wrong extraction command for AVM SquashFS v4 big-endian

Question

wrong extraction command for AVM SquashFS v4 big-endian

qkaiser opened this issue 2 years ago · 1 comments

When faced with a SquashFS v4 big-endian filesystem, unblob will attempt to run the following command:

sasquatch-v4be -be -no-exit-code -f -d ${outdir} ${inpath}

This triggers an exception:

Reading a different endian SQUASHFS filesystem on ${inpath}
read_id_table: failed to read id table block
FATAL ERROR: File system corruption detected

This is due to the presence of the '-be' operator, as it works without it:

sasquatch-v4be -no-exit-code -d ${outdir} -f ${inpath}
SquashFS version [1024.0] / inode count [-2111373312] suggests a SquashFS image of a different endianess
Trying to decompress using default xz decompressor...
Successfully decompressed with default xz decompressor
Parallel unsquashfs: Using 1 processor
9586 inodes (10853 blocks) to write
--snip--
created 8896 files
created 528 directories
created 689 symlinks
created 0 devices
created 0 fifos
created 0 sockets

Answer 1 · 2022-09-27T08:53:04.000Z

This only happens with SquashFS samples from AVM.

I'd recommend we catch that by exploiting this tweak from AVM:

super-block field 'mkfs_time' contains (instead of the filesystem creation time) the same value as the super-block field 'bytes_used'

Source: https://raw.githubusercontent.com/Freetz/freetz/master/tools/make/squashfs4-host-be/AVM-BE-format.txt

If AVM, run sasquatchv4-be without -be option switch.