pbzx regression on HomePod FW

Used for discussing the various tools in the book as well as encouraging members to share tools

pbzx regression on HomePod FW

Postby minicoin » Sat Aug 05, 2017 8:38 pm

Somehow, the updated version of pbzx.c breaks compatibility with the HomePod 11.0.2 OTA FW.

Kernel: Linux 4.10.0-30-generic
OS: Ubuntu 16.04.2 LTS

6841e048050f1f38ecc68977bbdc76d746da6559.zip, AKA the homepod FW has the following hashes:

Code: Select all
SHA1: 7b3447ba4bb08efd139f74b23442e52cd19157d1
SHA256: 4d864a6d59d83b2e09ebc54848cf73c07a737d0d602e982e995e7ed45b668a8e

If you get anything other than the above hashes, your FW is encrypted or corrupted.

When running pbzx.ELF64 on the payload, this happens:

Code: Select all
$ ./pbzx.ELF64 < payload > payload2.xz


Out of memory: Kill process 4589 (pbzx.ELF64) score 494 or sacrifice child
Killed process 4589 (pbzx.ELF64) total-vm:2018452kB, anon-rss:1963152kB, file-rss:4kB, shmem-rss:0kB

When running `file` on payload2.xz...

Code: Select all
payload2.xz: a.out VAX demand paged (first page unmapped) pure executable not stripped

Seems like it might be a memory bug. Previous versions of pbzx.c worked perfectly... somehow.
Posts: 20
Joined: Fri Mar 25, 2016 3:39 pm
Location: Newport News, VA

Re: pbzx regression on HomePod FW

Postby morpheus » Sat Aug 05, 2017 9:11 pm

Oh, that's easy - this is a Linux out of memory error (OOM) which causes the process to be killed..

The new version has xz built in. so the output format will be an OTA that is directly usable with my Ota tool . No XZ necessary. But because I do the xz'ing myself, this might trigger the OOM. Hadn't had this occur on a Mac, but when I just tried this now on a limited Linux VM, I did encounter this. Trying again worked, though. So I would say try a few times.

If you REALLY have low RAM on your machine, you can either (A) increase your swap or B) change /proc/$PID/oom_score_adj to a negative number. This will avoid pbzx being killed (but might kill other innocent victims on your machine).

Because pbzx isn't a regularly used tool - like Ota is - I don't think it's worth fixing. a proper fix would be to mmap in chunks rather than the full file, which is how I do it.

Site Admin
Posts: 737
Joined: Thu Apr 11, 2013 6:24 pm

Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests