UPX unpacker: "Invalid block found" while unpacking UPXed ELF file

[jakubkroustek]

Hi,

I'm trying to unpack x64 ELF file with SHA256 hash f723f0a1e6910023b3f9a3bd2f0ae35f751a00c86c08819d2dc7b33b5bb2bc7f by using the retdec-unpacker, but I only get:

[UPX] Detected NRV2E unpacking stub based on signature & metadata.
[UPX] Started unpacking of file 'SAMPLE'.
[UPX] Unfiltering filter 0x0 with parameter 0.
[UPX] Unpacking block at file offset 0x1c4.
[UPX] Unfiltering filter 0x49 with parameter 67.
[UPX] Unpacking block at file offset 0x9a85f.
[ERROR] [UPX] Invalid block found.

Could you, please modify the unpacked if it is unpackable?

IMHO @thinkcz was able to unpack it by using the latest UPX for Linux, but I'm getting compressed data violation with upx 3.95.

Thank you!

[don1001]

IMHO you should not wast time on PE packers in this great project. This is just adding fat. The same with handling malformed PE files you will lose too much time and gain very little.

[s3rvac]

The same with handling malformed PE files you will lose too much time and gain very little.

This is off-topic, but please know that we need to be able to handle both valid and malformed PE files as we have our use cases for that. At the very least, retdec-fileinfo should not crash. Preferably though, retdec-fileinfo should detect that the input file is malformed.