系统: ubuntu 16.04
解压镜像:/boot/initrd.img-4.15.0-107-generic
需要额外安装的工具:sudo apt-get install binwalk -y
- 使用lsinitramfs工具查看initramfs的具体文件
lsinitramfs /boot/initrd.img-4.15.0-107-generic- 使用binwalk查看initramfs内包含的格式
binwalk /boot/initrd.img-4.15.0-107-generic
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ASCII cpio archive (SVR4 with no CRC), file name: ".", file name length: "0x00000002", file size: "0x00000000"
112 0x70 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
232 0xE8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
356 0x164 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
488 0x1E8 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/AuthenticAMD.bin", file name length: "0x00000026", file size: "0x00006B2A"
28072 0x6DA8 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
28672 0x7000 ASCII cpio archive (SVR4 with no CRC), file name: "kernel", file name length: "0x00000007", file size: "0x00000000"
28792 0x7078 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86", file name length: "0x0000000B", file size: "0x00000000"
28916 0x70F4 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode", file name length: "0x00000015", file size: "0x00000000"
29048 0x7178 ASCII cpio archive (SVR4 with no CRC), file name: "kernel/x86/microcode/GenuineIntel.bin", file name length: "0x0000002A", file size: "0x002DD400"
3032592 0x2E4610 ASCII cpio archive (SVR4 with no CRC), file name: "TRAILER!!!", file name length: "0x0000000B", file size: "0x00000000"
3033088 0x2E4800 gzip compressed data, from Unix, last modified: 2020-07-06 05:10:31
46149573 0x2C02FC5 Cisco IOS microcode, for ""
56593448 0x35F8C28 MySQL ISAM compressed data file Version 11从上面可以看出,再3033088处开始,是gzip压缩格式的数据,从这是initramfs中的文件系统。
3. 解压
dd if=/boot/initrd.img-4.15.0-107-generic bs=3033088 skip=1 | zcat | cpio -id --no-absolute-filenames -vbin conf etc init lib lib64 run sbin scripts usr varinitrd使用lzma压缩的。那么解压时候就不能用zcat命令了。应该使用如下命令:
dd if=/mnt/casper/initrd bs=1540096 skip=1 | lzcat | cpio -id --no-absolute-filenames -v
lzcat=xz --format=lzma --decompress --stdout- 压缩
find . | cpio --quiet --dereference -o -H newc | gzip -9 > ~/new-initrd.gz或
find . | cpio --quiet --dereference -o -H newc | lzma -7 > ~/new-initrd.lz参考:
https://www.computerhope.com/unix/xz.htm
https://askubuntu.com/questions/777260/how-to-repack-initrd-img
https://wiki.ubuntu.com/CustomizeLiveInitrd
