Since our initial research focused on only one device, we will use these sizes. In particular, the page and OOB area sizes may change from one NAND flash device to another. The flash memory appears to be NAND flash with a page size of 0x800 bytes and 0x40 of out-of-band bytes per page:ĭifferent devices might have different types of non-volatile memory. Therefore the next stage of unpacking is to remove the redundant OOB. Unless we plan to use this file for writing directly to the flash (as well as for some internal calculations), we have no use for this data. The purpose of out-of-band data (also known as “spare area”) is storing ECC (Error Correction Code) and filesystem-dependent data.
These types of chips have designated areas for what is known as “out-of-band” (OOB) data. The interspersing of real data with seemingly “garbage” makes sense, as this is a raw flash image meant to be programmed onto a flash memory chip.
Here is the certificate area with the garbage data highlighted in green: If we look at the data carefully and try to understand what is going on, we can see that there are sequences of real data followed by short sequences of what appears to be unused data (i.e., garbage data). It looks “better”, but not quite perfect yet. the same area of certificate information from the previous post can be seen. The data looks more like plaintext, and human-readable strings can be recognized, but some of the strings are still broken. Flash out-of-band dataĪfter peeling-off the binary S-Record layer, it looks like our situation has improved. The path to enlightenment is almost as long as the path to HP firmware unpacking. We now have a raw flash image in our hands, but don’t get excited yet.
HP ILO 4 FIRMWARE UPDATE HOW TO
In the previous post we detailed how the S-record double-encoding works and how to decode it.
HP ILO 4 FIRMWARE UPDATE SERIES
The next parts of the series will be uploaded week by week as we write them. This post is the third of a four-part blog series documenting the different structures and stages of the firmware update. Part 3 - From NAND to RAM through sliding windowsĪndrey Zagrebin, Moshe Kol, Shlomi Oberman
0 kommentar(er)
