Analyze recovery.bin and recoveryfs.bin

[l05r]

I took a look to the files

http://recovery.gigaset-elements.de/recoveryfs.bin
http://recovery.gigaset-elements.de/recovery.bin

at the time of download https was not available on those urls and I needed to use http. Now the download is no longer available. If anyone needs the files for further analysis I am happy to provide them.

recoveryfs.bin seems to contain a empty JFS2 filesystem. This aligns with https://www.av-test.org/fileadmin/pdf/publications/avtest_2014-04_smart_home_deutsch.pdf#25.

recovery.bin can be extracted using binwalk.
it contains some interesting scripts in /etc/init.d/,
-rwxr-xr-x 1 root root 1110 Jan 1 1970 S10mountall.sh*
-rwxr-xr-x 1 root root 387 Jan 1 1970 S11factory.sh*
-rwxr-xr-x 1 root root 656 Jan 1 1970 S11logging.sh*
-rwxr-xr-x 1 root root 282 Jan 1 1970 S12leds.sh*
-rwxr-xr-x 1 root root 468 Jan 1 1970 S13entropy.sh*
-rwxr-xr-x 1 root root 719 Jan 1 1970 S15features.sh*
-rwxr-xr-x 1 root root 56 Jan 1 1970 S30hostname.sh*
-rwxr-xr-x 1 root root 231 Jan 1 1970 S31loopback.sh*
-rwxr-xr-x 1 root root 235 Jan 1 1970 S33iplugd.sh*
-rwxr-xr-x 1 root root 170 Jan 1 1970 S33ntp.sh*
-rwxr-xr-x 1 root root 270 Jan 1 1970 S34postupdate.sh*
-rwxr-xr-x 1 root root 4966 Jan 1 1970 S35dectdata.sh*
-rwxr-xr-x 1 root root 2541 Jan 1 1970 S36sysctl.sh*
-rwxr-xr-x 1 root root 193 Jan 1 1970 S37inetd.sh*
-rwxr-xr-x 1 root root 32 Jan 1 1970 S39date.sh*
-rwxr-xr-x 1 root root 1808 Jan 1 1970 S40reef.sh*
-rwxr-xr-x 1 root root 179 Jan 1 1970 S60private.sh*

It also makes mention of REEF and REEF basestation multiple times. It even sets the hostname to reefbs (S30hostname.sh) What is REEF?

there are some other interesting scripts scattered throughout the file system like nvs_backup.sh in /usr/bin

Then there is /usr/bin/set_env.sh
set_env.txt

it mentions staging and internal urls.

/lib/modules/2.6.19-uc1reef/kernel/drivers/dect contains rtxdect452.ko