key error on opcode_map

[learncyber-co-il]

Hi! First of all allow me to thank you for this magnificant piece of software! Unfortunately, I stumbled upon an error while running it on lua bytecodes extracted from tp-link TL-R480T+v9 bin file. I followed your great guide at https://vovohelo.medium.com/unscrambling-lua-7bccb3d5660, but after the script finished building the opcode_map, it raised an error:

Patching file firmware.lua ...
Traceback (most recent call last):
  File "ulua.py", line 454, in <module>
    chunk = lc.parse(bytecode, opcode_map=opcode_map)
  File "ulua.py", line 260, in parse
    chunk, main=True, opcode_map=opcode_map)
  File "ulua.py", line 225, in decode_chunk
    chunk, main=False, opcode_map=opcode_map))
  File "ulua.py", line 178, in decode_chunk
    opcode = opcode_map[opcode]
KeyError: 8

Debug Printing opcode_map assured there is no '8' key:

{5: 5, 1: 1, 6: 6, 28: 28, 10: 10, 9: 9, 7: 7, 36: 36, 30: 30, 0: 0, 23: 23, 22: 22, 11: 11, 26: 26, 33: 33, 3: 3, 29: 29, 2: 2, 4: 4, 24: 24, 25: 25, 34: 34, 14: 14, 15: 15, 16: 16, 12: 12, 21: 21, 32: 32, 31: 31, 27: 27, 35: 35}

By the way, it seems like all opcodes were mapped to themselves. Am I wrong to assume that atleast some of them were supposed to be mapped to different ones?

I'd appericiate if you could have a look and advice. Many thanks in advance!

[bananabr]

Hey @learncyber-co-il, Thanks for the feedback :) Can you send me the Lua bytecode file?

[learncyber-co-il]

Hi @bananabr , thanks for your reply! Is it possible to send the file over email?

[bananabr]

Can you dm me on Twitter? @bananabr I don't want to disclose my email here.

[b4sh5i]

Patching file crypto.lua ...
Traceback (most recent call last):
  File "ulua.py", line 454, in <module>
    chunk = lc.parse(bytecode, opcode_map=opcode_map)
  File "ulua.py", line 260, in parse
    chunk, main=True, opcode_map=opcode_map)
  File "ulua.py", line 225, in decode_chunk
    chunk, main=False, opcode_map=opcode_map))
  File "ulua.py", line 178, in decode_chunk
    opcode = opcode_map[opcode]
KeyError: 22

i have same error. also am using tp-link firmware bin files.

[bananabr]

@b4sh5i,

You are getting a key error probably cause the built dictionary does not contain a map for byte 22. You either need more distinct files in your ref folder or to manually set a value for byte 22. Could you send me the samples you are working with?

[b4sh5i]

@bananabr can i send msg your twitter ? i can not send msg your account xD

[bananabr]

Hey @b4sh5i,

You should be able to msg me on Twitter now.

[b4sh5i]

@bananabr can i check my DM ?

[bananabr]

I can't see any message on my Twitter inbox. Are the Lua files you are using confidential? Can't you just upload it in Google Drive or something on share it here?

[rssample]

When analyzing the TP-Link router firmware, it is difficult to find the corresponding Lua file, and the results in the map are not completely correct. Is there any other way to solve this problem?

[francoataffarel]

@rssample any news?

[bananabr]

I never got the files to analyze the original case.

Here are some common problems you might face:

• Missing keys in the resulting map dictionary => You need more samples in your reference folder or setting the missing values statically
• One-to-one map (e.g., 1:1,2:2,...,n:n) => Either the original lua files are not using instruction swapping, or the reference folder uses the same swapping scheme. The reference folder should contain the open-source equivalents of the target files.
• Too many references/targets => I've run into some issues when there are too many files in either the target or the reference folder. Try targeting a few files at a time.

[bananabr]

I am closing this issue as the original complaints were addressed privately. If any other user has similar problems, feel free to post another issue providing me with the files required for testing.