timewall / firmware-mod-kit

Automatically exported from code.google.com/p/firmware-mod-kit
0 stars 0 forks source link

Cisco X2000 squashfs won't unpack; patch to fix included. #79

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
I got a Cisco X2000 and the firmware wouldn't unpack with any of your included 
unsquashfs-ers.

I hacked up squashfs4.2 to make it work, if you're interested.  Here's the 
hacky patch to upstream soruce, and I wrote it up at 
http://sandeen.net/wordpress/computers/uncompressing-cisco-x2000-firmware-images
/ as well.  Thanks!

diff -Nurp squashfs4.2/squashfs-tools/Makefile 
squashfs4.2-hack/squashfs-tools/Makefile
--- squashfs4.2/squashfs-tools/Makefile 2012-11-30 12:26:45.958576463 -0600
+++ squashfs4.2-hack/squashfs-tools/Makefile    2012-11-30 12:24:21.969566639 -0600
@@ -26,7 +26,7 @@ GZIP_SUPPORT = 1
 # To build using XZ Utils liblzma - install the library and uncomment
 # the XZ_SUPPORT line below.
 #
-#XZ_SUPPORT = 1
+XZ_SUPPORT = 1

 ############ Building LZO support ##############
diff -Nurp squashfs4.2/squashfs-tools/squashfs_fs.h 
squashfs4.2-hack/squashfs-tools/squashfs_fs.h
--- squashfs4.2/squashfs-tools/squashfs_fs.h    2011-02-11 09:49:24.000000000 -0600
+++ squashfs4.2-hack/squashfs-tools/squashfs_fs.h   2012-11-30 12:24:49.310566558 
-0600
@@ -270,10 +270,10 @@ struct meta_index {
 typedef long long      squashfs_block;
 typedef long long      squashfs_inode;

-#define ZLIB_COMPRESSION   1
-#define LZMA_COMPRESSION   2
-#define LZO_COMPRESSION        3
-#define XZ_COMPRESSION     4
+#define LZMA_COMPRESSION   1
+#define XZ_COMPRESSION     2
+#define ZLIB_COMPRESSION   3
+#define LZO_COMPRESSION        4

 struct squashfs_super_block {
    unsigned int        s_magic;
diff -Nurp squashfs4.2/squashfs-tools/unsquashfs.c 
squashfs4.2-hack/squashfs-tools/unsquashfs.c
--- squashfs4.2/squashfs-tools/unsquashfs.c 2011-02-28 16:27:06.000000000 -0600
+++ squashfs4.2-hack/squashfs-tools/unsquashfs.c    2012-11-30 12:28:31.793690803 
-0600
@@ -1460,10 +1460,10 @@ int read_super(char *source)
     */
    read_fs_bytes(fd, SQUASHFS_START, sizeof(struct squashfs_super_block),
        &sBlk_4);
-   swap = sBlk_4.s_magic != SQUASHFS_MAGIC;
+   swap = 0;
    SQUASHFS_INSWAP_SUPER_BLOCK(&sBlk_4);

-   if(sBlk_4.s_magic == SQUASHFS_MAGIC && sBlk_4.s_major == 4 &&
+   if(!swap && sBlk_4.s_major == 4 &&
            sBlk_4.s_minor == 0) {
        s_ops.squashfs_opendir = squashfs_opendir_4;
        s_ops.read_fragment = read_fragment_4;

Original issue reported on code.google.com by ericsand...@gmail.com on 30 Nov 2012 at 6:49

GoogleCodeExporter commented 9 years ago
Thanks, I am reviewing this for safety. My concern is that this will affect the 
extraction of other images with a differing squashfs toolset. In addition to 
the redefined compression types, it also doesn't have the same level of sanity 
checking since it relies on the major/minor version of the squashfs block as 
opposed to the squashfs magic signature. For rebuilding, more work will also be 
needed.

It seems likely we'll need to further modify the squashfs tools to handle 
either case, and/or fork the squashfs tools so we have a distinct set for this 
type of image.

Original comment by jeremy.collake@gmail.com on 30 Nov 2012 at 8:10

GoogleCodeExporter commented 9 years ago
Yeah, I know the patch is just a hack, not generally applicable - sorry, should 
have stated that more clearly perhaps.  But it shows what the image has, I 
think - it seems to be non-standard magic + advertised 4.0 fs version + 
compression type "1" as LZMA (which non-standard).

FWIW, I was unsquashing on a little endian box.

Phillip chimed in on on the comments for my blog post about the patch as well.

Original comment by ericsand...@gmail.com on 1 Dec 2012 at 2:48

GoogleCodeExporter commented 9 years ago
I didn't mean to sound critical, and have no problem with it being 'hacky'. 
This patch may be just what users of this device need.

I was just evaluating what would need to be done to add proper support for this 
device without breaking the rest of the kit. The easiest path is a forked 
squashfs-tools I suppose. We'll then need to properly handle the firmware in 
the scripts. It's isn't that big a job really, just takes a few minutes to do.. 
perhaps longer. Since I don't personally own this device, it is unlikely I'll 
do it. Craig might. If you are interested, feel free to submit a patch that 
does this ;).

Regardless, thanks for your contribution and nice work!

Original comment by jeremy.collake@gmail.com on 2 Dec 2012 at 8:42

GoogleCodeExporter commented 9 years ago
I didn't take it as critical.  :)

I can try to take a look at integrating it... I suppose I should be sure it 
unpacks on BE Machines too....

Original comment by ericsand...@gmail.com on 4 Dec 2012 at 7:15

GoogleCodeExporter commented 9 years ago
Have you tried getting the X2000 GPL code from Cisco/Linksys? They have been 
very good about responding to GPL requests 
(http://linksys.custhelp.com/app/gpl_ask) whenever I've asked, and usually 
provide me with a download link within a day or two.

This might be preferable to changing the source of an existing squashfs utility.

Original comment by heffne...@gmail.com on 5 Dec 2012 at 1:53

GoogleCodeExporter commented 9 years ago
Yes, I obtained the source but that doesn't help if I'm interested in unpacking 
the firmware for verification or modification.

Original comment by ericsand...@gmail.com on 6 Dec 2012 at 1:20

GoogleCodeExporter commented 9 years ago
Ok, however - looking at the source there is (in theory) a set of squashfs 
tools.  Will be interesting to see if a) they build and b) they uncompress the 
firmware.  :)  I think it still might be interesting to collect the unsquash 
routines in this project, though.

Original comment by ericsand...@gmail.com on 6 Dec 2012 at 5:38

GoogleCodeExporter commented 9 years ago
Ok, got an unsquashfs built from their GPL code drop; at least as I built it, 
it does not touch the FW image:

# ./unsquashfs FW.squash 
Major/Minor mismatch, filesystem on FW.squash is (4:0)
I support Squashfs 2.x and 3.0 filesystems!

Original comment by ericsand...@gmail.com on 6 Dec 2012 at 5:51

GoogleCodeExporter commented 9 years ago
Eric, do you have an alternate link for the firmware image? I'm getting a file 
not found error when trying to download the 
FW_X2000_AnnexA_2.0.04.007_20121009.bin image from Cisco's site, and an older 
version of the firmware that I have (2.0.03) seems to extract fine with the 
existing squashfs-4.2 tools.

Original comment by heffne...@gmail.com on 19 Dec 2012 at 8:28

GoogleCodeExporter commented 9 years ago
That's weird, they seem to have regressed it?  I mailed you a self-hosted link 
to the newer firmware.

Original comment by ericsand...@gmail.com on 20 Dec 2012 at 1:01

GoogleCodeExporter commented 9 years ago
Thanks Eric, got it. I think their downloads are just down right now, I can't 
seem to get any firmware from their site.

Are you sure you tried the squashfs-4.2 that is already in FMK? It seems to 
extract fine for me:

$ /opt/firmware-mod-kit/trunk/src/others/squashfs-4.2/unsquashfs 100.img 
Parallel unsquashfs: Using 1 processor
1175 inodes (1404 blocks) to write

created 904 files
created 68 directories
created 106 symlinks
created 164 devices
created 1 fifos

Original comment by heffne...@gmail.com on 20 Dec 2012 at 4:35

GoogleCodeExporter commented 9 years ago
How strange.  I sure thought I tried that - maybe I just ran (or built) it 
wrong?  Though that doesn't seem possible...  :(  I'm sorry if it was a wild 
goose chase.

Original comment by ericsand...@gmail.com on 20 Dec 2012 at 5:11

GoogleCodeExporter commented 9 years ago
Maybe you tried using the unsquashfs_all script? It mistakenly did not include 
squashfs-4.2 until someone pointed it out to me a few days ago.

Original comment by heffne...@gmail.com on 20 Dec 2012 at 3:18

GoogleCodeExporter commented 9 years ago
Yes, that was it.  Whoops!  Close this one, I guess, sorry for the trouble.

Original comment by ericsand...@gmail.com on 20 Dec 2012 at 3:19

GoogleCodeExporter commented 9 years ago
Nope, entirely my fault; a script named unsquashfs_all.sh should be expected to 
try ALL the squashfs utilities, so the confusion is understandable. Sorry you 
had to go through so much trouble for nothing.

Interestingly, the squashfs-4.2 utilities in FMK came from the OpenWRT project, 
so I'm not sure if they hacked it up or if they got it from some vendor GPL 
release. In either case, I've also added the official (non-hacked) squashfs-4.2 
utilities to FMK as well (and added it to unsquahfs_all.sh :P).

Original comment by heffne...@gmail.com on 20 Dec 2012 at 3:35