新型的initrd的解壓方法
最近在解決一個問題,需要解壓ubuntu的initrd來檢視啟動指令碼。
$ file /boot/initrd.img-4.15.0-32-generic
/boot/initrd.img-4.15.0-32-generic: ASCII cpio archive (SVR4 with no CRC)
$mkdir rootfs
$cd rootfs
$cpio -idvm < /boot/initrd.img-4.15.0-32-generic
$ tree
.
└── kernel
└── x86
└── microcode
└── AuthenticAMD.bin
3 directories, 1 file
奇怪,沒有根檔案的目錄和檔案,只有一個微碼的檔案。通過Google瞭解,目前的initrd方式有了變化。通過反覆的驗證,正確的步驟如下:
步驟一:可以通過lsinitramfs命名來檢視initrd含有的檔案
$lsinitramfs /boot/initrd.img-4.15.0-32-generic
…
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/amdgpu/amdgpu.ko
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/amd/lib/chash.ko
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/ast/ast.ko
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915
lib/modules/4.15.0-32-generic/kernel/drivers/gpu/drm/i915/i915.ko
^C
…..
$ binwalk /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000"
112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A"
28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
29212 0x721C ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x00170C00"
1539760 0x177EB0 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
通過binwalk能夠看到“ gzip compressed data,”的欄位,說明從1540096 位元組段開始是gzip壓縮的格式。從這開始是根檔案系統。之前的microcode的檔案。說明是microcode檔案和根檔案是壓縮到一起的檔案
$ binwalk -y gzip /boot/initrd.img-4.15.0-32-generic
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
1540096 0x178000 gzip compressed data, from Unix, last modified: 2018-08-21 22:23:29
這裡有個數字“1540096 ”,下面開始解壓檔案
$dd if=/boot/initrd.img-4.15.0-32-generic bs=1540096 skip=1 | zcat | cpio -id --no-absolute-filenames -v
$ls
bin conf etc init kernel lib lib64 run sbin scripts usr var
這裡有個注意的地方,如果binwalk顯示不都是gzip格式的。比如:
$ binwalk /mnt/casper/initrd
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000"
112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A"
28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x0000002A", file size: "0x00170C00"
1539600 0x177E10 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
1540096 0x178000 LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes
這個initrd使用lzma壓縮的。那麼解壓時候就不能用zcat命令了。應該使用如下命令:
dd if=/mnt/casper/initrd bs=1540096 skip=1 | lzcat | cpio -id --no-absolute-filenames -v
至此,解壓結束。