Difference between pages "Setting up a Flash Emulator" and "User:Grosbedo"
From Forensics Wiki
(Difference between pages)
|
|
| Line 1: |
Line 1: |
| − | Experiments with flash file system forensics can be done usefully using a flash emulator, such as the MTD device. This stores the "contents" of a simulated flash memory in a disk file. You can then use that disk file with JFFS2 or YAFFS. Follow these instructions.
| |
| | | | |
| − | First, you need to have MTD working. Use this:
| |
| − |
| |
| − | modprobe mtd jffs2 mtdram mtdchar mtdblock
| |
| − | cat /proc/mtd
| |
| − |
| |
| − | We will use the RAM MTD device, and then dump it into a file to get the results.
| |
| − |
| |
| − | ===JFFS2===
| |
| − |
| |
| − | (from http://wiki.openmoko.org/wiki/Userspace_root_image)
| |
| − |
| |
| − | <pre>
| |
| − | mkfs.jffs2 --pad=0x700000 -o rootfs.jffs2 -e 0x4000 -n -d/tmp/jffsroot/ # for GTA01?
| |
| − | mkfs.jffs2 --pad=0x700000 -o rootfs.jffs2 -e 0x20000 -n -d/tmp/jffsroot/ # for GTA02
| |
| − |
| |
| − | export loop=$(losetup -f)
| |
| − | losetup $loop <rootfs.jffs2>
| |
| − | modprobe block2mtd block2mtd=$loop,131072
| |
| − | modprobe jffs2
| |
| − | modprobe mtdblock
| |
| − | mkdir /mnt/jffs2
| |
| − | mount -t jffs2 -o ro /dev/mtdblock0 /mnt/jffs2
| |
| − | </pre>
| |
| − |
| |
| − | ===YAFFS===
| |
| − |
| |
| − | <pre>
| |
| − | flash_eraseall
| |
| − | mtd_debug write /dev/mtd1 0 16777216 /dev/zero
| |
| − | mount /dev/mtdblock1 /mnt/yaffs
| |
| − | do smoething
| |
| − | umount /mnt/yaffs
| |
| − | mtd_debug read /dev/mtd1 0 16777216 mtd-output # writes to the file mtd-output
| |
| − | </pre>
| |
Latest revision as of 16:28, 22 December 2010
