7 FC EE 7D E7 DD DC 3C 8C 1F 44 DD 91 7E 2E 51 C7 C3 2C 53 59 C0 C9 28 49 4F 05 C9 5C FD 63 61 CC 32 1D A6 FB 08 0B 48 91 A4 30 C9 5C BC 61 E3 8E F8 5E 19 D2 05 EA 0B 89 1F 68 89 84 CF 54 64 2E 9E 66 19 E3 0F 85 71 1D 57 E5 E9 9E A1 AA 68 0D 2B C4 AB 42 BD BC 71 07 9D 1E 25 F3 9C 29 D0 16 E8 A6 8A 7E 1F 35 66 BF B7 C9 71 FD 51 6A 8A 6D 56 B0 D1 DB AC 40 3C CD 72 C6 EF F3 FD 8B 74 2F 50 F3 D8 E2 6D E6 A1 5E D1 B8 FE 30 36 31 19 27 53 45 C9 9B 48 EF 71 CB F7 7A 93 98 6B AF 53 33 6C 52 C3 0E 6F 52 83 78 9A C5 C6 EF F1 26 7D 74 2F 53 35 74 7B 13 59 21 5E 9F 71 BB 1B 4E F1 29 D3 69 F4 3A 3D 0D F5 F2 C6 95 BD 51 33 E9 4E EA 31 1B CD A1 DF 1B CD 41 3C CD 9A 8D EF F2 67 0C D1 BD 1B C9 D9 1F F0 67 00 EA 0D 19 B7 CB CE 26 49 CF D1 5D C4 61 27 17 49 BE A0 7A A3 9D 81 D9 6E 6D 92 34 26 53 A6 BE B2 CD 32 7F 97 7A 9B 9F A4 3F 50 25 EE B4 21 2A 05 7E 9B B5 49 D2 02 39 B9 0D 9F 70 A2 A1 CD 33 EA 8A 71 45 6F 73 87 CC 5B DE D9 3A F9 97 D4 AB 70 CB B6 06 A6 D3 DB 14 C9 9C A7 BE B3 CD 6F 9C 6E B8 37 E2 95 D9 A6 3D DA 1C F8 4D DE A6 8B DC 18 F5 0D 67 FD 19 1F B9 62 2C DC E2 8E C0 75 78 9B 27 DC E7 33 EF 54 FD DE BC 23 79 3B 6A 0F 79 EC 4D 7A 98 DF A3 7E 91 5E C3 45 DB 37 49 FF 40 FD 1E 63 DB BC C5 20 DD 5B D4 2A 4F A0 4E AF 42 BD 41 E3 0A 4E CB FF ED 0D D3 59 5C 75 7A 16 EA B5 1A 97 F7 36 59 32 72 53 5E 87 5F E9 9A 9F CB 32 D4 93 2C 6B 7C CE DF 74 84 EE 04 6E F8 9B 4E 40 3C CD D7 7B 93 01 E6 EF 99 2C E1 A6 37 59 82 7A 03 C6 B5 F8 9E 2F E9 4E 42 DE 69 26 EC 39 09 F1 34 BF FF 9F E3 3F B7 0C 49 ED FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 55 CC 77 33 9A 01 00 00 97 6B 00 80 01 00 3C 21
Decompressed
Code:
69 63 6F 6E 5F 75 69 5F 62 61 72 72 69 65 72 5F 62 75 74 74 6F 6E 5F 75 70 5F 42 69 74 6D 61 70 00 00 00 00 00 00 00 00 00 00 00 00 1A 05 00 00 81 10 78 00 23 00 00 00 00 00 00 00 50 00 00 00 39 00 00 00 00 00 03 80 DF FF 3D 00 9E F7 41 00 9E F7 41 00 DF FF 3D 00 39 00 00 00 00 00 37 00 00 00 00 00 07 80 DF FF 3F 00 DF FF 82 FF DF FF F7 FF 9E F7 FF FF 9E F7 FF FF 9E F7 F7 FF 9E F7 82 FF DF FF 3F 00 37 00 00 00 00 00 34 00 00 00 00 00 03 80 DF FF 03 00 DF FF 0C 00 DF FF C3 FF 9E F7 E0 FF 05 00 9E F7 FF FF 03 80 9E F7 E0 FF DF FF C3 FF DF FF 0C 00 DF FF 03 00 34 00 00 00 00 00 32 00 00 00 00 00 02 80 DF FF 09 00 DF FF 47 00 DF FF B2 FF 0B 00 9E F7 FF FF 02 80 DF FF B2 FF DF FF 47 00 DF FF 09 00 32 00 00 00 00 00 31 00 00 00 00 00 02 80 DF FF 5C 00 9E F7 97 FF DF FF FF FF 0E 00 9E F7 FF FF 01 80 9E F7 97 FF DF FF 5C 00 31 00 00 00 00 00 2E 00 00 00 00 00 03 80 DF FF 08 00 DF FF 36 00 DF FF C9 FF 9E F7 ED FF 11 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF C9 FF DF FF 36 00 DF FF 08 00 2E 00 00 00 00 00 2C 00 00 00 00 00 02 80 DF FF 19 00 DF FF 4C 00 DF FF D7 FF 17 00 9E F7 FF FF 02 80 DF FF D7 FF DF FF 4C 00 DF FF 19 00 2C 00 00 00 00 00 2B 00 00 00 00 00 01 80 DF FF 7B 00 9E F7 B2 FF 1B 00 9E F7 FF FF 01 80 9E F7 B2 FF DF FF 7B 00 2B 00 00 00 00 00 28 00 00 00 00 00 03 80 DF FF 10 00 DF FF 60 00 DF FF CE FF 9E F7 F9 FF 1D 00 9E F7 FF FF 03 80 9E F7 F9 FF DF FF CE FF DF FF 60 00 DF FF 10 00 28 00 00 00 00 00 26 00 00 00 00 00 02 80 DF FF 2A 00 DF FF 51 00 DF FF F9 FF 23 00 9E F7 FF FF 02 80 DF FF F9 FF DF FF 51 00 DF FF 2A 00 26 00 00 00 00 00 24 00 00 00 00 00 02 80 DF FF 09 00 DF FF 92 FF DF FF CA FF 27 00 9E F7 FF FF 02 80 DF FF CA FF DF FF 92 FF DF FF 09 00 24 00 00 00 00 00 21 00 00 00 00 00 03 80 DF FF 04 00 DF FF 16 00 DF FF 8A FF 9E F7 D6 FF 2B 00 9E F7 FF FF 03 80 9E F7 D6 FF DF FF 8A FF DF FF 16 00 DF FF 04 00 21 00 00 00 00 00 20 00 00 00 00 00 02 80 DF FF 3E 00 DF FF 72 00 DF FF FF FF 2F 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 72 00 DF FF 3E 00 20 00 00 00 00 00 1F 00 00 00 00 00 01 80 9E F7 4A 00 DF FF E1 FF 33 00 9E F7 FF FF 02 80 DF FF E1 FF DF FF 98 FF DF FF 27 00 1E 00 00 00 00 00 1C 00 00 00 00 00 03 80 9E F7 10 00 9E F7 21 00 9E F7 D9 FF 9E F7 EB FF 36 00 9E F7 FF FF 03 80 9E F7 E3 FF DF FF B4 FF DF FF 1B 00 DF FF 0A 00 1B 00 00 00 00 00 1A 00 00 00 00 00 02 80 9E F7 0C 00 9E F7 5C 00 9E F7 BB FF 3B 00 9E F7 FF FF 02 80 DF FF FF FF DF FF 96 FF DF FF 53 00 1A 00 00 00 00 00 19 00 00 00 00 00 01 80 9E F7 6B 00 9E F7 AA FF 3F 00 9E F7 FF FF 02 80 DF FF F6 FF DF FF 9D FF DF FF 47 00 18 00 00 00 00 00 16 00 00 00 00 00 03 80 9E F7 19 00 9E F7 4B 00 9E F7 DE FF 9E F7 F4 FF 42 00 9E F7 FF FF 03 80 9E F7 ED FF DF FF DE FF 9E F7 21 00 DF FF 12 00 15 00 00 00 00 00 14 00 00 00 00 00 02 80 9E F7 20 00 9E F7 62 00 9E F7 DB FF 48 00 9E F7 FF FF 02 80 DF FF B8 FF DF FF 62 00 DF FF 09 00 13 00 00 00 00 00 13 00 00 00 00 00 01 80 9E F7 8E FF 9E F7 C1 FF 4C 00 9E F7 FF FF 01 80 9E F7 AC FF DF FF 69 00 12 00 00 00 00 00 10 00 00 00 00 00 03 80 9E F7 25 00 9E F7 76 00 9E F7 E4 FF 9E F7 FB FF 4E 00 9E F7 FF FF 02 80 9E F7 F5 FF 9E F7 76 00 9E F7 25 00 10 00 00 00 00 00 0E 00 00 00 00 00 02 80 9E F7 35 00 9E F7 67 00 9E F7 FA FF 53 00 9E F7 FF FF 02 80 9E F7 FA FF 9E F7 67 00 9E F7 35 00 0E 00 00 00 00 00 0C 00 00 00 00 00 02 80 9E F7 0B 00 9E F7 A8 FF 9E F7 D5 FF 57 00 9E F7 FF FF 02 80 9E F7 D5 FF 9E F7 A8 FF 9E F7 0B 00 0C 00 00 00 00 00 09 00 00 00 00 00 03 80 9E F7 07 00 9E F7 2B 00 9E F7 A0 FF 9E F7 EB FF 5B 00 9E F7 FF FF 03 80 9E F7 EB FF 9E F7 A0 FF 9E F7 2B 00 9E F7 07 00 09 00 00 00 00 00 08 00 00 00 00 00 01 80 9E F7 4D 00 9E F7 84 FF 61 00 9E F7 FF FF 01 80 9E F7 84 FF 9E F7 4D 00 08 00 00 00 00 00 06 00 00 00 00 00 02 80 9E F7 2D 00 9E F7 AE FF 9E F7 E7 FF 63 00 9E F7 FF FF 02 80 9E F7 E7 FF 9E F7 AE FF 9E F7 2D 00 06 00 00 00 00 00 05 00 00 00 00 00 01 80 9E F7 99 FF 9E F7 C2 FF 67 00 9E F7 CE FF 01 80 9E F7 C2 FF 9E F7 99 FF 05 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00 77 00 00 00 00 00
Reply With Quote
  #2  
Old 08-01-2021, 08:26
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 619
Rept. Given: 18
Rept. Rcvd 41 Times in 25 Posts
Thanks Given: 569
Thanks Rcvd at 927 Times in 423 Posts
chants Reputation: 41
If you convert the ascii characters at the start you find: "icon_ui_barrier_button_up_Bitmap". Could be a custom encoded file format. You have to look for usual things like tags or width and height maybe computed based on data size, see where pixel data starts etc. Best is to disassemble the firmware and see how it parses it
Reply With Quote
  #3  
Old 08-01-2021, 20:13
carver carver is offline
Friend
 
Join Date: Jan 2005
Location: Nauru
Posts: 14
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 3
Thanks Rcvd at 3 Times in 3 Posts
carver Reputation: 2
looks like a regular RAW picture.
just find a larger image, not a small icon,

it will become clearer which header size need to cut off,
as well as picture format, 24bit RGB variant,
or some variant of 16bit 5:6:5
Reply With Quote
The Following User Says Thank You to carver For This Useful Post:
niculaita (08-02-2021)
  #4  
Old 08-02-2021, 05:03
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Côte d'Ivoire
Posts: 330
Rept. Given: 13
Rept. Rcvd 92 Times in 37 Posts
Thanks Given: 5
Thanks Rcvd at 242 Times in 92 Posts
DARKER Reputation: 93
If it's common picture then it looks like it miss bitmap header or it's just some raw image (as is mentioned up).
Extracted data looks like bmp/ico type with size ~16x16 pixels and 256 colors (guess just by size, but it can be anything when you combine height, width and color depth)

Maybe it's better find in application exact image and then compare real data with extracted one.

Last edited by DARKER; 08-02-2021 at 15:19.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 00:12.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )