-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
squashfsv4 extraction incomplete on old dlink DIR firmwares #14
Comments
There is a discrepancy between squashfs-tools Specifically in handling lzma-adaptive compression. Output with 4.3:
Output with our fork on 4.5.1:
It looks like we introduced a regression when applying the sasquatch patches back to If anyone wants to dig into this, that's where I would start: https://github.com/onekey-sec/sasquatch/pull/12/commits Sadly a git bisect won't help us here because the entire sasquatch history is rebased on squashfs-tools |
The sample is properly extracted in branch |
We had a report that sasquatch did not extract filesystems compressed with LZMA adaptive properly (see onekey-sec/sasquatch#14). We thought it would be a good idea to fix it in sasquatch (see onekey-sec/sasquatch#15) but then figured out that there's a command line switch that we can use for that.
The sample available at https://ftp.dlink.de/dir/dir-655/driver_software/DIR-655_fw_revc_302b05_ALL_de_20141121.zip is fully extracted by unblob but the content of extracted file is not right.
Steps to reproduce the behavior:
Expected behavior
The file should not be empty. They should be valid ELF binaries.
This is the actual content as extracted by a compiled version of
unsquashfs
provided by dlink within their GPL archive:Environment information (please complete the following information):
ad81bc6
Additional context
This behavior is observable on Ubuntu 22.04LTS and Kali 2023.1 but not on Kali 2022.1, which seems to indicate a regression introduced either in
squashfs-tools
orsasquatch
.Initially reported by @m-1-k-3
The text was updated successfully, but these errors were encountered: