簡單總結(jié)
1) 最初的執(zhí)行是從地址0xbfc00000開始的 我們可以通過下面操作來驗證:
atgobfc00000
BootbaseVersion: VTC_SPI1.26 | 2012/12/2616:00:00
RAM: Size= 8192 Kbytes
Found SPIFlash 2MiB Winbond W25Q16 at 0xbfc00000
SPI FlashQuad Enable
Turn offQuad Mode
RASVersion: 1.0.0 Build 121121 Rel.08870
System ID: $2.12.58.23(G04.BZ.4)3.20.7.020120518_V003 | 2012/05/18
Press anykey to enter debug mode within 3 seconds.
.........
EnterDebug Mode
2) zynosbootloader 從地址0×80000000開始的�。在執(zhí)行的前一階段它會解包和解壓�。如下所示,這并不完全是在ras固件的0x14C33鏡像
cawan$binwalk ras
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
61315 0xEF83 ZyXEL rom-0 configuration block,name: "dbgarea", ...
61564 0xF07C ZyXEL rom-0 configuration block, name:"dbgarea", ...
85043 0x14C33 LZMA compressed data, properties: 0x5D...
118036 0x1CD14 Unix path: /usr/share/tabset/vt100:
118804 0x1D014 ZyXEL rom-0 configuration block, name:"spt.dat", ...
118824 0x1D028 ZyXEL rom-0 configuration block, name:"autoexec.net", ...
128002 0x1F402 GIF image data, version"89a", 200 x 50
136194 0x21402 GIF image data, version"89a", 560 x 50
244317 0x3BA5D Neighborly text, "neighbor ofyour ADSL Router that ...
281224 0x44A88 Unix path: /I/J/L/M
328173 0x501ED Copyright string: "Copyright (c)2001 - 2012 TP-LINK ...
350259 0x55833 LZMA compressed data, properties:0x5D, ...
415795 0x65833 LZMA compressed data, properties:0x5D, ...
