惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
O
OpenAI News
S
Secure Thoughts
H
Heimdal Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Schneier on Security
Schneier on Security
H
Hacker News: Front Page
S
Security Affairs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Vercel News
Vercel News
Microsoft Security Blog
Microsoft Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
The Register - Security
The Register - Security
GbyAI
GbyAI
Cloudbric
Cloudbric
MongoDB | Blog
MongoDB | Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Forbes - Security
Forbes - Security
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Scott Helme
Scott Helme
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
Recorded Future
Recorded Future
人人都是产品经理
人人都是产品经理
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Webroot Blog
Webroot Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
L
LangChain Blog
T
Tor Project blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园_首页
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
V
V2EX
T
Tailwind CSS Blog
SecWiki News
SecWiki News
NISL@THU
NISL@THU
C
Check Point Blog

鱼雨昱

以彼之矛-攻彼之盾:通过伪造运行环境无损解压RedBendEFDPackage固件包 松下 Let's Note RZ5 侧边无线物理开关在Linux下的复活指南 全站升级:正式全面启用 HTTP/3(QUIC)和IPv6 日机拾贝之富士通Felica锁定的强制解除 新sdat2img Yuu Web Synth Engine Web Office Toolbox(WOT) 基于决策树和线性回归模型以优化深度优先搜索(DFS)性能 PyPianoCatSongDataExtractor
索尼电脑恢复镜像中MOD文件的处理
2024-12-18 · via 鱼雨昱

今天帮朋友在分析索尼电脑的恢复镜像,其使用一种奇怪的MOD格式作为存储设备驱动和附带软件的格式。
有些MOD文件用HEX编辑器打开可以看到一些明文,有些甚至可以使用7z打开看到目录结构,但是解压时候却提示是损坏的CAB格式。
所以针对恢复盘镜像中的安装器做了些许逆向,一开始依据代码和字符串找到的是一个很复杂的基于"Sony Corporation"字符串的XOR算法,但是写了个小工具把算法利用到MOD文件上后反而导致其彻底打不开了。

一时间想到了放弃,但是准备放弃之前,鼠标往下一滑动,发现MOD文件的尾部都有WIM信息,突然灵光乍现想到这不会是改了MAGIC的WIM镜像吧?接着尝试替换掉了文件最前面的16字节,果然都可以完整解压和打开了。

以下就是更为方便的Python代码,其支持直接对恢复盘中的data目录进行遍历恢复,可将所有mod文件恢复为正常的wim文件。

代码

import os
import argparse

SIGNATURE = b"oratdnn"
PATCH = b"MSWIM\x00\x00\x00\xd0\x00\x00\x00\x00\r\x01\x00"

def process_file(file_path):
    with open(file_path, 'rb') as f:
        file_header = f.read(16)
        remaining_data = f.read()
    
    if SIGNATURE in file_header:
        print(f"Detected!! {file_path}")
        
        with open(file_path, 'wb') as f:
            f.write(PATCH)
            f.write(remaining_data)
        
        new_file_path = file_path.replace(".mod", ".wim")
        os.rename(file_path, new_file_path)
        
        print(f"Patched!! {file_path} -> {new_file_path}")
        return True
    else:
        print(f"Skipped!! {file_path} (no matching header)")
        return False

def traverse_directory(directory):
    for root, _, files in os.walk(directory):
        for filename in files:
            file_path = os.path.join(root, filename)
            
            if filename.endswith(".mod"):
                process_file(file_path)

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="SONY Recovery MODule File Patching Tool")
    parser.add_argument("directory", type=str, help="Path to data folder")
    args = parser.parse_args()
    
    traverse_directory(args.directory)