fails to unpack qnap packages #3
Comments
|
We can scan the shell script snippets for decimal or hexadecimal numbers, try them all as offsets, and see if mime(*FD) with a filedescriptor seeked to that offset, has something meaningful to say for each number. |
|
suggested sanity check: If an unpacker (e.g. tar) does not read to the end of the input data, this indicates to us, that another archive may have been appended. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example: http://download.qnap.com/QPKG/owncloud_6.0.2.zip
A shell archive is found, and a shell script is found, and a _41.bin blob is found.
The shell script contains these hints:
/bin/dd if="${0}" bs=$script_len skip=1 | /bin/tar -xO | /bin/tar -xzv -C $_EXTRACT_DIR || exit 1 offset=$(/usr/bin/expr $script_len + 20480) /bin/dd if="${0}" bs=$offset skip=1 | /bin/cat | /bin/dd bs=1024 count=54237 of=$_EXTRACT_DIR/data.tar.gz || exit 1 offset=$(/usr/bin/expr $offset + 55538136) ( cd $_EXTRACT_DIR && /bin/sh qinstall.sh || echo "Installation Abort." )_41.bin contains the concatenation of all the raw material accessed by this code. The first part can be extracted as a 10k control.tar.gz, the rest is silently skipped.
There is a gzip magic at offset 0x5000 aka 20480. We miss that one.
The text was updated successfully, but these errors were encountered: