SplashTop resources
- Hacking ExpressGate (Asus Splashtop) (Phoronix)
- Splashtop on USB stick (Phoronix)
- Asus ExpressGate SSD Hacking (SierraSoftworks)
DFI image file format:
48-byte header
- 16-char string: _DeviceVM Inc._\0
- 8-char datestamp
- 8 bytes unknown
- 16 bytes unknown
- MBR-partitioned disk image
- FAT16 filesystem
CE.CEX format:
Weird. Looks like a debian archive, but it's not. More specifically, it appears to be a debian archive header that's been overwritten with other values in certain places:
64-byte header with overwrite at 0x10-0x13 and 0x30-0x37, with the actual data payload starting at 0x40 instead of 0x44
0x10-0x13 contains the hex value '27 5b c9 47', or '[EG in ascii
The useful bits are at offset 0x30-0x37, two little-endian encoded int32 sizes (including headers), representing the sizes of the two chunks in the file:
First chunk is a 64-byte header (since it includes the file header) and a tar.gz
Second chunk is an empty debian archive.