- Joined
- Apr 26, 2002
- Posts
- 15,120
I picked up a game elf at Tmg last weekend. I've always been a bit curious about it and since it was cheap, I decided to take the plunge.
First thing I noticed was that it runs off of an SD card and appears to be running a highly customized Linux backend.
Being technically proficient in the area, I began working on figuring out exactly how this thing works. I dismounted the SD and imaged it.
Mounting it in a windows machine will give you nothing. There isn't a valid windows partition on it.
Performing some advanced analysis on it began to give me some results. Searching for hex code 55 aa is always a good place to start....
Well, it looks hack able. There is an old file system/partition that wasn't properly scrubbed from the card and there is plenty of file structure in unallocated space. I'll be reconstructing the content tomorrow via file carving and partition/FS rebuild. I can tell you that the partition is a Fat16 volume and has several gzips present.
It presents as a 50m volume initially which we know isn't correct. Without giving too much away, I think I've got that clocked as well. With any luck, I'll be able to get this thing fully mapped out and booting else shortly.
First thing I noticed was that it runs off of an SD card and appears to be running a highly customized Linux backend.
Being technically proficient in the area, I began working on figuring out exactly how this thing works. I dismounted the SD and imaged it.
Mounting it in a windows machine will give you nothing. There isn't a valid windows partition on it.
Performing some advanced analysis on it began to give me some results. Searching for hex code 55 aa is always a good place to start....
Well, it looks hack able. There is an old file system/partition that wasn't properly scrubbed from the card and there is plenty of file structure in unallocated space. I'll be reconstructing the content tomorrow via file carving and partition/FS rebuild. I can tell you that the partition is a Fat16 volume and has several gzips present.
It presents as a 50m volume initially which we know isn't correct. Without giving too much away, I think I've got that clocked as well. With any luck, I'll be able to get this thing fully mapped out and booting else shortly.