Useful Tools: Difference between revisions
Jump to navigation
Jump to search
Categorise the page |
m add kpartx ~Sarah |
||
| Line 1: | Line 1: | ||
== File System Manipulation == | == File System Manipulation == | ||
* [https://github.com/aaru-dps/Aaru Aaru] supports a fairly comprehensive collection of disk image, partition table, and file system formats, and is built with the Microsoft .NET Framework - builds exist, for several operating systems. | * [https://github.com/aaru-dps/Aaru Aaru] supports a fairly comprehensive collection of disk image, partition table, and file system formats, and is built with the Microsoft .NET Framework - builds exist, for several operating systems. | ||
* [https://linux.die.net/man/8/kpartx kpartx] is a fairly standard command to automatically create loop devices for whole disk images (assuming regular partition table types Linux can understand) | |||
== Archive Manipulation == | == Archive Manipulation == | ||
| Line 12: | Line 13: | ||
* BinWalk is extremely useful, for extracting files, and resources out of firmware images, executables, and file system structures | * BinWalk is extremely useful, for extracting files, and resources out of firmware images, executables, and file system structures | ||
== Binary reverse engineering == | == Binary reverse engineering == | ||
Revision as of 18:39, 23 January 2023
File System Manipulation
- Aaru supports a fairly comprehensive collection of disk image, partition table, and file system formats, and is built with the Microsoft .NET Framework - builds exist, for several operating systems.
- kpartx is a fairly standard command to automatically create loop devices for whole disk images (assuming regular partition table types Linux can understand)
Archive Manipulation
- 7-Zip supports the Windows Imaging format (
.WIM) disk images, with LZX compression, as used by Windows 8.1 - XADMaster supports a fairly comprehensive collection of compression, and archival formats, and can also expand some disk image formats - this seems to be the basis of the "unar" utility, provided for Ubuntu, and some other Linux distributions.
- unshield is a CLI tool, for unpacking various flavours of InstallShield archive
Firmware Image Extraction
- The RandomSHX utility, for Windows will extract the contents of some Motorola P2K (e.g. A835) "UNIX Generated SuperFile" firmware archives - this requires Windows, and does not work with UNC paths
- The
srecordpackage, under Ubuntu contains a utility, that can convert Motorola S-Record files, into plain binaries: (for examplesrec_cat C139_V1.0.03.E.m0 -Output C139_V1.0.03.E.bin -Binary
- BinWalk is extremely useful, for extracting files, and resources out of firmware images, executables, and file system structures
Binary reverse engineering
- Dependency Walker for understanding Windows program dependencies and what's used by the program, helpful for software archaeology.