[File] [PATCH] Magdir/archive POSIX tar generic for AVM FRITZ!Box images
Christos Zoulas
christos at zoulas.com
Fri Feb 2 22:57:04 UTC 2024
Committed, thanks!
christos
> On Jan 30, 2024, at 8:41 PM, Jörg Jenderek (GMX) <joerg.jen.der.ek at gmx.net> wrote:
>
> Hello,
>
> some days ago i update my router manually. The device is from company
> with name AVM. The firmware (called FRITZ!OS) can be downloaded and
> installed via web interface. The firmware samples have names like
> FRITZ.Box_4040-07.57.image where 4040 is the model name and 07.57 is the
> firmware version.
>
> When i run file command version 5.45 on such samples with -e tar option
> i get an output like:
>
> FRITZ.Box_4040-07.12.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 13514356267
> FRITZ.Box_4040-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474472440
> FRITZ.Box_5530_Fiber-07.58.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14476336641
> FRITZ.Box_6490_Cable-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474577126
> FRITZ.Box_6660_Cable-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474612254
> FRITZ.Box_6820v3_LTE-07.57.image: POSIX tar archive (GNU), directory
> ./lte/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14475334204
> FRITZ.Box_7272-06.88.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14476052240
> FRITZ.Box_7362_SL-07.14.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14475035071
> FRITZ.Box_7412.137.06.88.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474710751
> FRITZ.Box_7520_B-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474476653
> FRITZ.Box_7583_VDSL-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474466115
> FRITZ.Box_7590_AX-07.57.image: POSIX tar archive (GNU), directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474465455
>
> With option --extension for samples wrong tar/gtar suffix are shown.
> With -i option application/x-gtar is shown.
>
> For comparison reason i also run the file format identification utility
> DROID (See https://sourceforge.net/projects/droid/). Here the samples
> are recognized generic. These are described as "Tape Archive Format"with
> mime type application/x-tar by PUID x-fmt/265.
>
> On Linux according to shared MIME-info database such samples are called
> "Tar archive". Here application/x-gtar is used as mime type. The
> samples are just recognized by looking for 8 byte sequence
> ustar\040\040\0 at offset 257. Here 3 suffix (tar gtar gem) are listed.
> That information can be seen in source freedesktop.org.xml.in found for
> example on gitlab.freedesktop.org.
>
> For comparison reason i run the file format identification utility
> TrID ( See https://mark0.net/soft-trid-e.html). This identifies
> the samples with highest priority as "AVM FRITZ!Box firmware" with mime
> type application/x-gtar by image-avm.trid.xml. The samples are also
> described as "TAR - Tape ARchive (GNU)" with application/x-gtar mime
> type and 2 suffix (.TAR/GTAR) by ark-tar-gnu.trid.xml. The samples are
> also described with lowest priority as "TAR - Tape ARchive (directory)"
> with application/x-tar mime type and 1 suffix (.TAR) by
> ark-tar-dir.trid.xml (See appended trid-v-image.txt.gz).
>
> This tool list the used file name extension and with -v option the
> related URL pointing to some file format information. The tar format is
> documented, but is is used by AVM to pack their firmware, but i found no
> official page about what is difference to distinguish their images from
> other TAR archives. With German language i found pages in context with
> alternative firmware freetz. With English language i found a page in
> context with IT security. So i use this as reference. That informations
> are expressed by comment lines inside Magdir/archive like:
> # URL: https://en.wikipedia.org/wiki/Fritz!Box
> # URL: https://www.redteam-pentesting.de/de/advisories/rt-sa-2014-010/
> # -avm-fritz-box-firmware-signature-bypass
> # Ref.: http://mark0.net/download/triddefs_xml.7z
> # defs/i/image-avm.trid.xml
>
> So i put displaying part inside sub routine that starts like
> 0 name tar-avm
> >0 string x AVM FRITZ!Box firmware
> !:mime application/x-avm-image
> !:ext image
>
> AVM instead of standard suffix like GTAR or TAR use another file name
> suffix. This company behaves like Microsoft. There is neither
> explanation nor file registration. Shame on them. Where is our political
> elite? For myself i must get many regulation and such companies can put
> their firmware files on my computer without any rules. That in the end
> leads to trouble, because there exist other file formats with same name
> suffix image. Instead of standard tar mime type i choose an user defined
> one. So instead of unpacking tool a flashing tool for AVM firmware can
> be called.
>
> The sub routine ends with lines looking like:
> >0 use tar-entry
> >156 ubyte 0x35
> >>512 use tar-entry
>
> So for control reason show first tar entry. Apparently the firmware
> entry seems to start with a relative directory entry. Often this is
> ./var/, but i found one example starting with ./lte/. So i use this fact
> as test before calling this subroutine and before general case with
> calling tar-file. So inserted lines look like:
> >>>>>>>>0 ubequad&0xFFffE5eaE8ffFFff 0x2e2f6460602f0000
> >>>>>>>>>0 use tar-avm
>
> If first entry is directory (indicated by type flag value 0x35) this has
> no content and in next block starts second entry. So by last line in sub
> routine this entry is also shown. Often second name is ./var/content.
> Many have /var/install and few have ./var/chksum and one sample has
> ./lte/modfw.nfo. So maybe first test for AVM images is maybe not too
> specific. Then a second test branch must be inserted which look like:
> # >>>>>>>>>517 string /content\0
> # >>>>>>>>>>0 use tar-avm
> # >>>>>>>>>517 string /install\0
> # >>>>>>>>>>0 use tar-avm
> # >>>>>>>>>517 string /chksum\0
> # >>>>>>>>>>0 use tar-avm
> # >>>>>>>>>517 string /modfw.nfo\0
> # >>>>>>>>>>0 use tar-avm
>
> I looked inside TrID definition for AVM characteristic patterns and i
> try to translate this into magic lines, but i get no general solution.
> The main problem was that characteristic patterns sometimes occur dozen
> of MB behind the beginning and that is beyond file command limits.
>
> Many image have ./var/content as second entry. Apparently these text
> file start with line like:
> Product=Fritz_Box_HW227 (FRITZ!Box 4040)
> So show this information inside sub routine tar-avm by lines like:
> >>1024 search/512 Product=Fritz_Box_
> >>>&0 string x %s
> A little bit later comes phrase version followed by equal sign. This is
> followed by version string (like 07.57 07.58). So i also show this
> information by adaptional lines inside sub routine. These look like:
> >>>1044 search Version= \b, version
> >>>>&0 string x %s
>
> After applying the above mentioned modifications by patch
> file-archive-image.diff then my AVM images are more precisely described.
> This now looks like:
> FRITZ.Box_4040-07.12.image: AVM FRITZ!Box firmware
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 13514356267
> , file
> ./var/install, mode 0100755
> , uid 0000000,
> gid 0000000, size 00000061064,
> seconds 13514356267
> FRITZ.Box_4040-07.57.image: AVM FRITZ!Box firmware
> HW227 (FRITZ!Box 4040)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474472440
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000530,
> seconds 14474472440
> FRITZ.Box_5530_Fiber-07.58.image: AVM FRITZ!Box firmware
> HW257 (FRITZ!Box 5530 Fiber)
> , version 07.58
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14476336641
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000547,
> seconds 14476336641
> FRITZ.Box_6490_Cable-07.57.image: AVM FRITZ!Box firmware
> HW213a (FRITZ!Box 6490 Cable)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474577126
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000532,
> seconds 14474577126
> FRITZ.Box_6660_Cable-07.57.image: AVM FRITZ!Box firmware
> HW252a (FRITZ!Box 6660 Cable)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474612254
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000535,
> seconds 14474612254
> FRITZ.Box_6820v3_LTE-07.57.image: AVM FRITZ!Box firmware
> , directory
> ./lte/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14475334204
> , file
> ./lte/modfw.nfo, mode 0100444
> , uid 0000000,
> gid 0000000, size 00000000426,
> seconds 14475334204
> FRITZ.Box_7272-06.88.image: AVM FRITZ!Box firmware
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14476052240
> , file
> ./var/chksum, mode 0100550
> , uid 0000000,
> gid 0000000, size 00001040660,
> seconds 13006104074
> FRITZ.Box_7362_SL-07.14.image: AVM FRITZ!Box firmware
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14475035071
> , file
> ./var/install, mode 0100755
> , uid 0000000,
> gid 0000000, size 00000107123,
> seconds 14475035071
> FRITZ.Box_7412.137.06.88.image: AVM FRITZ!Box firmware
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474710751
> , file
> ./var/chksum, mode 0100550
> , uid 0000000,
> gid 0000000, size 00001040030,
> seconds 12773015052
> FRITZ.Box_7520_B-07.57.image: AVM FRITZ!Box firmware
> HW276 (FRITZ!Box 7520 B)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474476653
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000543,
> seconds 14474476653
> FRITZ.Box_7583_VDSL-07.57.image: AVM FRITZ!Box firmware
> HW260 (FRITZ!Box 7583 VDSL)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474466115
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000546,
> seconds 14474466115
> FRITZ.Box_7590_AX-07.57.image: AVM FRITZ!Box firmware
> HW259 (FRITZ!Box 7590 AX)
> , version 07.57
> , directory
> ./var/, mode 0040755, uid 0000000,
> gid 0000000, size 00000000000,
> seconds 14474465455
> , file
> ./var/content, mode 0100644
> , uid 0000000,
> gid 0000000, size 00000000544,
> seconds 14474465455
>
> I hope my diff file can be applied in future version of file
> utility.
>
> With best wishes,
> Jörg Jenderek
> --
> Jörg Jenderek
> <Nachrichtenteil als Anhang.DEFANGED-952><file-archive-image_diff.DEFANGED-953><file-archive-image_diff_sig.DEFANGED-954><trid-v-image.txt.gz>--
> File mailing list
> File at astron.com
> https://mailman.astron.com/mailman/listinfo/file
> <sanitizer.log>
More information about the File
mailing list