unblob Empty *_extract directory is created for whole-file ELF binaries

Empty *_extract directory is created for whole-file ELF binaries

Open vlaci opened this issue 2 years ago • 2 comments

While testing #390 I found that a bunch of unneded directories are created for ELF executables.

Because ELFKernelExtractor is set for ELF handlers, an empty extract directory always gets created, even for whole-file elf binaries.

This results in a very cluttered output, e.g:

❯ find ! -type l -ls
  1155940      0 drwxrwxr-x  25 vlaci    users        1280 jún  8 10:17 .
  1156377      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:17 ./dnsmasq_extract
  1156376      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:17 ./dropbear_extract
  1156369      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./fw_printenv_extract
  1156368      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./iw_extract
  1156367      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./odhcp6c_extract
  1156366      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./odhcpd_extract
  1156365      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./pppd_extract
  1156364      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./px5g_extract
  1156363      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubiattach_extract
  1156362      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubiblock_extract
  1156361      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubicrc32_extract
  1156360      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubidetach_extract
  1156359      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubiformat_extract
  1156358      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubimkvol_extract
  1156357      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubinfo_extract
  1156356      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubinize_extract
  1156355      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubirename_extract
  1156354      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubirmvol_extract
  1156353      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubirsvol_extract
  1156352      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./ubiupdatevol_extract
  1156351      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./uhttpd_extract
  1156350      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./wpad_extract
  1156349      0 drwxrwxr-x   2 vlaci    users          40 jún  8 10:12 ./xtables-legacy-multi_extract
  1155979     60 -rw-r--r--   1 vlaci    users       58623 szept  1  2021 ./xtables-legacy-multi
  1155978    708 -rw-r--r--   1 vlaci    users      723161 szept  1  2021 ./wpad
  1155976     48 -rw-r--r--   1 vlaci    users       45427 szept  1  2021 ./uhttpd
  1155975     16 -rw-r--r--   1 vlaci    users       16383 szept  1  2021 ./ubiupdatevol
  1155974     20 -rw-r--r--   1 vlaci    users       16412 szept  1  2021 ./ubirsvol
  1155973     20 -rw-r--r--   1 vlaci    users       16388 szept  1  2021 ./ubirmvol
  1155972     16 -rw-r--r--   1 vlaci    users       16383 szept  1  2021 ./ubirename
  1155971     28 -rw-r--r--   1 vlaci    users       24609 szept  1  2021 ./ubinize
  1155970     24 -rw-r--r--   1 vlaci    users       20488 szept  1  2021 ./ubinfo
  1155969     24 -rw-r--r--   1 vlaci    users       20501 szept  1  2021 ./ubimkvol
  1155968     48 -rw-r--r--   1 vlaci    users       45120 szept  1  2021 ./ubiformat
  1155967     16 -rw-r--r--   1 vlaci    users       12296 szept  1  2021 ./ubidetach
  1155966      8 -rw-r--r--   1 vlaci    users        8191 szept  1  2021 ./ubicrc32
  1155965     12 -rw-r--r--   1 vlaci    users       12287 szept  1  2021 ./ubiblock
  1155964     20 -rw-r--r--   1 vlaci    users       16392 szept  1  2021 ./ubiattach
  1155963      8 -rw-r--r--   1 vlaci    users        8191 szept  1  2021 ./px5g
  1155962    240 -rw-r--r--   1 vlaci    users      244448 szept  1  2021 ./pppd
  1155961      4 -rw-r--r--   1 vlaci    users        1079 szept  1  2021 ./opkg-key
  1155960      4 -rw-r--r--   1 vlaci    users         120 szept  1  2021 ./odhcpd-update
  1155959     72 -rw-r--r--   1 vlaci    users       70165 szept  1  2021 ./odhcpd
  1155958     44 -rw-r--r--   1 vlaci    users       42023 szept  1  2021 ./odhcp6c
  1155957      4 -rw-r--r--   1 vlaci    users         265 szept  1  2021 ./ntpd-hotplug
  1155955     96 -rw-r--r--   1 vlaci    users       95875 szept  1  2021 ./iw
  1155946     28 -rw-r--r--   1 vlaci    users       24875 szept  1  2021 ./fw_printenv
  1155945    176 -rw-r--r--   1 vlaci    users      176611 szept  1  2021 ./dropbear

Jun 08 '22 08:06 vlaci

It could be considered a more general issue, however what makes the ELF case special, that 99.9% of ELF files won't get extracted via this extractor which is rarely the case with other formats.

Jun 08 '22 11:06 vlaci

That's a good point I see two alternatives:

we split the ELF handler into a generic ELF handler and a Linux kernel specific one, where the extractor would work on the kernel only
we fix the case where whole file carves or null extraction does not result in an empty directory

Jun 08 '22 12:06 martonilles

unblob unblob copied to clipboard

Empty *_extract directory is created for whole-file ELF binaries

unblob
unblob copied to clipboard