lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]




On Sun, Jan 12, 2020 at 12:34 AM Rena <hyperhacker@gmail.com> wrote:
On Sat, Jan 11, 2020 at 4:32 PM Jeff Pohlmeyer <yetanothergeek@gmail.com> wrote:
>
>
>
> On Sat, Jan 11, 2020 at 2:52 PM Russell Haley <russ.haley@gmail.com> wrote:
>>
>> You could put it in onedrive or Google drive or box and share a public link‎? You could also upload it to a github repo..
>>
> Depending on the licensing restrictions it might be better to do it privately.
>
>  - Jeff
>
>

I've put it up here for now:
https://drive.google.com/file/d/1xE5C_4EXPVPROwTBSr4chB5dOsxNNuXj/view?usp=sharing
If anyone complains about licensing, I'll remove it. The archive
contains the SPI flash dump, RAM dump (using UART commands),
uncompressed firmware image (from inside the flash), and Python
(sorry!) script I used to decompress it.

The flash layout is:
000000 bootloader (after C230 is empty)
010000 A:\ (internal files)
090000 C:\ (user files from USB)
360000 LZO firmware image
3DAE93 empty space?
3DAFFC "SPMF", more empty space
3E0000 "JFS", settings.dat? (B:\), empty space
3F0000 copy of 3E0000? maybe default settings, not sure why here tho
400000 EOF
A:\ and C:\ are FAT images stored in flash (A is the most interesting,
C is exposed when you plug in the USB).

binwalk and strings didn't find a lot. The only instances of "Lua",
"lua", "LUA", "auL", "aul", and "AUL" (in case it were byteswapped)
are in debug messages and the single interesting one:
A:\?.lua;A:\?.lc;C:\?.lua;C:\?.lc;
I also didn't find the bytes 19 93 0D 0A 1A 0A which are present in
every compiled Lua bytecode file. (I checked raw flash and
uncompressed firmware.) So it really does seem like there's no more
trace of Lua itself left in here...

This firmware does support some kind of module system though, so I
wonder if I could inject a Lua module from another firmware of the
same chip?

--
Sent from my Game Boy.


If there is a Lua interpreter in there, it is probably compressed somewhere (or encrypted, but that wouldn't make a lot of sense I guess). Looking at the dumps alone, I couldn't find strings that you'd expect to find in a compiled Lua interpreter (like "__index"). However, given the fact that you were unable to make the "lua" command do anything useful, I think that your initial guess is probably corect and there isn't actually any Lua interpreter in the image.