sasquatch does not switch to the correct endianness
qkaiser opened this issue · 0 comments
qkaiser commented
Sasquatch does not switch to the correct endianness and needs it to be provided explicitly on some samples.
To Reproduce
Steps to reproduce the behavior:
- Download this sample from Netgear
- Launch unblob with command
unblob -v -e /tmp/out -f -k WNR3500Lv2-V1.2.0.40_40.0.80.zip - Go to extraction directory
- See that the squashfs filesystem was not extracted
sasquatch -no-exit-code -f -d /tmp/out/WNR3500Lv2-V1.2.0.40_40.0.80.zip_extract/WNR3500Lv2-V1.2.0.40_40.0.80.chk_extract/
kernel_extract/part1_extract/0-6053888.squashfs_v3_broadcom_extract /tmp/out/WNR3500Lv2-V1.2.0.40_40.0.80.zip_extract
/WNR3500Lv2-V1.2.0.40_40.0.80.chk_extract/kernel_extract/part1_extract/0-6053888.squashfs_v3_broadcom
SquashFS version [3.1] / inode count [1024] suggests a SquashFS image of a different endianess
Non-standard SquashFS Magic: 'shsq'
Reading a different endian SQUASHFS filesystem on /tmp/out/WNR3500Lv2-V1.2.0.40_40.0.80.zip_extract/
WNR3500Lv2-V1.2.0.40_40.0.80.chk_extract/kernel_extract/part1_extract/0-6053888.squashfs_v3_broadcom
FATAL ERROR: Block size or block_log too large. File system is corrupt.
Expected behavior
Unblob should detect the endianness and provide it explicitly to sasquatch (either -le or -be).
Additional context
Reported by @m-1-k-3 from EMBA and validated.