# Decrypt using XOR decrypted = xor_decrypt(data[4:], XOR_KEY)
What is an OZIP file? An OZIP file is a proprietary compressed image format used primarily by Android OEMs (like Asus, ZTE, and older Motorola devices) for firmware updates and system images. It is often an encrypted or transformed version of a standard EXT4, sparse image, or ZIP archive.
# Check magic if data[:4] != OZIP_MAGIC: raise ValueError("Not a valid OZIP file")
# The decrypted content is often a zip file or raw ext4 image # Try to detect ZIP header if decrypted[:2] == b'PK': output_zip = os.path.join(output_dir, 'extracted.zip') with open(output_zip, 'wb') as out: out.write(decrypted) print(f"[+] Extracted as ZIP: output_zip") # Attempt to unzip automatically import zipfile with zipfile.ZipFile(output_zip, 'r') as zip_ref: zip_ref.extractall(output_dir) print(f"[+] Unzipped contents to output_dir") else: # Assume it's an ext4 image output_img = os.path.join(output_dir, 'system.img') with open(output_img, 'wb') as out: out.write(decrypted) print(f"[+] Extracted as raw image: output_img") def extract_zte_ozip(input_path, output_dir): """Extract ZTE-specific OZIP (simpler header removal).""" with open(input_path, 'rb') as f: # ZTE OZIP has a 4-byte header 'ZTE\x00' then raw data header = f.read(4) if header != b'ZTE\x00': raise ValueError("Not a ZTE OZIP file") data = f.read()