onekey-sec
Master node selection seems broken
Maybe I'm misreading the code, please correct me if I oversee something.
In ubifs/__init__.py you read only the first master node from UBIFS_MST_LNUM and UBIFS_MST_LNUM + 1.
But both LEBs usually contain a series of master nodes and you need to find the most recent one.
Otherwise you will start from oudated/wrong roots (for index, lpt, journal, ...).
You are correct. This was originally written to help me deal with a new firmware update, which was assumed clean. The finer points of dealing with a "used image" have rarely or never been really dealt with. Unfortunately getting forgotten over the years.
Okay. If the purpose of the tool is just working with pristine UBIFS filesystems from mkfs.ubifs, perfectly fine. But please make this very clear. Ideally add checks to the code to detect "used" filesystems. Otherwise it will lead to bad surprises.
The NAND part is pretty problematic, as far as I know ECC is something I can't deal with, without some significant knowledge about the hardware and driver. So it'll always be flawed in some regard. But I do need to implement these issues, to get the best possible extraction. A few of them are listed under known issues and have been there for far too long.
All UBIFS cares is whether the data is present or not. See ubifs_scan() in the Linux implementation.
The only case where you are in trouble is when you want to deal with raw NAND dumps where you need to do ECC correction in software, then you need to know the algorithm.