Failed to read data with length of ....

[Cdivyam]

Describe the bug I get the following error when I try to read certain .asar files.

Error: Failed to read data with length of 1110852934

To Reproduce

electronegativity -i app.asar -o test.csv

electron/asar have reported a similar bug 5 years ago but no information https://github.com/electron/asar/issues/136

Stacktraces

Could not retrieve updated translations for the current locale
Could not retrieve updated translations for the current locale
Error: Failed to read data with length of 1110852934
    at PickleIterator.getReadPayloadOffsetAndAdvance (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\chromium-pickle-js\lib\pickle.js:74:13)
    at PickleIterator.readBytes (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\chromium-pickle-js\lib\pickle.js:63:34)
    at PickleIterator.readString (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\chromium-pickle-js\lib\pickle.js:59:17)
    at module.exports.readArchiveHeaderSync (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\@electron\asar\lib\disk.js:78:48)
    at module.exports.readFilesystemSync (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\@electron\asar\lib\disk.js:84:25)
    at module.exports.listPackage (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\node_modules\@electron\asar\lib\asar.js:165:15)
    at LoaderAsar.load (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\dist\loader\loader_asar.js:55:43)
    at run (C:\Users\test\AppData\Roaming\npm\node_modules\@doyensec\electronegativity\dist\runner.js:64:16)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

Platform (please complete the following information):

• OS: Windows 10
• Electronegativity version : 1.10.3

Additional context Is the issue primarily with chromium-pickle-js? How can we get past this issue. I have tried unpacking electron.asar and it works well, but not the app.asar.

[phosphore]

Hello @Cdivyam! Thanks for filing your issue. It looks your input app.asar is breaking the asar as you suspected. I tried to bump asar to the latest version. Would it be possible for you to use https://github.com/doyensec/electronegativity/commit/27e772f7b148aca40f5a91fabbd1f906d11a6e6f and try again on the same archive or share the app.asar with us? Is the npx asar extract app.asar <destfolder> itself working?

[phosphore]

PickleIterator is part of the chromium-pickle-js package, which is used to serialize and deserialize data in Chromium's pickle format. In your specific case, the getReadPayloadOffsetAndAdvance function is called to get the offset of the data and advance the iterator, but it fails to read the data of the specified length.

This could be due to:

• A corrupted or invalid ASAR file: The file might contain an incorrect data length field, leading the extraction code to attempt to read an incorrect or too large payload size.
• Running out of memory: If the payload size is too large, Node.js might run out of memory during the deserialization process. This can be addressed by increasing the memory limit for Node.js using the --max-old-space-size flag.
• A bug or limitation in the chromium-pickle-js

[Cdivyam]

Hello @Cdivyam! Thanks for filing your issue. It looks your input app.asar is breaking the asar as you suspected. I tried to bump asar to the latest version. Would it be possible for you to use 27e772f and try again on the same archive or share the app.asar with us? Is the npx asar extract app.asar <destfolder> itself working?

Hi @phosphore thanks for information.

I have tried running asar extract app.asar <destfolder>, even that gives the same issue as above.

My asar version is 3.2.0.

The asar file is just 47 MB so I don't think it should be a issue with memory.

ASAR FILE https://drive.google.com/file/d/1RXk1O-GES--rqEPtC5uNowOrMq6x_NoS/view?usp=share_link

[phosphore]

An ASAR archive typically consists of two parts:

• Header: The header is a JSON string that represents the file system structure and metadata of the ASAR archive. It includes information about files and directories, such as their names, sizes, and offsets within the archive. The header is stored at the beginning of the ASAR file.
• Content: Following the header, the content of the files is stored in the ASAR archive. The content is concatenated without compression, and its position and size are determined by the metadata specified in the header.

It seems that the asar file you attached does not contain a properly formatted JSON string representing the file system structure, hence the ASAR library is not able to read or extract the archive correctly. Investigating it a bit more, you can see that in place of that you have an HEX string of characters. I'll leave this reversing part to you.

Cheers,

[Cdivyam]

Thanks for the inputs @phosphore . It is good to know that the library is not at fault.