Page 1 of 1

pbzx regression on HomePod FW

PostPosted: Sat Aug 05, 2017 8:38 pm
by minicoin
Somehow, the updated version of pbzx.c breaks compatibility with the HomePod 11.0.2 OTA FW.

Specs:
Kernel: Linux 4.10.0-30-generic
OS: Ubuntu 16.04.2 LTS

6841e048050f1f38ecc68977bbdc76d746da6559.zip, AKA the homepod FW has the following hashes:

Code: Select all
SHA1: 7b3447ba4bb08efd139f74b23442e52cd19157d1
SHA256: 4d864a6d59d83b2e09ebc54848cf73c07a737d0d602e982e995e7ed45b668a8e


If you get anything other than the above hashes, your FW is encrypted or corrupted.

When running pbzx.ELF64 on the payload, this happens:

Code: Select all
$ ./pbzx.ELF64 < payload > payload2.xz

[...]

Out of memory: Kill process 4589 (pbzx.ELF64) score 494 or sacrifice child
Killed process 4589 (pbzx.ELF64) total-vm:2018452kB, anon-rss:1963152kB, file-rss:4kB, shmem-rss:0kB


When running `file` on payload2.xz...

Code: Select all
payload2.xz: a.out VAX demand paged (first page unmapped) pure executable not stripped


Seems like it might be a memory bug. Previous versions of pbzx.c worked perfectly... somehow.

Re: pbzx regression on HomePod FW

PostPosted: Sat Aug 05, 2017 9:11 pm
by morpheus
Oh, that's easy - this is a Linux out of memory error (OOM) which causes the process to be killed..

The new version has xz built in. so the output format will be an OTA that is directly usable with my Ota tool . No XZ necessary. But because I do the xz'ing myself, this might trigger the OOM. Hadn't had this occur on a Mac, but when I just tried this now on a limited Linux VM, I did encounter this. Trying again worked, though. So I would say try a few times.

If you REALLY have low RAM on your machine, you can either (A) increase your swap or B) change /proc/$PID/oom_score_adj to a negative number. This will avoid pbzx being killed (but might kill other innocent victims on your machine).

Because pbzx isn't a regularly used tool - like Ota is - I don't think it's worth fixing. a proper fix would be to mmap in chunks rather than the full file, which is how I do it.

J