clone the repogit clone https://github.com/devttys0/sasquatch.gitthen cd i

1. clone the repo
2. git clone https://github.com/devttys0/sasquatch.git
3.  
4. then cd in to sasquatch directory
5.  
6. the README mentions this as a pre-req, so do this
7. sudo apt-get install build-essential liblzma-dev liblzo2-dev zlib1g-dev
8.  
9. if you run ./build.sh at this point you will get a bunch of errors related to xz_wrapper and LZMA
10. eventually it ends in something like this:
11.  
12. xz_wrapper.c:462:20: error: ‘LZMA_BUF_ERROR’ undeclared (first use in this function)
13. 462 | } else if(res != LZMA_BUF_ERROR)
14. | ^~~~~~~~~~~~~~
15. xz_wrapper.c: In function ‘xz_uncompress’:
16. xz_wrapper.c:494:2: error: unknown type name ‘lzma_ret’
17. 494 | lzma_ret res = lzma_stream_buffer_decode(&memlimit, 0, NULL,
18. | ^~~~~~~~
19. xz_wrapper.c:494:17: error: implicit declaration of function ‘lzma_stream_buffer_decode’ [-Werror=implicit-function-declaration]
20. 494 | lzma_ret res = lzma_stream_buffer_decode(&memlimit, 0, NULL,
21. | ^~~~~~~~~~~~~~~~~~~~~~~~~
22. xz_wrapper.c:497:12: error: ‘LZMA_OK’ undeclared (first use in this function)
23. 497 | if(res == LZMA_OK && size == (int) src_pos)
24. | ^~~~~~~
25. xz_wrapper.c:503:1: error: control reaches end of non-void function [-Werror=return-type]
26. 503 | }
27. | ^
28. cc1: all warnings being treated as errors
29. make: *** [<builtin>: xz_wrapper.o] Error 1
30.  
31. open the patch file in ./patches/patch0.txt and find this section
32.  
33. # To build using XZ Utils liblzma - install the library and uncomment
34. # the XZ_SUPPORT line below.
35. #
36. -#XZ_SUPPORT = 1
37. +XZ_SUPPORT = 1
38.  
39. It will be around line 38087 of the 38726, so pretty close to the bottom of the file
40.  
41. change the line from
42. +XZ_SUPPORT = 1
43. to
44. +XZ_SUPPORT = 0
45.  
46. then run ./build.sh again
47.  
48. this time it works successfully and end in something like this
49.  
50. make[1]: Entering directory '/AC1200/sasquatch/squashfs4.3/squashfs-tools/LZMA/lzmadaptive/C/7zip/Compress/LZMA_Lib'
51. make[1]: Nothing to be done for 'all'.
52. make[1]: Leaving directory '/AC1200/sasquatch/squashfs4.3/squashfs-tools/LZMA/lzmadaptive/C/7zip/Compress/LZMA_Lib'
53. cc -g -O2 -I. -I./LZMA/lzma465/C -I./LZMA/lzmalt -I./LZMA/lzmadaptive/C/7zip/Compress/LZMA_Lib -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_GNU_SOURCE -DCOMP_DEFAULT=\"gzip\" -Wall -Werror -DGZIP_SUPPORT -DLZMA_SUPPORT -DLZO_SUPPORT -DXATTR_SUPPORT -DXATTR_DEFAULT -c -o lzma_wrapper.o lzma_wrapper.c
54. g++ ./LZMA/lzmalt/*.o unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o unsquash-4.o swap.o compressor.o unsquashfs_info.o gzip_wrapper.o lzma_wrapper.o ./LZMA/lzma465/C/Alloc.o ./LZMA/lzma465/C/LzFind.o ./LZMA/lzma465/C/LzmaDec.o ./LZMA/lzma465/C/LzmaEnc.o ./LZMA/lzma465/C/LzmaLib.o lzo_wrapper.o read_xattrs.o unsquashfs_xattr.o -lpthread -lm -lz -L./LZMA/lzmadaptive/C/7zip/Compress/LZMA_Lib -llzmalib -llzo2 -o sasquatch
55. mkdir -p /usr/local/bin
56. cp sasquatch /usr/local/bin
57.  
58. now when you run binwalk on the firmware dump file it will extract as expected
59.  
60. binwalk -eM flash.bin
61.  
62. now the squashfs-root directory contains the files from the router
63.  
64. notably, check out the passwd and shadow files
65.  
66. $ find . | egrep "passwd|shadow"
67. ./squashfs-root/etc_ro/passwd
68. ./squashfs-root/etc_ro/passwd_private
69. ./squashfs-root/etc_ro/shadow
70. ./squashfs-root/etc_ro/shadow_private
71. ./squashfs-root/usr/bin/passwd
72. ./squashfs-root/usr/sbin/chpasswd
73. ./squashfs-root/var/etc/passwd
74. ./squashfs-root/var/etc/passwd_private
75. ./squashfs-root/var/etc/shadow
76. ./squashfs-root/var/etc/shadow_private
77.