The SD card capacity is 4 GB but from the mount point shown below we found only 120 MB is claimed, which implies the rest of the space is occupied in a non-standard, proprietary way.
$ dmesg | grep sdb
[509.440609] sd 6:0:0:0: [sdb] 7759872 512-byte logical blocks: (3.97 GB/3.70 GiB)
[509.441822] sd 6:0:0:0: [sdb] Write Protect is on
$ df -Th /media/DR_DISK
[509.440609] sd 6:0:0:0: [sdb] 7759872 512-byte logical blocks: (3.97 GB/3.70 GiB)
[509.441822] sd 6:0:0:0: [sdb] Write Protect is on
$ df -Th /media/DR_DISK
Filesystem Type Size Used Avail Use% Mounted on
/dev/sdb vfat 120M 816K 120M 1% /media/DR_DISK
First of all, we dumped every single bit from within the SD card (/dev/sdb in our case) to our local hard drive, say dump.dat, for analysis by running:
$ sudo dd if=/dev/sdb of=dump.dat
As expected, almost 3.8 GB of image was dumped with file information below:
$ file dump.dat
dump.dat:
x86 boot sector, code offset 0x3c, OEM-ID "S&Q TECH",
sectors/cluster 32, root entries 512, Media descriptor 0xf8, sectors/FAT
30, heads 255, sectors 7759872 (volumes > 32 MB) , reserved 0x1,
serial number 0x0, label: "SQFSFATDISK", FAT (16 bit)
From the exported file of FlyVision GUI, we can see the file extension used is .AVI, which was actually defined in RIFF specification designed by Microsoft. In the hex-mode editor, luckily we found the file magic number - the string "RIFF" (w/o quotes). A brief version of RIFF spec follows:
offset size description
-----------------------------------------
0x0000 4 magic "RIFF"
0x0004 4 size of data that follows, N
0x0008 N N-byte data
Further analysis showed all the .AVI files were stored continuously, therefore it's very likely we could extract the files from the big chunk without too much hassle. The original video file names were also seen not far from the first .AVI file magic pointer, but for code simplicity we discarded this information and use our own naming convention - extracted-###.avi.
08078000 50 49 43 54 30 30 30 31 41 56 49 20 00 00 00 00 PICT0001AVI ....
08078010 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 08 ................
08078020 50 49 43 54 30 30 30 32 41 56 49 20 00 00 00 00 PICT0002AVI ....
08078030 00 00 00 00 00 00 00 00 00 00 03 10 00 00 00 08 ................
08078040 50 49 43 54 30 30 30 33 41 56 49 20 00 00 00 00 PICT0003AVI ....
08078050 00 00 00 00 00 00 00 00 00 00 03 20 00 00 00 08 ........... ....
08078060 50 49 43 54 30 30 30 34 41 56 49 20 00 00 00 00 PICT0004AVI ....
:
:
:
08080000 52 49 46 46 F8 FF FF 07 41 56 49 20 4C 49 53 54 RIFF....AVI LIST
08080010 E0 01 00 00 68 64 72 6C 61 76 69 68 38 00 00 00 ....hdrlavih8...
08080020 35 82 00 00 00 00 00 00 00 00 00 00 10 00 00 00 5...............
08080030 F1 0D 00 00 00 00 00 00 02 00 00 00 00 40 1C 00 .............@..
08080040 00 05 00 00 E0 01 00 00 00 00 00 00 00 00 00 00 ................
08080050 00 00 00 00 00 00 00 00 4C 49 53 54 04 01 00 00 ........LIST....
08080060 73 74 72 6C 73 74 72 68 38 00 00 00 76 69 64 73 strlstrh8...vids
With some tests and tuning, we came up with a one-liner which extracts all .AVI files found in the image dumped.
$ grep -aboP "RIFF....AVI" dump.dat | perl -ne 'if (/(\d+):RIFF(....)/){ system "hexdump -s $1 -v -e " . qq("/1 \\"%c\\"" -n ) . (8+unpack("V", $2))." dump.dat > extracted-". sprintf("%03d",++$i) . ".avi"; }'
Few minutes later, 28 .AVI files with total size of 36 GB were successfully extracted. Mission complete.
$ ls -l extracted-02*.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:52 extracted-020.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:52 extracted-021.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:52 extracted-022.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:53 extracted-023.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:53 extracted-024.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:53 extracted-025.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:54 extracted-026.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:54 extracted-027.avi
-rw-r--r-- 1 almond almond 134217728 2012-05-05 14:54 extracted-028.avi
$ file extracted-016.avi
extracted-016.avi: RIFF (little-endian) data, AVI, 1280 x 480, 30.00 fps, video: Motion JPEG, audio: (mono, 16160 Hz)
Screenshots of video playback:
No comments:
Post a Comment