Knowledgebase:
How to Extract Kernel Files for Windows OS users (Root Engine)
Posted by , Last modified by on 11 April 2019 08:37 AM
To use ROP/JOP technologies, you must have a raw kernel file extracted from the firmware. The firmware must match the particular device and, as a rule, can be found in the trusted sources on the Internet.

For successful extraction of a kernel file, you will need the following:
1. Python 3.x.

2. Perl
3. 7-ZIP file archiver
4. Perl script (https://gist.github.com/jberkel/1087743)
5. binwalk (https://github.com/ReFirmLabs/binwalk)
6. busybox (https://frippery.org/files/busybox/busybox.exe)

Note: After downloading, the Perl script and the busybox tool should be copied to the folder with the boot.img file.

To get the uncompressed kernel file, do the following:
1. On the Internet, find an archive with the firmware file, download it, and unpack it using a corresponding archive extract utility.

2. The archive contains the boot.img file required for extracting the raw kernel file. Copy the boot.img file to a separate folder.
3. In the Command Prompt, unpack the boot.img file using the Perl script:

split_bootimg.pl boot.img

4. As a result, you get the boot.img-kernel file.
5. Analyze the boot.img-kernel file to find out if it is compressed or uncompressed. To analyze the boot.img-kernel file, you can use the binwalk tool:

python.exe Scripts\binwalk "<path to the folder with boot.img-kernel>\boot.img-kernel"



6. The boot.img-kernel file is uncompressed.
7. Select the boot.img-kernel file on the Linux kernel file for ROP/JOP technology page of the Root Engine wizard.


To get the compressed kernel file, do the following:
1. On the Internet, find an archive with the firmware file, download it, and unpack it using a corresponding archive extract utility.

2. The archive contains the boot.img file required for extracting the raw kernel file. Copy the boot.img file to a separate folder.
3. In the Command Prompt, unpack the boot.img file using the Perl script:

split_bootimg.pl boot.img

4. As a result, you get the boot.img-kernel file.
5. Analyze it to find out if it is compressed or uncompressed. To analyze the boot.img-kernel file, you can use the binwalk tool:


6. The boot.img-kernel file is compressed with offset 16351.
7. Extract the file with offset, using the busybox tool:

busybox dd if=boot.img-kernel bs=1 skip=16351 > boot.img-kernel.raw

8. The file with offset is extracted.
9. Unpack the boot.img-kernel.raw file using the 7-ZIP file archiver.
10. As a result, you get the uncompressed file which can be selected on the Linux kernel file for ROP/JOP technology page of the Root Engine wizard.
(0 vote(s))
Helpful
Not helpful

Comments (0)