Updating a single file in a CPIO archive

Question

I have a CPIO archive with the Linux image on it. With binwalk I can see that there are the following chunks:

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
120           0x78            ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
244           0xF4            ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
376           0x178           ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/.enuineIntel.align.0123456789abc", file name length: "0x00000036", file size: "0x00000000"
540           0x21C           ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x00000026", file size: "0x001A3800"
1718960       0x1A3AB0        ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
1719296       0x1A3C00        gzip compressed data, NULL date (1970-01-01 00:00:00)
32277012      0x1EC8214       Zlib compressed data, default compression
70217888      0x42F70A0       Unix path: /usr/local/go/src/runtime/runtime-gdb.py
85577309      0x519CE5D       MySQL MISAM compressed data file Version 3
96044561      0x5B98611       Unix path: /usr/local/go/src/runtime/runtime-gdb.py
100702073     0x6009779       Zlib compressed data, default compression
106454594     0x6585E42       MySQL MISAM compressed data file Version 7
110250207     0x69248DF       Unix path: /usr/local/go/src/runtime/runtime-gdb.py
115809787     0x6E71DFB       Unix path: /usr/local/go/src/runtime/runtime-gdb.py

I need to extract the the gzipped one:

1719296       0x1A3C00        gzip compressed data, NULL date (1970-01-01 00:00:00)

and replace a single binary file within it, then repack the image.

That gzipped content is another CPIO image.

What is the best/easiest way of doing that?

score 0 · Answer 1 · answered Dec 04 '22 at 16:22

The other answer to this question is incomplete, since it only describes how to extract a single file from a cpio archive.

It appears to me that cpio archives cannot be modified in-place, so you would have to extract and then create a new one:

mkdir tmp && pushd tmp
cpio -idm < ../archive.cpio
find . | cpio -o > ../archive-new.cpio
popd && rm -Rf tmp

If you care about file ownership, you would probably want to run these commands as root.

Since you are using binwalk you might be interested in the archive file format if you really want to make a surgical replacement without disturbing other entries.

This question probably would have been better on the Unix & Linux StackExchange.

score 0 · Answer 2 · edited Dec 04 '22 at 16:35

0

the command you search for is

cpio -id 'TRAILER!!!' < archive.cpio

You may not need -d as file is located in to the root path For more information you can check this Q/A

edited Dec 04 '22 at 16:35

rgov

135
9

answered Jun 04 '19 at 15:26

Romeo Ninov

5,263
4
20
26

Updating a single file in a CPIO archive

2 Answers2