We will implement our own extfs extractor binary by linking into the e2fsprogs library. The sole purpose of this binary is to receive a path to an extfs image and extract it in a specified directory. Prior to executing the extraction, the filesystem image will be fixed in-memory by implementing the equivalent of e2fsck -y so that the source file is not modified on disk. Issues identified during this fixing pass will be reported by the extfs extractor in unblob.
We were initially extracting extfs filesystems with
7zbut the support was not extensive enough so we moved todebugfs.Since then we had to fight with multiple bugs in
debugfs, forcing us to fork e2fsprogs at https://github.com/onekey-sec/e2fsprogs. With the most recent bug report (https://github.com/onekey-sec/unblob/issues/778), we had an internal discussion and decided that we need to go further.We will implement our own extfs extractor binary by linking into the e2fsprogs library. The sole purpose of this binary is to receive a path to an extfs image and extract it in a specified directory. Prior to executing the extraction, the filesystem image will be fixed in-memory by implementing the equivalent of
e2fsck -yso that the source file is not modified on disk. Issues identified during this fixing pass will be reported by the extfs extractor in unblob.Interested parties: @orosam @vlaci