qkaiser
commented
5 days ago @abclution can you share the firmware where those UPX files are found ?
Open abclution opened 5 days ago
qkaiser
commented
5 days ago @abclution can you share the firmware where those UPX files are found ?
qkaiser
commented
5 days ago We can implement a check in the ELF handler, similar to the one we do for kernels in ElfChunk.
We can look for the UPX! magic within the header and parse the l_info struct (see https://github.com/upx/upx/blob/d7ba31cab8ce8d95d2c10e88d2ec787ac52005ef/src/stub/src/include/linux.h#L730).
If the l_info is valid (good checksum, good version, good format), then we can call upx -d instead of the usual carving.
abclution
commented
4 days ago Sure thing, here is one, most bins are upx compressed.
I searched for any issues (open/closed) with upx in them and zero came up which surprised me.
Summary
Would be good to support UPX. https://github.com/upx/upx
Very commonly found on embedded linux devices like ip cameras used to compress executables. Packages are available in most distros.
Someone previously asked the emba team to include it, but they mentioned it would be a good feature add for unblob and I agee. The initial poster never followed up here and I figured I would.
Original emba issue: https://github.com/e-m-b-a/emba/issues/1067
Dependency is available with
apt install upxor through https://github.com/upx/upx.Documentation: https://upx.github.io
Motivation
Well, in my case I use this for disassembling and analyzing ipcamera firmware using emba. Emba is in essence not finding what I need due the the files being analyzed while still compressed by UPX.
Another person months ago was supposed to inform unblob but upon a search I found nothing.. https://github.com/e-m-b-a/emba/issues/1067