路由器逆向分析------sasquatch和squashfs-tools工具的安装和使用
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/68942660
一、sasquatch工具的安装和使用
sasquatch工具支持对
非标准的SquashFS格式的文件镜像 进行解压并且sasquatch工具也binwalk工具集成的一个功能组件之一。最新版的sasquatch工具是基于squashfs 4.3的源码修改而来的,具体修改那些文件如下,修改的那些内容在sasquatch的GitHub的pathes目录下有详细说明。
The sasquatch
project is a set of patches to the standard unsquashfs utility (part of squashfs-tools) that attempts to add support for as many hacked-up vendor-specific SquashFS implementations as possible.
If the vendor has done something simple like just muck a bit with the header fields, sasquatch
should sort it out.
If the vendor has made changes to the underlying LZMA compression options, or to how these options are stored in the compressed data blocks, sasquatch
will attempt to automatically resolve such customizations
via a brute-force method.
Additional advanced command line options have been added for testing/debugging.
原始squashfs工具的有关说明和源码的下载地址:https://sourceforge.net/projects/squashfs/files/squashfs/。sasquatch工具的编译脚本build.sh中详细的记录里squashfs被path后变成sasquatch工具的过程。
#!/bin/sh
# Script to download squashfs-tools v4.3, apply the patches, perform a clean build, and install.
# If not root, perform 'make install' with sudo
if [ "$UID" = "0" ]
then
SUDO=""
else
SUDO="sudo"
fi
# Install prerequisites
if hash apt-get &>/dev/null
then
$SUDO apt-get install build-essential liblzma-dev liblzo2-dev zlib1g-dev
fi
# Make sure we're working in the same directory as the build.sh script
cd $(dirname `readlink -f $0`)
# Download squashfs4.3.tar.gz if it does not already exist
if [ ! -e squashfs4.3.tar.gz ]
then
wget https://downloads.sourceforge.net/project/squashfs/squashfs/squashfs4.3/squashfs4.3.tar.gz
fi
# Remove any previous squashfs4.3 directory to ensure a clean patch/build
rm -rf squashfs4.3
# Extract squashfs4.3.tar.gz
tar -zxvf squashfs4.3.tar.gz
# Patch, build, and install the source
cd squashfs4.3
patch -p0 < ../patches/patch0.txt
cd squashfs-tools
make && $SUDO make install
sasquatch工具的github下载地址为:https://github.com/devttys0/sasquatch,sasquatch工具先安装需要的依赖库文件,然后进行编译,编译完成以后就可以使用了。
Prerequisites
You need a C/C++ compiler, plus the liblzma, liblzo and zlib development libraries:
$ sudo apt-get install build-essential liblzma-dev liblzo2-dev zlib1g-dev
Installation
The included build.sh
script will download squashfs-tools v4.3, patch the source, then build and installsasquatch
:
$ ./build.sh
sasquatch工具的下载和安装:
# 安装依赖库文件
$ sudo apt-get install build-essential liblzma-dev liblzo2-dev zlib1g-dev
# 下载源码
$ git clone https://github.com/devttys0/sasquatch.git
# 源码的编译
$ (cd sasquatch && ./build.sh)
sasquatch源码编译成功后的结果,使用sasquatch工具的时候,直接命令行输入 sasquatch加对应的参数就可以执行。
sasquatch工具的使用帮助和支持解压的squashfs文件的格式:
fly2016@ubuntu:~$ sasquatch
SYNTAX: sasquatch [options] filesystem [directories or files to extract]
-v[ersion] print version, licence and copyright information
-d[est] <pathname> unsquash to <pathname>, default "squashfs-root"
-n[o-progress] don't display the progress bar
-no[-xattrs] don't extract xattrs in file system
-x[attrs] extract xattrs in file system (default)
-u[ser-xattrs] only extract user xattrs in file system.
Enables extracting xattrs
-p[rocessors] <number> use <number> processors. By default will use
number of processors available
-i[nfo] print files as they are unsquashed
-li[nfo] print files as they are unsquashed with file
attributes (like ls -l output)
-l[s] list filesystem, but don't unsquash
-ll[s] list filesystem with file attributes (like
ls -l output), but don't unsquash
-f[orce] if file already exists then overwrite
-s[tat] display filesystem superblock information
-e[f] <extract file> list of directories or files to extract.
One per line
-da[ta-queue] <size> Set data queue to <size> Mbytes. Default 256
Mbytes
-fr[ag-queue] <size> Set fragment queue to <size> Mbytes. Default
256 Mbytes
-r[egex] treat extract names as POSIX regular expressions
rather than use the default shell wildcard
expansion (globbing)
-trace Enable verbose trace output
-lc <value> Set the lzma-adaptive lc parameter [0-4]
-lp <value> Set the lzma-adaptive lp parameter [0-4]
-pb <value> Set the lzma-adaptive pb parameter [0-8]
-dict <value> Set the lzma-adaptive dictionary size
-lzma-offset <value> Set the lzma-adaptive LZMA data offset
-major <version> Manually set the SquashFS major version number
-minor <version> Manually set the SquashFS minor version number
-be Treat the filesystem as big endian
-le Treat the filesystem as little endian
-c[omp] <decompressor> Specify the decompressor to use
Decompressors available:
gzip
lzma
lzma-adaptive
lzma-alt
lzma-ddwrt
lzo
xz
二、squashfs-tools工具的安装和使用
squashfs-tools工具既可以对squashfs格式的文件进行解压也可以对squashfs格式的文件进行压缩处理 。squashfs-tools工具的安装方式比较多,官方squashfs-tools工具的安装说明如下,具体的参考网址见:https://github.com/plougher/squashfs-tools/blob/master/INSTALL。
INSTALLING SQUASHFS
The squashfs4.3.tar.gz file contains the squashfs-tools directory containing
mksquashfs and unsquashfs.
1. Kernel support
-----------------
This release is for 2.6.29 and newer kernels. Kernel patching is not necessary.
Extended attribute support requires 2.6.35 or newer. File systems with
extended attributes can be mounted on 2.6.29 and newer kernels (the
extended attributes will be ignored with a warning).
LZO compression support requires 2.6.36 or newer kernels.
XZ compression support requires 2.6.38 or newer kernels.
LZ4 support is not yet in any mainline kernel.
2. Building squashfs tools
--------------------------
The squashfs-tools directory contains the mksquashfs and unsquashfs programs.
These can be made by typing make (or make install to install in /usr/local/bin).
By default the tools are built with GZIP compression and extended attribute
support. Read the Makefile in squashfs-tools/ for instructions on building
LZO, LZ4 and XZ compression support, and for instructions on disabling GZIP
and extended attribute support if desired.
1.通过github的方式安装squashfs-tools工具。
$ git clone https://github.com/plougher/squashfs-tools.git
$ cd ./squashfs-tools/squashfs-tools
$ sudo make && sudo make install
squashfs-tools工具源码的github下载地址:https://github.com/plougher/squashfs-tools。
2.通过sourceforge.net网站下载的方式安装squashfs-tools工具。
$ wget https://nchc.dl.sourceforge.net/project/squashfs/squashfs/squashfs4.3/squashfs4.3.tar.gz
$ tar -zxvf squashfs4.3.tar.gz
$ cd squashfs4.3/squashfs-tools
$ sudo make && sudo make install
squashfs-tools
v4.3工具源码的下载地址:https://sourceforge.net/projects/squashfs/files/squashfs/。
3.通过apt-get的方式进行直接安装.
$ sudo apt-get install squashfs-tools
squashfs-tools工具的使用详细使用说明和squashfs文件格式的详细说明以及squashfs-tools工具的支持的文件解压和压缩格式,可以参考官方的网址:https://github.com/plougher/squashfs-tools/blob/master/RELEASE-README。
SQUASHFS 4.3 - A squashed read-only filesystem for Linux
Copyright 2002-2014 Phillip Lougher <phillip@lougher.demon.co.uk>
Released under the GPL licence (version 2 or later).
Welcome to Squashfs version 4.3. Please read the README-4.3 and CHANGES files
for details of changes.
Squashfs is a highly compressed read-only filesystem for Linux.
It uses either gzip/xz/lzo/lz4 compression to compress both files, inodes
and directories. Inodes in the system are very small and all blocks are
packed to minimise data overhead. Block sizes greater than 4K are supported
up to a maximum of 1Mbytes (default block size 128K).
Squashfs is intended for general read-only filesystem use, for archival
use (i.e. in cases where a .tar.gz file may be used), and in constrained
block device/memory systems (e.g. embedded systems) where low overhead is
needed.
1. SQUASHFS OVERVIEW
--------------------
1. Data, inodes and directories are compressed.
2. Squashfs stores full uid/gids (32 bits), and file creation time.
3. In theory files up to 2^64 bytes are supported. In theory filesystems can
be up to 2^64 bytes.
4. Inode and directory data are highly compacted, and packed on byte
boundaries. Each compressed inode is on average 8 bytes in length
(the exact length varies on file type, i.e. regular file, directory,
symbolic link, and block/char device inodes have different sizes).
5. Squashfs can use block sizes up to 1Mbyte (the default size is 128K).
Using 128K blocks achieves greater compression ratios than the normal
4K block size.
6. File duplicates are detected and removed.
7. Filesystems can be compressed with gzip, xz (lzma2), lzo or lz4
compression algorithms.
1.1 Extended attributes (xattrs)
--------------------------------
Squashfs filesystems now have extended attribute support. The
extended attribute implementation has the following features:
1. Layout can store up to 2^48 bytes of compressed xattr data.
2. Number of xattrs per inode unlimited.
3. Total size of xattr data per inode 2^48 bytes of compressed data.
4. Up to 4 Gbytes of data per xattr value.
5. Inline and out-of-line xattr values supported for higher performance
in xattr scanning (listxattr & getxattr), and to allow xattr value
de-duplication.
6. Both whole inode xattr duplicate detection and individual xattr value
duplicate detection supported. These can obviously nest, file C's
xattrs can be a complete duplicate of file B, and file B's xattrs
can be a partial duplicate of file A.
7. Xattr name prefix types stored, allowing the redundant "user.", "trusted."
etc. characters to be eliminated and more concisely stored.
8. Support for files, directories, symbolic links, device nodes, fifos
and sockets.
Extended attribute support is in 2.6.35 and later kernels. Filesystems
with extended attributes can be mounted on 2.6.29 and later kernels, the
extended attributes will be ignored with a warning.
2. USING SQUASHFS
-----------------
Squashfs filesystems should be mounted with 'mount' with the filesystem type
'squashfs'. If the filesystem is on a block device, the filesystem can be
mounted directly, e.g.
%mount -t squashfs /dev/sda1 /mnt
Will mount the squashfs filesystem on "/dev/sda1" under the directory "/mnt".
If the squashfs filesystem has been written to a file, the loopback device
can be used to mount it (loopback support must be in the kernel), e.g.
%mount -t squashfs image /mnt -o loop
Will mount the squashfs filesystem in the file "image" under
the directory "/mnt".
3. MKSQUASHFS
-------------
3.1 Mksquashfs options and overview
-----------------------------------
As squashfs is a read-only filesystem, the mksquashfs program must be used to
create populated squashfs filesystems.
SYNTAX:./mksquashfs source1 source2 ... dest [options] [-e list of exclude
dirs/files]
Filesystem build options:
-comp <comp> select <comp> compression
Compressors available:
gzip (default)
lzo
lz4
xz
-b <block_size> set data block to <block_size>. Default 128 Kbytes
Optionally a suffix of K or M can be given to specify
Kbytes or Mbytes respectively
-no-exports don't make the filesystem exportable via NFS
-no-sparse don't detect sparse files
-no-xattrs don't store extended attributes
-xattrs store extended attributes (default)
-noI do not compress inode table
-noD do not compress data blocks
-noF do not compress fragment blocks
-noX do not compress extended attributes
-no-fragments do not use fragments
-always-use-fragments use fragment blocks for files larger than block size
-no-duplicates do not perform duplicate checking
-all-root make all files owned by root
-force-uid uid set all file uids to uid
-force-gid gid set all file gids to gid
-nopad do not pad filesystem to a multiple of 4K
-keep-as-directory if one source directory is specified, create a root
directory containing that directory, rather than the
contents of the directory
Filesystem filter options:
-p <pseudo-definition> Add pseudo file definition
-pf <pseudo-file> Add list of pseudo file definitions
-sort <sort_file> sort files according to priorities in <sort_file>. One
file or dir with priority per line. Priority -32768 to
32767, default priority 0
-ef <exclude_file> list of exclude dirs/files. One per line
-wildcards Allow extended shell wildcards (globbing) to be used in
exclude dirs/files
-regex Allow POSIX regular expressions to be used in exclude
dirs/files
Filesystem append options:
-noappend do not append to existing filesystem
-root-becomes <name> when appending source files/directories, make the
original root become a subdirectory in the new root
called <name>, rather than adding the new source items
to the original root
Mksquashfs runtime options:
-version print version, licence and copyright message
-exit-on-error treat normally ignored errors as fatal
-recover <name> recover filesystem data using recovery file <name>
-no-recovery don't generate a recovery file
-info print files written to filesystem
-no-progress don't display the progress bar
-progress display progress bar when using the -info option
-processors <number> Use <number> processors. By default will use number of
processors available
-mem <size> Use <size> physical memory. Currently set to 1922M
Optionally a suffix of K, M or G can be given to specify
Kbytes, Mbytes or Gbytes respectively
Miscellaneous options:
-root-owned alternative name for -all-root
-noInodeCompression alternative name for -noI
-noDataCompression alternative name for -noD
-noFragmentCompression alternative name for -noF
-noXattrCompression alternative name for -noX
-Xhelp print compressor options for selected compressor
Compressors available and compressor specific options:
gzip (default)
-Xcompression-level <compression-level>
<compression-level> should be 1 .. 9 (default 9)
-Xwindow-size <window-size>
<window-size> should be 8 .. 15 (default 15)
-Xstrategy strategy1,strategy2,...,strategyN
Compress using strategy1,strategy2,...,strategyN in turn
and choose the best compression.
Available strategies: default, filtered, huffman_only,
run_length_encoded and fixed
lzo
-Xalgorithm <algorithm>
Where <algorithm> is one of:
lzo1x_1
lzo1x_1_11
lzo1x_1_12
lzo1x_1_15
lzo1x_999 (default)
-Xcompression-level <compression-level>
<compression-level> should be 1 .. 9 (default 8)
Only applies to lzo1x_999 algorithm
lz4
-Xhc
Compress using LZ4 High Compression
xz
-Xbcj filter1,filter2,...,filterN
Compress using filter1,filter2,...,filterN in turn
(in addition to no filter), and choose the best compression.
Available filters: x86, arm, armthumb, powerpc, sparc, ia64
-Xdict-size <dict-size>
Use <dict-size> as the XZ dictionary size. The dictionary size
can be specified as a percentage of the block size, or as an
absolute value. The dictionary size must be less than or equal
to the block size and 8192 bytes or larger. It must also be
storable in the xz header as either 2^n or as 2^n+2^(n+1).
Example dict-sizes are 75%, 50%, 37.5%, 25%, or 32K, 16K, 8K
etc.
Source1 source2 ... are the source directories/files containing the
files/directories that will form the squashfs filesystem. If a single
directory is specified (i.e. mksquashfs source output_fs) the squashfs
filesystem will consist of that directory, with the top-level root
directory corresponding to the source directory.
If multiple source directories or files are specified, mksquashfs will merge
the specified sources into a single filesystem, with the root directory
containing each of the source files/directories. The name of each directory
entry will be the basename of the source path. If more than one source
entry maps to the same name, the conflicts are named xxx_1, xxx_2, etc. where
xxx is the original name.
To make this clear, take two example directories. Source directory
"/home/phillip/test" contains "file1", "file2" and "dir1".
Source directory "goodies" contains "goodies1", "goodies2" and "goodies3".
usage example 1:
%mksquashfs /home/phillip/test output_fs
This will generate a squashfs filesystem with root entries
"file1", "file2" and "dir1".
example 2:
%mksquashfs /home/phillip/test goodies output_fs
This will create a squashfs filesystem with the root containing
entries "test" and "goodies" corresponding to the source
directories "/home/phillip/test" and "goodies".
example 3:
%mksquashfs /home/phillip/test goodies test output_fs
This is the same as the previous example, except a third
source directory "test" has been specified. This conflicts
with the first directory named "test" and will be renamed "test_1".
Multiple sources allow filesystems to be generated without needing to
copy all source files into a common directory. This simplifies creating
filesystems.
The -keep-as-directory option can be used when only one source directory
is specified, and you wish the root to contain that directory, rather than
the contents of the directory. For example:
example 4:
%mksquashfs /home/phillip/test output_fs -keep-as-directory
This is the same as example 1, except for -keep-as-directory.
This will generate a root directory containing directory "test",
rather than the "test" directory contents "file1", "file2" and "dir1".
The Dest argument is the destination where the squashfs filesystem will be
written. This can either be a conventional file or a block device. If the file
doesn't exist it will be created, if it does exist and a squashfs
filesystem exists on it, mksquashfs will append. The -noappend option will
write a new filesystem irrespective of whether an existing filesystem is
present.
3.2 Changing compression algorithm and compression specific options
-------------------------------------------------------------------
By default Mksquashfs will compress using the gzip compression
algorithm. This algorithm offers a good trade-off between compression
ratio, and memory and time taken to decompress.
Squashfs also supports LZ4, LZO and XZ (LZMA2) compression. LZO offers worse
compression ratio than gzip, but is faster to decompress. XZ offers better
compression ratio than gzip, but at the expense of greater memory and time
to decompress (and significantly more time to compress). LZ4 is similar
to LZO, but, support for it is not yet in the mainline kernel, and so
its usefulness is currently limited to using Squashfs with Mksquashfs/Unsquashfs
as an archival system like tar.
If you're not building the squashfs-tools and kernel from source, then
the tools and kernel may or may not have been built with support for LZ4, LZO or
XZ compression. The compression algorithms supported by the build of
Mksquashfs can be found by typing mksquashfs without any arguments. The
compressors available are displayed at the end of the help message, e.g.
Compressors available and compressor specific options:
gzip (default)
-Xcompression-level <compression-level>
<compression-level> should be 1 .. 9 (default 9)
-Xwindow-size <window-size>
<window-size> should be 8 .. 15 (default 15)
-Xstrategy strategy1,strategy2,...,strategyN
Compress using strategy1,strategy2,...,strategyN in turn
and choose the best compression.
Available strategies: default, filtered, huffman_only,
run_length_encoded and fixed
lzo
-Xalgorithm <algorithm>
Where <algorithm> is one of:
lzo1x_1
lzo1x_1_11
lzo1x_1_12
lzo1x_1_15
lzo1x_999 (default)
-Xcompression-level <compression-level>
<compression-level> should be 1 .. 9 (default 8)
Only applies to lzo1x_999 algorithm
lz4
-Xhc
Compress using LZ4 High Compression
xz
-Xbcj filter1,filter2,...,filterN
Compress using filter1,filter2,...,filterN in turn
(in addition to no filter), and choose the best compression.
Available filters: x86, arm, armthumb, powerpc, sparc, ia64
-Xdict-size <dict-size>
Use <dict-size> as the XZ dictionary size. The dictionary size
can be specified as a percentage of the block size, or as an
absolute value. The dictionary size must be less than or equal
to the block size and 8192 bytes or larger. It must also be
storable in the xz header as either 2^n or as 2^n+2^(n+1).
Example dict-sizes are 75%, 50%, 37.5%, 25%, or 32K, 16K, 8K
etc.
If the compressor offers compression specific options (all the compressors now
have compression specific options except the deprecated lzma1 compressor)
then these options are also displayed (.i.e. in the above XZ is shown with two
compression specific options). The compression specific options are, obviously,
specific to the compressor in question, and the compressor documentation and
web sites should be consulted to understand their behaviour. In general
the Mksquashfs compression defaults for each compressor are optimised to
give the best performance for each compressor, where what constitutes
best depends on the compressor. For gzip/xz best means highest compression,
for LZO/LZ4 best means a tradeoff between compression and (de)-compression
overhead (LZO/LZ4 by definition are intended for weaker processors).
3.3 Changing global compression defaults used in mksquashfs
-----------------------------------------------------------
There are a large number of options that can be used to control the
compression in mksquashfs. By and large the defaults are the most
optimum settings and should only be changed in exceptional circumstances!
Note, this does not apply to the block size, increasing the block size
from the default of 128Kbytes will increase compression (especially
for the xz compressor) and should increase I/O performance too. However,
a block size of greater than 128Kbytes may increase latency in certain
cases (where the filesystem contains lots of fragments, and no locality
of reference is observed). For this reason the block size default is
configured to the less optimal 128Kbytes. Users should experiment
with 256Kbyte sizes or above.
The -noI, -noD and -noF options (also -noInodeCompression, -noDataCompression
and -noFragmentCompression) can be used to force mksquashfs to not compress
inodes/directories, data and fragments respectively. Giving all options
generates an uncompressed filesystem.
The -no-fragments tells mksquashfs to not generate fragment blocks, and rather
generate a filesystem similar to a Squashfs 1.x filesystem. It will of course
still be a Squashfs 4.0 filesystem but without fragments, and so it won't be
mountable on a Squashfs 1.x system.
The -always-use-fragments option tells mksquashfs to always generate
fragments for files irrespective of the file length. By default only small
files less than the block size are packed into fragment blocks. The ends of
files which do not fit fully into a block, are NOT by default packed into
fragments. To illustrate this, a 100K file has an initial 64K block and a 36K
remainder. This 36K remainder is not packed into a fragment by default. This
is because to do so leads to a 10 - 20% drop in sequential I/O performance, as a
disk head seek is needed to seek to the initial file data and another disk seek
is need to seek to the fragment block. Specify this option if you want file
remainders to be packed into fragment blocks. Doing so may increase the
compression obtained BUT at the expense of I/O speed.
The -no-duplicates option tells mksquashfs to not check the files being
added to the filesystem for duplicates. This can result in quicker filesystem
generation and appending although obviously compression will suffer badly if
there is a lot of duplicate files.
The -b option allows the block size to be selected, both "K" and "M" postfixes
are supported, this can be either 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K or
1M bytes.
3.4 Specifying the UIDs/GIDs used in the filesystem
---------------------------------------------------
By default files in the generated filesystem inherit the UID and GID ownership
of the original file. However, mksquashfs provides a number of options which
can be used to override the ownership.
The options -all-root and -root-owned (both do exactly the same thing) force all
file uids/gids in the generated Squashfs filesystem to be root. This allows
root owned filesystems to be built without root access on the host machine.
The "-force-uid uid" option forces all files in the generated Squashfs
filesystem to be owned by the specified uid. The uid can be specified either by
name (i.e. "root") or by number.
The "-force-gid gid" option forces all files in the generated Squashfs
filesystem to be group owned by the specified gid. The gid can be specified
either by name (i.e. "root") or by number.
3.5 Excluding files from the filesystem
---------------------------------------
The -e and -ef options allow files/directories to be specified which are
excluded from the output filesystem. The -e option takes the exclude
files/directories from the command line, the -ef option takes the
exlude files/directories from the specified exclude file, one file/directory
per line.
Two styles of exclude file matching are supported: basic exclude matching, and
extended wildcard matching. Basic exclude matching is a legacy feature
retained for backwards compatibility with earlier versions of Mksquashfs.
Extended wildcard matching should be used in preference.
3.5.1 Basic exclude matching
----------------------------
Each exclude file is treated as an exact match of a file/directory in
the source directories. If an exclude file/directory is absolute (i.e.
prefixed with /, ../, or ./) the entry is treated as absolute, however, if an
exclude file/directory is relative, it is treated as being relative to each of
the sources in turn, i.e.
%mksquashfs /tmp/source1 source2 output_fs -e ex1 /tmp/source1/ex2 out/ex3
Will generate exclude files /tmp/source1/ex2, /tmp/source1/ex1, source2/ex1,
/tmp/source1/out/ex3 and source2/out/ex3.
3.5.2 Extended exclude file handling
------------------------------------
Extended exclude file matching treats each exclude file as a wildcard or
regex expression. To enable wildcard matching specify the -wildcards
option, and to enable regex matching specify the -regex option. In most
cases the -wildcards option should be used rather than -regex because wildcard
matching behaviour is significantly easier to understand!
In addition to wildcards/regex expressions, exclude files can be "anchored" or
"non-anchored". An anchored exclude is one which matches from the root of the
directory and nowhere else, a non-anchored exclude matches anywhere. For
example given the directory hierarchy "a/b/c/a/b", the anchored exclude
"a/b" will match "a/b" at the root of the directory hierarchy, but
it will not match the "/a/b" sub-directory within directory "c", whereas a
non-anchored exclude would.
A couple of examples should make this clearer.
Anchored excludes
1. mksquashfs example image.sqsh -wildcards -e 'test/*.gz'
Exclude all files matching "*.gz" in the top level directory "test".
2. mksquashfs example image.sqsh -wildcards -e '*/[Tt]est/example*'
Exclude all files beginning with "example" inside directories called
"Test" or "test", that occur inside any top level directory.
Using extended wildcards, negative matching is also possible.
3. mksquashfs example image.sqsh -wildcards -e 'test/!(*data*).gz'
Exclude all files matching "*.gz" in top level directory "test",
except those with "data" in the name.
Non-anchored excludes
By default excludes match from the top level directory, but it is
often useful to exclude a file matching anywhere in the source directories.
For this non-anchored excludes can be used, specified by pre-fixing the
exclude with "...".
Examples:
1. mksquashfs example image.sqsh -wildcards -e '... *.gz'
Exclude files matching "*.gz" anywhere in the source directories.
For example this will match "example.gz", "test/example.gz", and
"test/test/example.gz".
2. mksquashfs example image.sqsh -wildcards -e '... [Tt]est/*.gz'
Exclude files matching "*.gz" inside directories called "Test" or
"test" that occur anywhere in the source directories.
Again, using extended wildcards, negative matching is also possible.
3. mksquashfs example image.sqsh -wildcards -e '... !(*data*).gz'
Exclude all files matching "*.gz" anywhere in the source directories,
except those with "data" in the name.
3.5.3 Exclude files summary
---------------------------
The -e and -ef exclude options are usefully used in archiving the entire
filesystem, where it is wished to avoid archiving /proc, and the filesystem
being generated, i.e.
%mksquashfs / /tmp/root.sqsh -e proc /tmp/root.sqsh
Multiple -ef options can be specified on the command line, and the -ef
option can be used in conjuction with the -e option.
3.6 Appending to squashfs filesystems
-------------------------------------
Running squashfs with the destination directory containing an existing
filesystem will add the source items to the existing filesystem. By default,
the source items are added to the existing root directory.
To make this clear... An existing filesystem "image" contains root entries
"old1", and "old2". Source directory "/home/phillip/test" contains "file1",
"file2" and "dir1".
example 1:
%mksquashfs /home/phillip/test image
Will create a new "image" with root entries "old1", "old2", "file1", "file2" and
"dir1"
example 2:
%mksquashfs /home/phillip/test image -keep-as-directory
Will create a new "image" with root entries "old1", "old2", and "test".
As shown in the previous section, for single source directories
'-keep-as-directory' adds the source directory rather than the
contents of the directory.
example 3:
%mksquashfs /home/phillip/test image -keep-as-directory -root-becomes
original-root
Will create a new "image" with root entries "original-root", and "test". The
'-root-becomes' option specifies that the original root becomes a subdirectory
in the new root, with the specified name.
The append option with file duplicate detection, means squashfs can be
used as a simple versioning archiving filesystem. A squashfs filesystem can
be created with for example the linux-2.4.19 source. Appending the linux-2.4.20
source will create a filesystem with the two source trees, but only the
changed files will take extra room, the unchanged files will be detected as
duplicates.
3.7 Appending recovery file feature
-----------------------------------
Recovery files are created when appending to existing Squashfs
filesystems. This allows the original filesystem to be recovered
if Mksquashfs aborts unexpectedly (i.e. power failure).
The recovery files are called squashfs_recovery_xxx_yyy, where
"xxx" is the name of the filesystem being appended to, and "yyy" is a
number to guarantee filename uniqueness (the PID of the parent Mksquashfs
process).
Normally if Mksquashfs exits correctly the recovery file is deleted to
avoid cluttering the filesystem. If Mksquashfs aborts, the "-recover"
option can be used to recover the filesystem, giving the previously
created recovery file as a parameter, i.e.
mksquashfs dummy image.sqsh -recover squashfs_recovery_image.sqsh_1234
The writing of the recovery file can be disabled by specifying the
"-no-recovery" option.
3.8 Pseudo file support
-----------------------
Mksquashfs supports pseudo files, these allow fake files, directories, character
and block devices to be specified and added to the Squashfs filesystem being
built, rather than requiring them to be present in the source directories.
This, for example, allows device nodes to be added to the filesystem without
requiring root access.
Mksquashfs 4.1 added support for "dynamic pseudo files" and a modify operation.
Dynamic pseudo files allow files to be dynamically created when Mksquashfs
is run, their contents being the result of running a command or piece of
shell script. The modifiy operation allows the mode/uid/gid of an existing
file in the source filesystem to be modified.
Two Mksquashfs options are supported, -p allows one pseudo file to be specified
on the command line, and -pf allows a pseudo file to be specified containing a
list of pseduo definitions, one per line.
3.8.1. Creating a dynamic file
------------------------------
Pseudo definition
Filename f mode uid gid command
mode is the octal mode specifier, similar to that expected by chmod.
uid and gid can be either specified as a decimal number, or by name.
command can be an executable or a piece of shell script, and it is executed
by running "/bin/sh -c command". The stdout becomes the contents of
"Filename".
Examples:
Running a basic command
-----------------------
/somedir/dmesg f 444 root root dmesg
creates a file "/somedir/dmesg" containing the output from dmesg.
Executing shell script
----------------------
RELEASE f 444 root root \
if [ ! -e /tmp/ver ]; then \
echo 0 > /tmp/ver; \
fi; \
ver=`cat /tmp/ver`; \
ver=$((ver +1)); \
echo $ver > /tmp/ver; \
echo -n `cat /tmp/release`; \
echo "-dev #"$ver `date` "Build host" `hostname`
Creates a file RELEASE containing the release name, date, build host, and
an incrementing version number. The incrementing version is a side-effect
of executing the shell script, and ensures every time Mksquashfs is run a
new version number is used without requiring any other shell scripting.
The above example also shows that commands can be split across multiple lines
using "\". Obviously as the script will be presented to the shell as a single
line, a semicolon is need to separate individual shell commands within the
shell script.
Reading from a device (or fifo/named socket)
--------------------------------------------
input f 444 root root dd if=/dev/sda1 bs=1024 count=10
Copies 10K from the device /dev/sda1 into the file input. Ordinarily Mksquashfs
given a device, fifo, or named socket will place that special file within the
Squashfs filesystem, the above allows input from these special files to be
captured and placed in the Squashfs filesystem.
3.8.2. Creating a block or character device
-------------------------------------------
Pseudo definition
Filename type mode uid gid major minor
Where type is either
b - for block devices, and
c - for character devices
mode is the octal mode specifier, similar to that expected by chmod.
uid and gid can be either specified as a decimal number, or by name.
For example:
/dev/chr_dev c 666 root root 100 1
/dev/blk_dev b 666 0 0 200 200
creates a character device "/dev/chr_dev" with major:minor 100:1 and
a block device "/dev/blk_dev" with major:minor 200:200, both with root
uid/gid and a mode of rw-rw-rw.
3.8.3. Creating a directory
---------------------------
Pseudo definition
Filename d mode uid gid
mode is the octal mode specifier, similar to that expected by chmod.
uid and gid can be either specified as a decimal number, or by name.
For example:
/pseudo_dir d 666 root root
creates a directory "/pseudo_dir" with root uid/gid and mode of rw-rw-rw.
3.8.4. Modifying attributes of an existing file
-----------------------------------------------
Pseudo definition
Filename m mode uid gid
mode is the octal mode specifier, similar to that expected by chmod.
uid and gid can be either specified as a decimal number, or by name.
For example:
dmesg m 666 root root
Changes the attributes of the file "dmesg" in the filesystem to have
root uid/gid and a mode of rw-rw-rw, overriding the attributes obtained
from the source filesystem.
3.9 Miscellaneous options
-------------------------
The -info option displays the files/directories as they are compressed and
added to the filesystem. The original uncompressed size of each file
is printed, along with DUPLICATE if the file is a duplicate of a
file in the filesystem.
The -nopad option informs mksquashfs to not pad the filesystem to a 4K multiple.
This is performed by default to enable the output filesystem file to be mounted
by loopback, which requires files to be a 4K multiple. If the filesystem is
being written to a block device, or is to be stored in a bootimage, the extra
pad bytes are not needed.
4. UNSQUASHFS
-------------
Unsquashfs allows you to decompress and extract a Squashfs filesystem without
mounting it. It can extract the entire filesystem, or a specific
file or directory.
The Unsquashfs usage info is:
SYNTAX: ./unsquashfs [options] filesystem [directories or files to extract]
-v[ersion] print version, licence and copyright information
-d[est] <pathname> unsquash to <pathname>, default "squashfs-root"
-n[o-progress] don't display the progress bar
-no[-xattrs] don't extract xattrs in file system
-x[attrs] extract xattrs in file system (default)
-u[ser-xattrs] only extract user xattrs in file system.
Enables extracting xattrs
-p[rocessors] <number> use <number> processors. By default will use
number of processors available
-i[nfo] print files as they are unsquashed
-li[nfo] print files as they are unsquashed with file
attributes (like ls -l output)
-l[s] list filesystem, but don't unsquash
-ll[s] list filesystem with file attributes (like
ls -l output), but don't unsquash
-f[orce] if file already exists then overwrite
-s[tat] display filesystem superblock information
-e[f] <extract file> list of directories or files to extract.
One per line
-da[ta-queue] <size> Set data queue to <size> Mbytes. Default 256
Mbytes
-fr[ag-queue] <size> Set fragment queue to <size> Mbytes. Default
256 Mbytes
-r[egex] treat extract names as POSIX regular expressions
rather than use the default shell wildcard
expansion (globbing)
Decompressors available:
gzip
lzo
lz4
xz
To extract a subset of the filesystem, the filenames or directory
trees that are to be extracted can be specified on the command line. The
files/directories should be specified using the full path to the
files/directories as they appear within the Squashfs filesystem. The
files/directories will also be extracted to those positions within the specified
destination directory.
The extract files can also be given in a file using the "-e[f]" option.
Similarly to Mksquashfs, wildcard matching is performed on the extract
files. Wildcard matching is enabled by default.
Examples:
1. unsquashfs image.sqsh 'test/*.gz'
Extract all files matching "*.gz" in the top level directory "test".
2. unsquashfs image.sqsh '[Tt]est/example*'
Extract all files beginning with "example" inside top level directories
called "Test" or "test".
Using extended wildcards, negative matching is also possible.
3. unsquashfs image.sqsh 'test/!(*data*).gz'
Extract all files matching "*.gz" in top level directory "test",
except those with "data" in the name.
4.1 Unsquashfs options
----------------------
The "-ls" option can be used to list the contents of a filesystem without
decompressing the filesystem data itself. The "-lls" option is similar
but it also displays file attributes (ls -l style output).
The "-info" option forces Unsquashfs to print each file as it is decompressed.
The -"linfo" is similar but it also displays file attributes.
The "-dest" option specifies the directory that is used to decompress
the filesystem data. If this option is not given then the filesystem is
decompressed to the directory "squashfs-root" in the current working directory.
The "-force" option forces Unsquashfs to output to the destination
directory even if files or directories already exist. This allows you
to update an existing directory tree, or to Unsquashfs to a partially
filled directory. Without the "-force" option, Unsquashfs will
refuse to overwrite any existing files, or to create any directories if they
already exist. This is done to protect data in case of mistakes, and
so the "-force" option should be used with caution.
The "-stat" option displays filesystem superblock information. This is
useful to discover the filesystem version, byte ordering, whether it has a NFS
export table, and what options were used to compress the filesystem, etc.
Unsquashfs can decompress all Squashfs filesystem versions, 1.x, 2.x, 3.x and
4.0 filesystems.
5. FILESYSTEM LAYOUT
--------------------
A squashfs filesystem consists of a maximum of nine parts, packed together on a
byte alignment:
---------------
| superblock |
|---------------|
| compression |
| options |
|---------------|
| datablocks |
| & fragments |
|---------------|
| inode table |
|---------------|
| directory |
| table |
|---------------|
| fragment |
| table |
|---------------|
| export |
| table |
|---------------|
| uid/gid |
| lookup table |
|---------------|
| xattr |
| table |
---------------
Compressed data blocks are written to the filesystem as files are read from
the source directory, and checked for duplicates. Once all file data has been
written the completed super-block, compression options, inode, directory,
fragment, export, uid/gid lookup and xattr tables are written.
5.1 Compression options
-----------------------
Compressors can optionally support compression specific options (e.g.
dictionary size). If non-default compression options have been used, then
these are stored here.
5.2 Inodes
----------
Metadata (inodes and directories) are compressed in 8Kbyte blocks. Each
compressed block is prefixed by a two byte length, the top bit is set if the
block is uncompressed. A block will be uncompressed if the -noI option is set,
or if the compressed block was larger than the uncompressed block.
Inodes are packed into the metadata blocks, and are not aligned to block
boundaries, therefore inodes overlap compressed blocks. Inodes are identified
by a 48-bit number which encodes the location of the compressed metadata block
containing the inode, and the byte offset into that block where the inode is
placed (<block, offset>).
To maximise compression there are different inodes for each file type
(regular file, directory, device, etc.), the inode contents and length
varying with the type.
To further maximise compression, two types of regular file inode and
directory inode are defined: inodes optimised for frequently occurring
regular files and directories, and extended types where extra
information has to be stored.
5.3 Directories
---------------
Like inodes, directories are packed into compressed metadata blocks, stored
in a directory table. Directories are accessed using the start address of
the metablock containing the directory and the offset into the
decompressed block (<block, offset>).
Directories are organised in a slightly complex way, and are not simply
a list of file names. The organisation takes advantage of the
fact that (in most cases) the inodes of the files will be in the same
compressed metadata block, and therefore, can share the start block.
Directories are therefore organised in a two level list, a directory
header containing the shared start block value, and a sequence of directory
entries, each of which share the shared start block. A new directory header
is written once/if the inode start block changes. The directory
header/directory entry list is repeated as many times as necessary.
Directories are sorted, and can contain a directory index to speed up
file lookup. Directory indexes store one entry per metablock, each entry
storing the index/filename mapping to the first directory header
in each metadata block. Directories are sorted in alphabetical order,
and at lookup the index is scanned linearly looking for the first filename
alphabetically larger than the filename being looked up. At this point the
location of the metadata block the filename is in has been found.
The general idea of the index is ensure only one metadata block needs to be
decompressed to do a lookup irrespective of the length of the directory.
This scheme has the advantage that it doesn't require extra memory overhead
and doesn't require much extra storage on disk.
5.4 File data
-------------
Regular files consist of a sequence of contiguous compressed blocks, and/or a
compressed fragment block (tail-end packed block). The compressed size
of each datablock is stored in a block list contained within the
file inode.
To speed up access to datablocks when reading 'large' files (256 Mbytes or
larger), the code implements an index cache that caches the mapping from
block index to datablock location on disk.
The index cache allows Squashfs to handle large files (up to 1.75 TiB) while
retaining a simple and space-efficient block list on disk. The cache
is split into slots, caching up to eight 224 GiB files (128 KiB blocks).
Larger files use multiple slots, with 1.75 TiB files using all 8 slots.
The index cache is designed to be memory efficient, and by default uses
16 KiB.
5.5 Fragment lookup table
-------------------------
Regular files can contain a fragment index which is mapped to a fragment
location on disk and compressed size using a fragment lookup table. This
fragment lookup table is itself stored compressed into metadata blocks.
A second index table is used to locate these. This second index table for
speed of access (and because it is small) is read at mount time and cached
in memory.
5.6 Uid/gid lookup table
------------------------
For space efficiency regular files store uid and gid indexes, which are
converted to 32-bit uids/gids using an id look up table. This table is
stored compressed into metadata blocks. A second index table is used to
locate these. This second index table for speed of access (and because it
is small) is read at mount time and cached in memory.
5.7 Export table
----------------
To enable Squashfs filesystems to be exportable (via NFS etc.) filesystems
can optionally (disabled with the -no-exports Mksquashfs option) contain
an inode number to inode disk location lookup table. This is required to
enable Squashfs to map inode numbers passed in filehandles to the inode
location on disk, which is necessary when the export code reinstantiates
expired/flushed inodes.
This table is stored compressed into metadata blocks. A second index table is
used to locate these. This second index table for speed of access (and because
it is small) is read at mount time and cached in memory.
5.8 Xattr table
---------------
The xattr table contains extended attributes for each inode. The xattrs
for each inode are stored in a list, each list entry containing a type,
name and value field. The type field encodes the xattr prefix
("user.", "trusted." etc) and it also encodes how the name/value fields
should be interpreted. Currently the type indicates whether the value
is stored inline (in which case the value field contains the xattr value),
or if it is stored out of line (in which case the value field stores a
reference to where the actual value is stored). This allows large values
to be stored out of line improving scanning and lookup performance and it
also allows values to be de-duplicated, the value being stored once, and
all other occurences holding an out of line reference to that value.
The xattr lists are packed into compressed 8K metadata blocks.
To reduce overhead in inodes, rather than storing the on-disk
location of the xattr list inside each inode, a 32-bit xattr id
is stored. This xattr id is mapped into the location of the xattr
list using a second xattr id lookup table.
6. AUTHOR INFO
--------------
Squashfs was written by Phillip Lougher, email phillip@lougher.demon.co.uk,
in Chepstow, Wales, UK. If you like the program, or have any problems,
then please email me, as it's nice to get feedback!
有关squashfs文件系统的详细知识可以参考官方的网址:http://www.tldp.org/HOWTO/SquashFS-HOWTO/index.html。
Table of Contents1. What is SquashFS
- 1.1. Introduction
- 1.2. Overview of SquashFS
- 1.3. Making it clear
- 2.1. Acquiring SquashFS
- 2.2. Preparing a SquashFS-capable kernel
- 2.3. Compiling the SquashFS tools
- 2.4. Installing SquashFS on Debian
- 3.1. Using mksquashfs
- 3.2. Command-line options
- 3.3. Using unsquashfs
4. Creating and using squashed file systems
- 4.1. Basic steps
- 4.2. Squashing file systems
- 4.3. Creating tiny/embedded systems
- 4.4. Making it writeble
5. Acknowledgements6. License
路由器逆向分析------sasquatch和squashfs-tools工具的安装和使用的更多相关文章
- 路由器逆向分析------Running Debian MIPS Linux in QEMU
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/70176583 下面的文章内容主要参考英文博客<Running Debian ...
- 路由器逆向分析------在QEMU MIPS虚拟机上运行MIPS程序(ssh方式)
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69652258 在QEMU MIPS虚拟机上运行MIPS程序--SSH方式 有关在u ...
- 路由器逆向分析------MIPS系统网络的配置(QEMU)
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69378333 MIPS系统网络的配置 使用QEMU 模拟正在运行的MIPS系统并 ...
- 路由器逆向分析------firmware-mod-kit工具安装和使用说明
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/68061957 一.firmware-mod-kit工具的安装 firmware-m ...
- 路由器逆向分析------binwalk工具的安装
本文博客链接:http://blog.csdn.net/qq1084283172/article/details/65441110 一.binwalk工具运行支持的平台 binwalk工具安装支持的平 ...
- 路由器逆向分析------binwalk工具的详细使用说明
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/66971242 一.binwalk工具的基本用法介绍 1.获取帮助信息 $ binw ...
- 路由器逆向分析------QEMU的下载和安装(Linux平台)
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/68953160 一.QEMU源码的下载和编译 QEMU源码的github下载地址:h ...
- 路由器逆向分析------MIPS交叉编译环境的搭建(Buildroot)
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/68950682 为了能在我们熟悉的windows或者ubuntu下开发mips架构的 ...
- 路由器逆向分析------在Linux上安装IDA Pro
本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...
随机推荐
- JDK的下载、安装与配置
一.JDK的下载 1.JDK下载地址:https://www.oracle.com/cn/java/technologies/javase-downloads.html 2.登录Oralce官网:ht ...
- 653. 两数之和 IV - 输入 BST + HashSet
653. 两数之和 IV - 输入 BST 题目描述 题解分析 最简单的方法就是遍历整棵树,找出所有可能的组合,判断是否存在和为 kk 的一对节点.现在在此基础上做一些改进. 如果存在两个元素之和为 ...
- 剑指 Offer 57 - II. 和为s的连续正数序列 + 双指针 + 数论
剑指 Offer 57 - II. 和为s的连续正数序列 Offer_57_2 题目描述 方法一:暴力枚举 package com.walegarrett.offer; /** * @Author W ...
- 元数据管理—动态表单设计器在crudapi系统中完整实现
表单设计 在前面文章中,我们通过一系列案例介绍了表单设计的一些基本功能,表单设计起到非常重要作用,也是crudapi核心,所以本文会详细介绍表单设计中一些其它功能. 概要 表单字段column属性 列 ...
- 『力荐汇总』这些 VS Code 快捷键太好用,忍不住录了这34张gif动图
之前写过三篇文章,收获了极其不错的阅读量与转发量: 你真的会用 VS Code 的 Ctrl.Shift和Alt吗?高效易用的快捷键:多光标.跳转引用等轻松搞定 VS Code 中的 Vim 操作 | ...
- Java 常见对象 03
常见对象·StringBuffer类 StringBuffer类概述 * A:StringBuffer类概述 * 通过 JDk 提供的API,查看StringBuffer类的说明 * 线程安全的可变字 ...
- Java并发编程之多线程
线程 进程/线程/协程/管程 进程:操作系统会以进程为单位,分配系统资源(CPU时间片.内存等资源),是资源分配的最小单位 进程间通信(IPC): 管道(Pipe) 命名管道(FIFO) 消息队列(M ...
- python多版本与虚拟环境
这篇纯python技术文章,我自己平时也会用到,在此记录一下. 为什么会用到多个Python版本? 用macOS和Ubutntu的同学都知道系统默认安装的Python2.7.x,然后,我们平时pyth ...
- java例题_28 冒泡排序
1 /*28 [程序 28 排序算法] 2 题目:对 10 个数进行排序 3 程序分析:可以利用选择法,即从后 9 个比较过程中,选择一个最小的与第一个元素交换, 下次类推, 4 即用第二个元素与后 ...
- 单链表c语言实现的形式
包括初始化,创建,查询,长度,删除,清空,销毁等操作 代码如下: #include<stdio.h> #include<stdlib.h> //定义单链表的数据类型 typed ...