view mysteryffs/extract.c @ 44:074237879eca

pirollback: name check implemented
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Sat, 06 Jul 2013 21:31:55 +0000
parents d19b4e20ff9f
children
line wrap: on
line source

/*
 * This program is the logical culmination of the MysteryFFS reverse eng
 * experiments: it walks the FFS directory tree from the root down,
 * recreates a matching tree in the local Unix file system, and
 * extracts the full content of all data files.
 *
 * All acquired understanding of the MysteryFFS structure is tested
 * in the process.
 */

#include <sys/types.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <endian.h>
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>

typedef unsigned char u8;
typedef unsigned short u16;
typedef unsigned int u32;

u8 mysteryffs_hdr[6] = {'F', 'f', 's', '#', 0x10, 0x02};

/* actual MysteryFFS on-media structure */
struct mysteryffs_index {
	u16	len;
	u8	unknown_b1;
	u8	type;
	u16	descend;
	u16	sibling;
	u32	dataptr;
	u16	unknown_w1;
	u16	unknown_w2;
};

/* our own struct for convenience */
struct objinfo {
	u16	entryno;
	struct	mysteryffs_index *idxrec;
	u8	*dataptr;
	u32	offset;
	u16	len;
	u8	type;
	u16	descend;
	u16	sibling;
};

char *imgfile;
u32 eraseblk_size;
int total_blocks;
u32 total_img_size;
u8 *image, *indexblk;

char workpath[512];

read_img_file()
{
	int fd;
	struct stat st;

	fd = open(imgfile, O_RDONLY);
	if (fd < 0) {
		perror(imgfile);
		exit(1);
	}
	fstat(fd, &st);
	if (!S_ISREG(st.st_mode)) {
		fprintf(stderr, "%s is not a regular file\n", imgfile);
		exit(1);
	}
	if (st.st_size < total_img_size) {
		fprintf(stderr, "%s has fewer than 0x%x bytes\n", imgfile,
			total_img_size);
		exit(1);
	}
	image = malloc(total_img_size);
	if (!image) {
		perror("malloc");
		exit(1);
	}
	read(fd, image, total_img_size);
	close(fd);
}

find_index_block()
{
	int i;
	u8 *ptr;

	for (ptr = image, i = 0; i < total_blocks; i++, ptr += eraseblk_size) {
		if (bcmp(ptr, mysteryffs_hdr, 6))
			continue;
		if (ptr[8] != 0xAB)
			continue;
		printf("Found index in erase block #%d (offset %x)\n", i,
			ptr - image);
		indexblk = ptr;
		return(0);
	}
	fprintf(stderr, "could not find a MysteryFFS index block in %s\n",
		imgfile);
	exit(1);
}

get_index_entry(oi)
	struct objinfo *oi;
{
	struct mysteryffs_index *le;

	if (oi->entryno >= (eraseblk_size >> 4)) {
		fprintf(stderr,
		"error: index block pointer %x past the erase block size!\n",
			oi->entryno);
		exit(1);
	}
	le = (struct mysteryffs_index *) indexblk + oi->entryno;
	oi->idxrec = le;
	oi->len = le16toh(le->len);
	oi->type = le->type;
	oi->descend = le16toh(le->descend);
	oi->sibling = le16toh(le->sibling);
	return(0);
}

validate_chunk(oi)
	struct objinfo *oi;
{
	u32 dptr;

	if (oi->len & 0xF || !oi->len) {
		fprintf(stderr, "index entry #%x: invalid chunk length\n",
			oi->entryno);
		exit(1);
	}
	dptr = le32toh(oi->idxrec->dataptr);
	if (dptr > 0x0FFFFFFF) {
invdptr:	fprintf(stderr, "index entry #%x: invalid data pointer\n",
			oi->entryno);
		exit(1);
	}
	dptr <<= 4;
	if (dptr >= total_img_size - oi->len)
		goto invdptr;
	oi->offset = dptr;
	oi->dataptr = image + dptr;
	return(0);
}

validate_obj_name(oi)
	struct objinfo *oi;
{
	u8 *cp;
	int cnt;

	for (cp = oi->dataptr, cnt = 0; ; cp++, cnt++) {
		if (cnt >= oi->len) {
			fprintf(stderr,
		"object at index %x: name expected at %x: length overrun\n",
				oi->entryno, oi->offset);
			exit(1);
		}
		if (!*cp)
			break;
		if (*cp < '!' || *cp > '~') {
			fprintf(stderr,
		"object at index %x: name expected at %x: bad character\n",
				oi->entryno, oi->offset);
			exit(1);
		}
	}
	if (!cnt) {
		fprintf(stderr,
		"object at index %x: name expected at %x: null string\n",
			oi->entryno, oi->offset);
		exit(1);
	}
	return(0);
}

name_safe_for_extract(oi)
	struct objinfo *oi;
{
	char *s;

	s = (char *)oi->dataptr;
	if (!isalnum(*s) && *s != '_')
		return(0);
	for (s++; *s; s++)
		if (!isalnum(*s) && *s != '_' && *s != '.')
			return(0);
	return(1);
}

u8 *
find_end_of_chunk(ch)
	struct objinfo *ch;
{
	u8 *p;
	int i;

	p = ch->dataptr + ch->len;
	for (i = 1; i <= 16; i++) {
		if (!p[-i])
			return(p - i);
		if (p[-1] != 0xFF)
			break;
	}
	fprintf(stderr,
	"chunk starting at %x (index entry %x): no valid termination found\n",
		ch->offset, ch->entryno);
	exit(1);
}

void
dump_head_chunk(fd, ch)
	struct objinfo *ch;
{
	u8 *endname, *endchunk;

	endname = (u8 *) index((char *)ch->dataptr, '\0') + 1;
	endchunk = find_end_of_chunk(ch);
	if (endchunk <= endname)
		return;
	write(fd, endname, endchunk - endname);
}

void
dump_extra_chunk(fd, ch)
	struct objinfo *ch;
{
	u8 *endchunk;

	endchunk = find_end_of_chunk(ch);
	write(fd, ch->dataptr, endchunk - ch->dataptr);
}

extract_file(head)
	struct objinfo *head;
{
	int fd;
	int ent;
	struct objinfo ch;

	fd = open(workpath + 1, O_WRONLY|O_CREAT|O_TRUNC, 0666);
	if (fd < 0) {
		perror(workpath + 1);
		exit(1);
	}
	dump_head_chunk(fd, head);
	for (ent = head->descend; ent != 0xFFFF; ent = ch.descend) {
		ch.entryno = ent;
		get_index_entry(&ch);
		if (ch.type != 0xF4) {
			fprintf(stderr,
	"file continuation object at index %x: type %02X != expected F4\n",
				ent, ch.type);
			exit(1);
		}
		validate_chunk(&ch);
		dump_extra_chunk(fd, &ch);
		if (ch.sibling != 0xFFFF)
			printf("warning: file continuation object (index %x) has a non-nil sibling pointer\n",
				ent);
	}
	close(fd);
}

dump_dir(firstent, path_prefix)
{
	int ent;
	struct objinfo obj;

	for (ent = firstent; ent != 0xFFFF; ent = obj.sibling) {
		obj.entryno = ent;
		get_index_entry(&obj);
		if (!obj.type) /* skip deleted objects w/o further validation */
			continue;
		validate_chunk(&obj);
		validate_obj_name(&obj);
		if (path_prefix + strlen(obj.dataptr) + 2 > sizeof workpath) {
			fprintf(stderr,
	"handling object at index %x, name \"%s\": path buffer overflow\n",
				obj.entryno, (char *)obj.dataptr);
			exit(1);
		}
		sprintf(workpath + path_prefix, "/%s", (char *)obj.dataptr);
		switch (obj.type) {
		case 0xF2:
			/* directory */
			printf("dir: %s\n", workpath);
			if (!name_safe_for_extract(&obj)) {
				printf("name contains unsafe characters; subtree skipped\n");
				continue;
			}
			if (mkdir(workpath + 1, 0777) < 0) {
				perror(workpath + 1);
				exit(1);
			}
			dump_dir(obj.descend, strlen(workpath));
			continue;
		case 0xF1:
			/* regular file */
			printf("file: %s\n", workpath);
			if (!name_safe_for_extract(&obj)) {
				printf("name contains unsafe characters; file skipped\n");
				continue;
			}
			extract_file(&obj);
			continue;
		case 0xE1:
			/* special .journal file */
			if (path_prefix == 0 &&
			    !strcmp((char *)obj.dataptr, ".journal"))
				printf("skipping /.journal\n");
			else
				printf("skipping unexpected E1 file: %s\n",
					workpath);
			continue;
		default:
		printf("%s (index entry #%x): unexpected type %02X; skipping\n",
				workpath, obj.entryno, obj.type);
			continue;
		}
	}
}

dump_root()
{
	struct objinfo root;

	root.entryno = 1;
	get_index_entry(&root);
	validate_chunk(&root);
	validate_obj_name(&root);
	printf("Root node name: %s\n", (char *)root.dataptr);
	if (root.type != 0xF2) {
		fprintf(stderr,
	"error: index entry #1 (expected root dir) is not a directory\n");
		exit(1);
	}
	if (root.sibling != 0xFFFF)
		printf("warning: root entry has a non-nil sibling pointer\n");
	dump_dir(root.descend, 0);
}

main(argc, argv)
	char **argv;
{
	if (argc != 4) {
		fprintf(stderr, "usage: %s imgfile blksize nblocks\n", argv[0]);
		exit(1);
	}
	imgfile = argv[1];
	eraseblk_size = strtoul(argv[2], 0, 0);
	total_blocks = strtoul(argv[3], 0, 0);
	total_img_size = eraseblk_size * total_blocks;
	read_img_file();
	find_index_block();
	dump_root();
	exit(0);
}