def test_lzma():
'''
Test: Open foobar.lzma, scan for signatures.
Verify that only one LZMA signature was detected.
'''
expected_result = "LZMA compressed data, properties: 0x5D, dictionary size: 8388608 bytes, uncompressed size: -1 bytes"
input_vector_file = os.path.join(os.path.dirname(__file__),
"input-vectors",
"foobar.lzma")
scan_result = binwalk.scan(input_vector_file,
signature=True,
quiet=True)
# Test number of modules used
eq_(len(scan_result), 1)
# There should be only one result
eq_(len(scan_result[0].results), 1)
# That result should be at offset 0
eq_(scan_result[0].results[0].offset, 0)
# That result should be an LZMA file
ok_(scan_result[0].results[0].description == expected_result)
def _check_rootfs(self):
"""
If this file contains a known filesystem type, extract it.
"""
if not self.get_rootfs_status():
for module in binwalk.scan(self.item, "-e", "-r", "-y",
"filesystem", signature=True,
quiet=True):
for entry in module.results:
self.printf(">>>> %s" % entry.description)
break
if module.extractor.directory:
unix = Extractor.io_find_rootfs(module.extractor.directory)
if not unix[0]:
self.printf(">>>> Extraction failed!")
return False
self.printf(">>>> Found Linux filesystem in %s!" % unix[1])
if self.output:
shutil.make_archive(self.output, "gztar",root_dir=unix[1])
else:
self.extractor.do_rootfs = False
return True
return False
def test_firmware_squashfs():
'''
Test: Open hello-world.srec, scan for signatures
verify that only one signature is returned
verify that the only signature returned is Motorola S-rec data-signature
'''
expected_results = [
[0, 'DLOB firmware header, boot partition: "dev=/dev/mtdblock/2"'],
[112, 'LZMA compressed data, properties: 0x5D, dictionary size: 33554432 bytes, uncompressed size: 3466208 bytes'],
[1179760, 'PackImg section delimiter tag, little endian size: 11548416 bytes; big endian size: 3649536 bytes'],
[1179792, 'Squashfs filesystem, little endian, version 4.0, compression:lzma, size: 3647665 bytes, 1811 inodes, blocksize: 524288 bytes, created: 2013-09-17 06:43:22'],
]
scan_result = binwalk.scan(
dirname(__file__) + '/input-vectors/firmware.squashfs',
signature=True,
quiet=True,
extract=True) # Throws a warning for missing external extractor
# Test number of modules used
eq_(len(scan_result), 1)
# Test number of results for that module
eq_(len(scan_result[0].results), len(expected_results))
# Test result-description
for i in range(0, len(scan_result[0].results)):
eq_(scan_result[0].results[i].offset, expected_results[i][0])
eq_(scan_result[0].results[i].description, expected_results[i][1])
def _check_kernel(self):
"""
If this file contains a kernel version string, assume it is a kernel.
Only Linux kernels are currently extracted.
"""
if not self.get_kernel_status():
for module in binwalk.scan(self.item, "-y", "kernel",
signature=True, quiet=True):
for entry in module.results:
if "kernel version" in entry.description:
self.update_database("kernel_version",
entry.description)
if "Linux" in entry.description:
if self.get_kernel_path():
shutil.copy(self.item, self.get_kernel_path())
else:
self.extractor.do_kernel = False
self.printf(">>>> %s" % entry.description)
return True
# VxWorks, etc
else:
self.printf(">>>> Ignoring: %s" % entry.description)
return False
return False
return False
def test_firmware_cpio():
'''
Test: Open firmware.cpio, scan for signatures.
Verify that at least one CPIO signature is detected.
Verify that only CPIO signatures are detected.
'''
input_vector_file = os.path.join(os.path.dirname(__file__),
"input-vectors",
"firmware.cpio")
scan_result = binwalk.scan(input_vector_file,
signature=True,
quiet=True)
# Test number of modules used
eq_(len(scan_result), 1)
# Make sure we got some results
ok_(len(scan_result[0].results) > 0)
# First result should be at offset 0
eq_(scan_result[0].results[0].offset, 0)
# Make sure the only thing found were cpio archive entries
for result in scan_result[0].results:
ok_(result.description.startswith("ASCII cpio archive"))
def test_firmware_zip():
'''
Test: Open firmware.zip, scan for signatures
verify that all (and only) expected signatures are detected
'''
expected_results = [
[0, 'Zip archive data, at least v1.0 to extract, name: dir655_revB_FW_203NA/'],
[51, 'Zip archive data, at least v2.0 to extract, compressed size: 6395868, uncompressed size: 6422554, name: dir655_revB_FW_203NA/DIR655B1_FW203NAB02.bin'],
[6395993, 'Zip archive data, at least v2.0 to extract, compressed size: 14243, uncompressed size: 61440, name: dir655_revB_FW_203NA/dir655_revB_release_notes_203NA.doc'],
[6410581, 'End of Zip archive, footer length: 22'],
]
input_vector_file = os.path.join(os.path.dirname(__file__),
"input-vectors",
"firmware.zip")
scan_result = binwalk.scan(input_vector_file,
signature=True,
quiet=True)
# Test number of modules used
eq_(len(scan_result), 1)
# Test number of results for that module
eq_(len(scan_result[0].results), len(expected_results))
# Test result-description
for i in range(0, len(scan_result[0].results)):
eq_(scan_result[0].results[i].offset, expected_results[i][0])
eq_(scan_result[0].results[i].description, expected_results[i][1])
def binwalk_scan(fi):
"""
Scan selected region (the whole file if not selected) to find embedded files
"""
if binwalk_not_installed:
print "binwalk is not installed."
print "Please get it from https://github.com/ReFirmLabs/binwalk"
print "(pip cannot be used to install binwalk)."
return
length = fi.getSelectionLength()
offset = fi.getSelectionOffset()
offset_found = []
if (length > 0):
data = fi.getSelection()
print "Scanned from offset %s to %s:" % (hex(offset), hex(offset + length))
else:
offset = 0
data = fi.getDocument()
length = fi.getLength()
print "Scanned the whole file:"
time_start = time.time()
for module in binwalk.scan(data, signature=True, quiet=True, string=True):
for result in module.results:
print "Offset: 0x%x\t%s" % (offset + result.offset, result.description)
offset_found.append(offset + result.offset)
num_found = len(offset_found)
if num_found == 0:
print "No file has been detected."
print "Elapsed time (scan): %f (sec)" % (time.time() - time_start)
time_start = time.time()
if num_found > 0:
for i in range(0, num_found):
if i + 1 == num_found:
fi.setBookmark(offset_found[i], offset + length - offset_found[i], hex(offset_found[i]), "#c8ffff")
else:
fi.setBookmark(offset_found[i], offset_found[i + 1] - offset_found[i], hex(offset_found[i]), "#c8ffff")
print "\r\nAdded bookmarks to the detected files."
print "Elapsed time (bookmark): %f (sec)" % (time.time() - time_start)
def test_hello_world_simple_scan():
'''
Test: Open hello-world.srec, scan for signatures
verify that only one signature is returned
verify that the only signature returned is Motorola S-rec data-signature
'''
scan_result = binwalk.scan(
dirname(__file__) + '/input-vectors/hello-world.srec',
signature=True,
quiet=True,
extract=True) # Throws a warning for missing external extractor
# Test number of modules used
eq_(len(scan_result), 1)
# Test number of results for that module
eq_(len(scan_result[0].results), 1)
# Test result-description
eq_(scan_result[0].results[0].description,
'Motorola S-Record; binary data in text format, record type: data (32-bit)')
def run(self):
# check parameteres
silent = positive(self.parameters['SILENT'].value)
import binwalk
#if not positive(self.parameters['BACKGROUND'].value) and not negative(self.parameters['BACKGROUND'].value):
# log.err('Bad %s value: %s.', 'BACKGROUND', self.parameters['BACKGROUND'].value)
# return None
try:
# Perform a signature scan against the files specified on the command line and suppress the usual binwalk output.
path = io.get_fullpath(self.parameters['ACTIVEROOT'].value, self.parameters['BINFILE'].value)
for module in binwalk.scan(path, signature=True, quiet=True):
#log.writeline('%s Results:' % module.name)
if not silent:
for result in module.results:
log.writeline('0x%.8X %s [%s]' % (result.offset, result.description, str(result.valid)))
except binwalk.ModuleException as e:
log.err(str(e))
return None
def run(self):
silent = positive(self.parameters["SILENT"].value)
import binwalk
try:
path = io.get_fullpath(self.parameters["ACTIVEROOT"].value, self.parameters["BINFILE"].value)
for module in binwalk.scan(
path,
**{
"signature": True,
"quiet": True,
"extract": True,
"directory": self.parameters["TMPDIR"].value,
"matryoshka": True,
}
):
pass
except binwalk.ModuleException as e:
log.err(str(e))
return None
def test_firmware_gzip():
'''
Test: Open firmware.gzip, scan for signatures.
Verify that only one gzip signature was detected.
'''
input_vector_file = os.path.join(os.path.dirname(__file__),
"input-vectors",
"firmware.gzip")
scan_result = binwalk.scan(input_vector_file,
signature=True,
quiet=True)
# Test number of modules used
eq_(len(scan_result), 1)
# There should be only one result
eq_(len(scan_result[0].results), 1)
# That result should be at offset 0
eq_(scan_result[0].results[0].offset, 0)
# That result should be a gzip file
ok_(scan_result[0].results[0].description.startswith("gzip compressed data"))
def test_firmware_jffs2():
'''
Test: Open firmware.jffs2, scan for signatures.
Verify that only JFFS2 signatures are detected.
Verify that only the first one was displayed.
'''
input_vector_file = os.path.join(os.path.dirname(__file__),
"input-vectors",
"firmware.jffs2")
scan_result = binwalk.scan(input_vector_file,
signature=True,
quiet=True)
# Test number of modules used
eq_(len(scan_result), 1)
# Test number of results for that module, should be more than one
ok_(len(scan_result[0].results) > 1)
first_result = scan_result[0].results[0]
# Check the offset of the first result
eq_(first_result.offset, 0)
# Make sure we found the jffs file system
ok_(first_result.description.startswith("JFFS2 filesystem"))
# Check to make sure the first result was displayed
ok_(first_result.display == True)
# Make sure we only found jffs2 file system entries
# and that nothing but the first entry was displayed
for result in scan_result[0].results[1:]:
ok_(result.description.startswith("JFFS2 filesystem"))
ok_(result.display == False)
#!/usr/bin/env python
import sys
import binwalk
try:
# Perform a signature scan against the files specified on the command line
# and suppress the usual binwalk output.
for module in binwalk.scan(*sys.argv[1:], signature=True, quiet=True):
print("%s Results:" % module.name)
for result in module.results:
print("\t%s 0x%.8X %s [%s]" %
(result.file.name, result.offset, result.description,
str(result.valid)))
except binwalk.ModuleException as e:
pass
def _check_firmware(self):
"""
If this file is of a known firmware type, directly attempt to extract the kernel and root filesystem.
"""
for module in binwalk.scan(self.item,
"-y",
"header",
signature=True,
quiet=True):
for entry in module.results:
# uImage
if "uImage header" in entry.description:
if not self.get_kernel_status(
) and "OS Kernel Image" in entry.description:
kernel_offset = entry.offset + 64
kernel_size = 0
for stmt in entry.description.split(','):
if "image size:" in stmt:
kernel_size = int(
''.join(i for i in stmt if i.isdigit()),
10)
if kernel_size != 0 and kernel_offset + kernel_size <= os.path.getsize(
self.item):
self.printf(">>>> %s" % entry.description)
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, kernel_offset,
kernel_size, tmp_path)
kernel = ExtractionItem(self.extractor, tmp_path,
self.depth)
return kernel.extract()
# elif "RAMDisk Image" in entry.description:
# self.printf(">>>> %s" % entry.description)
# self.printf(">>>> Skipping: RAMDisk / initrd")
# self.terminate = True
# return True
# TP-Link or TRX
elif not self.get_kernel_status() and not self.get_rootfs_status() and \
"rootfs offset: " in entry.description and "kernel offset: " in entry.description:
kernel_offset = 0
kernel_size = 0
rootfs_offset = 0
rootfs_size = 0
for stmt in entry.description.split(','):
if "kernel offset:" in stmt:
kernel_offset = int(stmt.split(':')[1], 16)
elif "kernel length:" in stmt:
kernel_size = int(stmt.split(':')[1], 16)
elif "rootfs offset:" in stmt:
rootfs_offset = int(stmt.split(':')[1], 16)
elif "rootfs length:" in stmt:
rootfs_size = int(stmt.split(':')[1], 16)
# compute sizes if only offsets provided
if kernel_offset != rootfs_size and kernel_size == 0 and rootfs_size == 0:
kernel_size = rootfs_offset - kernel_offset
rootfs_size = os.path.getsize(
self.item) - rootfs_offset
# ensure that computed values are sensible
if (kernel_size > 0 and kernel_offset + kernel_size <= os.path.getsize(self.item)) and \
(rootfs_size != 0 and rootfs_offset + rootfs_size <= os.path.getsize(self.item)):
self.printf(">>>> %s" % entry.description)
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, kernel_offset, kernel_size,
tmp_path)
kernel = ExtractionItem(self.extractor, tmp_path,
self.depth)
kernel.extract()
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, rootfs_offset, rootfs_size,
tmp_path)
rootfs = ExtractionItem(self.extractor, tmp_path,
self.depth)
rootfs.extract()
return self.update_status()
return False
def extract(self):
"""
Perform the actual extraction of firmware updates, recursively. Returns
True if extraction complete, otherwise False.
"""
self.printf("\n" +
self.item.encode("utf-8", "replace").decode("utf-8"))
# check if item is complete
if self.get_status():
self.printf(">> Skipping: completed!")
return True
# check if exceeding recursion depth
if self.depth > ExtractionItem.RECURSION_DEPTH:
self.printf(">> Skipping: recursion depth %d" % self.depth)
return self.get_status()
# check if checksum is in visited set
self.printf(">> MD5: %s" % self.checksum)
with Extractor.visited_lock:
# Skip the same checksum only in the same status
# asus_latest(FW_RT_N12VP_30043804057.zip) firmware
if (self.checksum in self.extractor.visited
and self.extractor.visited[self.checksum] == self.status):
self.printf(">> Skipping: %s..." % self.checksum)
return self.get_status()
else:
self.extractor.visited[self.checksum] = self.status
# check if filetype is blacklisted
if self._check_blacklist():
return self.get_status()
# create working directory
self.temp = tempfile.mkdtemp()
# Move to temporary directory so binwalk does not write to input
os.chdir(self.temp)
try:
self.printf(">> Tag: %s" % self.tag)
self.printf(">> Temp: %s" % self.temp)
self.printf(">> Status: Kernel: %s, Rootfs: %s, Do_Kernel: %s, \
Do_Rootfs: %s" %
(self.get_kernel_status(), self.get_rootfs_status(),
self.extractor.do_kernel, self.extractor.do_rootfs))
for module in binwalk.scan(self.item,
"-e",
"-r",
"-C",
self.temp,
signature=True,
quiet=True):
prev_entry = None
for entry in module.results:
desc = entry.description
dir_name = module.extractor.directory
if prev_entry and prev_entry.description == desc and \
'Zlib comparessed data' in desc:
continue
prev_entry = entry
self.printf('========== Depth: %d ===============' %
self.depth)
self.printf("Name: %s" % self.item)
self.printf("Desc: %s" % desc)
self.printf("Directory: %s" % dir_name)
self._check_firmware(module, entry)
if not self.get_rootfs_status():
self._check_rootfs(module, entry)
if not self.get_kernel_status():
self._check_kernel(module, entry)
if self.update_status():
self.printf(">> Skipping: completed!")
return True
else:
self._check_recursive(module, entry)
except Exception:
print("ERROR: ", self.item)
traceback.print_exc()
return False
print("Decrypted:",output_name)
return output_name
except Exception as e:
print("Decrypting Failed: "+str(e))
os.chdir("./")
for file in glob.glob("*.rbi"):
print("Decrypting %s..."%file)
dec_filename=decrypt(file)
if not dec_filename:
continue
print("Binwalking %s..."%dec_filename)
path_to_push=''
for module in binwalk.scan('--preserve-symlinks', dec_filename, signature=True, extract=True, quiet=True):
for result in module.results:
if result.file.path in module.extractor.output:
if result.offset in module.extractor.output[result.file.path].extracted:
if 'root' in module.extractor.output[result.file.path].extracted[result.offset].files[0]:
path_to_push=module.extractor.output[result.file.path].extracted[result.offset].files[0]
print("Found rootfs %s"%path_to_push)
#print("Extracted %d files from offset 0x%X to '%s' using '%s'" % (len(module.extractor.output[result.file.path].extracted[result.offset].files),result.offset,module.extractor.output[result.file.path].extracted[result.offset].files[0],module.extractor.output[result.file.path].extracted[result.offset].command))
if path_to_push != '':
print("Pushing to github...")
repo = Repo.init(path_to_push) #create repo object of the other repository
repo.create_remote('origin', 'https://github.com/FrancYescO/tch_firmware_extracted')
repo.remotes[0].fetch()
branch_name=dec_filename[:(dec_filename.find(".bin"))]
repo.git.checkout('-b', branch_name)
repo.git.add('.') # same as git add file
def binwalk_execution(binary_name, filename, output_format = None):
path_fs = "/"
if output_format == 'txt':
fl = open(filename+output_format, 'w')
fl.write("«««««««««««««««««««« Binwalk Report »»»»»»»»»»»»»»»»»»»»\n")
for module in binwalk.scan(binary_name, signature=True, quiet=True ,extract=False):
fl.write ("%s Results:\n" % module.name)
for result in module.results:
fl.write ("\t%s 0x%.8X %s\n" % (result.file.path, result.offset, result.description))
for module in binwalk.scan(binary_name, signature=True, quiet=True ,extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[result.file.path].carved:
first, *middle, last = str(module.extractor.output[result.file.path].carved[result.offset]).split('/')
fl.write("\nCarved data from offset 0x%X to %s\n" % (result.offset,module.extractor.output[result.file.path].carved[result.offset]))
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[result.file.path].extracted:
first, *middle, last = str(module.extractor.output[result.file.path].extracted[result.offset].files[0]).split('/')
fl.write("Extracted %d files from offset 0x%X to '%s' using '%s'\n" % (len(module.extractor.output[result.file.path].extracted[result.offset].files), result.offset, module.extractor.output[result.file.path].extracted[result.offset].files[0], module.extractor.output[result.file.path].extracted[result.offset].command))
fl.write("««««««««««««««««««««««««««««»»»»»»»»»»»»»»»»»»»»»»»»»»»»\n\n")
fl.close()
elif output_format == 'pdf':
aux = filename.split('.')
fl = open(aux[0]+ '_binwalk.txt', 'w')
for module in binwalk.scan(binary_name, signature=True, quiet=True ,extract=False):
fl.write ("%s Results:\n" % module.name)
for result in module.results:
fl.write ("\t%s 0x%.8X %s\n" % (result.file.path, result.offset, result.description))
for module in binwalk.scan(binary_name, signature=True, quiet=True ,extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[result.file.path].carved:
first, *middle, last = str(module.extractor.output[result.file.path].carved[result.offset]).split('/')
fl.write("\nCarved data from offset 0x%X to %s\n" % (result.offset,module.extractor.output[result.file.path].carved[result.offset]))
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[result.file.path].extracted:
first, *middle, last = str(module.extractor.output[result.file.path].extracted[result.offset].files[0]).split('/')
fl.write("Extracted %d files from offset 0x%X to '%s' using '%s'\n" % (len(module.extractor.output[result.file.path].extracted[result.offset].files), result.offset, module.extractor.output[result.file.path].extracted[result.offset].files[0], module.extractor.output[result.file.path].extracted[result.offset].command))
fl.close()
else:
print("\n«««««««««««««««««««« Binwalk Report »»»»»»»»»»»»»»»»»»»»")
for module in binwalk.scan(binary_name, signature=True, quiet=False, extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[result.file.path].carved:
first, *middle, last = str(module.extractor.output[result.file.path].carved[result.offset]).split('/')
print("Carved data from offset 0x%X to %s" % (result.offset,module.extractor.output[result.file.path].carved[result.offset]))
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[result.file.path].extracted:
try:
first, *middle, last = str(module.extractor.output[result.file.path].extracted[result.offset].files[0]).split('/')
except Exception as e:
print(e)
pass
print(str(module.extractor.output[result.file.path].extracted[result.offset].files[0]).split('/'))
print("Extracted %d files from offset 0x%X to '%s' using '%s'" % (len(module.extractor.output[result.file.path].extracted[result.offset].files), result.offset, module.extractor.output[result.file.path].extracted[result.offset].files[0], module.extractor.output[result.file.path].extracted[result.offset].command))
print("\n««««««««««««««««««««««««««««»»»»»»»»»»»»»»»»»»»»»»»»»»»»\n\n")
for value in middle:
path_fs += value + '/'
return path_fs
for i in range(0, len(scan_result[0].results)):
eq_(scan_result[0].results[i].offset, expected_results[i][0])
eq_(scan_result[0].results[i].description, expected_results[i][1])
"""
try:
target_file = sys.argv[1]
except IndexError:
sys.stderr.write("Usage: %s <input vector file>\n" % sys.argv[0])
sys.exit(1)
target_file_basename = os.path.basename(target_file)
scan_function_name = target_file_basename.replace('.', '_').replace('-', '_')
expected_results = ""
signature = binwalk.scan(target_file, signature=True, term=True)[0]
for result in signature.results:
expected_results += "\t[%d, '%s'],\n" % (result.offset, result.description)
test_script = test_script_template % (scan_function_name,
target_file_basename,
expected_results,
target_file_basename)
test_script_path = os.path.join("tests", "test_%s.py" % scan_function_name)
with open(test_script_path, "w") as fp:
fp.write(test_script)
sys.stdout.write("Generated test script for '%s' and saved it to '%s'\n" % (target_file, test_script_path))
sys.exit(0)
# Don't compare an image with the same image!
if args.img not in image:
combs.append((args.img, image))
# Adding user supplied image to the list of images to be extracted.
images.append(args.img)
else:
print("[+] - Image passed does not exist! Try again...")
sys.exit()
print("[+] ------------ Analyzing these images ------------")
pp.pprint(images)
print("")
module = binwalk.scan(*images, signature=True, quiet=True, extract=True)
count = 1
for img1, img2 in combs:
print("[+] - Comparing the folowing images...")
print("[+] -> img1 = " + img1)
print("[+] -> img2 = " + img2)
json_data['comp' + str(count)] = {}
json_data['comp' + str(count)]['img1'] = img1
json_data['comp' + str(count)]['img2'] = img2
json_data['comp' + str(count)]['carv_data'] = diff_carvs(
img1, img2, module[0])
print("")
if not flag_format:
print("Flag format not specified")
exit()
if not os.path.exists(out_dir):
os.mkdir(out_dir)
shutil.copyfile(filename, out_dir + '/' + filename)
os.chdir(os.path.abspath(out_dir))
flag_format = flag_format + '{'
print("Looking for flag with format:" + flag_format + '}')
print("BINWALK=======================================")
for module in binwalk.scan(filename, signature=True, quiet=True, extract=True):
for result in module.results:
print("\t%s 0x%.8X %s" %
(result.file.name, result.offset, result.description))
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[
result.file.path].carved:
print("Carved data from offset 0x%X to %s" %
(result.offset, module.extractor.output[
result.file.path].carved[result.offset]))
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[
result.file.path].extracted:
print(
"Extracted %d files from offset 0x%X to '%s' using '%s'" %
def opcode_scan(self, arg):
binwalk.scan(idc.GetIdbPath(), opcode=True)
def request(flow: http.HTTPFlow):
contentAPI = ''
Source = ''
for i in list(filter(None, flow.client_conn.address[0].split(":"))):
if i.count(".") > 2:
Source = i
print("Source:", Source)
if check_whitelist(Source, "./modules/Filters/whitelist_sources.txt") == 0:
print("URL", flow.request.pretty_url)
x = check_whitelist(flow.request.pretty_url,
"./modules/Filters/whitelist.txt")
if x == 0:
destinationAPI = flow.request.pretty_url
sourceAPI = Source
agentAPI = flow.request.headers['User-Agent']
if check_whitelist_ua(flow.request.headers['User-Agent']) == 0:
print("ALERTA HTTPS! User-Agent!")
db = MySQLdb.connect(host="localhost",
user="******",
passwd="FlagFlag123.",
db="licenta")
cursor = db.cursor()
cursor.execute(
"INSERT INTO alerte (Type,Message,Risk,Source,Destination,Payload,Timestamp) VALUES('HTTPS', 'User-Agent!','MEDIUM', '"
+ Source + "', '-','" +
flow.request.headers['User-Agent'] + "','" +
str(datetime.now()) + "')")
db.commit()
db.close()
print("HTTPS UserAgent COMMITED")
print("PATH:", flow.request.path)
GET = flow.request.path
contentAPI = GET
global signatures
signatures = read_file('signatures')
check_get(GET, flow.request.pretty_url, Source)
try:
cookies = flow.request.headers['Cookies']
except:
pass
if flow.request.method == "POST" or flow.request.method == "PUT":
content = flow.request.content
contentAPI = content
if 'paste' in flow.request.pretty_url:
check_paste(content, Source, flow.request.pretty_url)
ctx.log.info("Sensitive pattern found")
flow.intercept()
f = open("/tmp/buffer", "wb")
verify_content(content, flow.request.pretty_url, Source)
f.write(content)
f.close()
for module in binwalk.scan("/tmp/buffer",
signature=True,
quiet=True,
extract=False):
pass
ok = 0
for result in module.results:
if "LZMA" not in result.description and "Zlib" not in result.description:
print(result.description.split(',')[0])
ok = 1
if ok == 0:
print(flow.request.text)
print(flow.request.host_header)
flow.resume()
ctx.log.info("Trafic blocat")
def binwalk_file_extractEx(request):
# filename = req_get_param(request, 'filename')
firmware_id = req_get_param(request, 'firmware_id')
try:
# 查询数据库 得到固件名
fw = firmware_db.fetch(firmware_id)
# todo check fw is NULL
if fw['fw_info']['filepath'] is not None:
filename = fw['fw_info']['filepath'] + fw['fw_info']['filename'][0]
else:
return sys_app_ok_p({'decode': 'Null', 'description': "解析文件名出错"})
list_temp = []
# filename=US_W331AV1.0BR_V1.0.0.12_cn&en_TD.bin 文件名带特殊符号无法进行抽取文件
for module in binwalk.scan(filename,
signature=True,
quiet=True,
extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
# These are files that binwalk carved out of the original firmware image, a la dd
if result.offset in module.extractor.output[
result.file.path].carved:
print
"Carved data from offset 0x%X to %s" % (
result.offset, module.extractor.output[
result.file.path].carved[result.offset])
list_temp.append(module.extractor.output[
result.file.path].carved[result.offset])
# These are files/directories created by extraction utilities (gunzip, tar, unsquashfs, etc)
if result.offset in module.extractor.output[
result.file.path].extracted:
if len(module.extractor.output[result.file.path].
extracted[result.offset].files):
print
"Extracted %d files from offset 0x%X to '%s' using '%s'" % (
len(module.extractor.output[result.file.path].
extracted[result.offset].files),
result.offset,
module.extractor.output[result.file.path].
extracted[result.offset].files[0],
module.extractor.output[result.file.path].
extracted[result.offset].command)
list_temp.append(
module.extractor.output[result.file.path].
extracted[result.offset].files)
# 将抽取的文件信息存入mongodb firmware_info
dic = {}
item = {}
index = 0
for off_set in list_temp:
index += 1
filex = 'file' + str(index)
dic[filex] = list_temp[index - 1]
item['extract_info'] = dic
firmware_db.update(firmware_id, item)
except binwalk.ModuleException as e:
print("Critical failure:", e)
return sys_app_err('ERROR_INTERNAL_ERROR')
return sys_app_ok_p({'extract': 'ok', 'filelist': list_temp})
def _check_recursive(self, fmt):
"""
Unified implementation for checking both "archive" and "compressed" items.
"""
desc = None
# perform extraction
for module in binwalk.scan(self.item,
"-e",
"-r",
"-y",
fmt,
signature=True,
quiet=True):
for entry in module.results:
# skip cpio/initrd files since they should be included with kernel
# if "cpio archive" in entry.description:
# self.printf(">> Skipping: cpio: %s" % entry.description)
# self.terminate = True
# return True
desc = entry.description
self.printf(">>>> %s" % entry.description)
break
if module.extractor.directory:
unix = Extractor.io_find_rootfs(module.extractor.directory)
# check for extracted filesystem, otherwise update queue
if unix[0]:
self.printf(">>>> Found Linux filesystem in %s!" % unix[1])
if self.output:
shutil.make_archive(self.output,
"gztar",
root_dir=unix[1])
else:
self.extractor.do_rootfs = False
return True
else:
count = 0
self.printf(">> Recursing into %s ..." % fmt)
for root, _, files in os.walk(module.extractor.directory):
# sort both descending alphabetical and increasing length
files.sort()
files.sort(key=len)
# handle case where original file name is restored; put it to front of queue
if desc and "original file name:" in desc:
orig = None
for stmt in desc.split(","):
if "original file name:" in stmt:
orig = stmt.split("\"")[1]
if orig and orig in files:
files.remove(orig)
files.insert(0, orig)
for filename in files:
if count > ExtractionItem.RECURSION_BREADTH:
self.printf(
">> Skipping: recursion breadth %d" %
ExtractionItem.RECURSION_BREADTH)
self.terminate = True
return True
else:
new_item = ExtractionItem(
self.extractor,
os.path.join(root,
filename), self.depth + 1)
if new_item.extract():
# check that we are actually done before performing early termination. for example,
# we might decide to skip on one subitem, but we still haven't finished
if self.update_status():
return True
count += 1
return False
M.addVendor(vendor)
#---------------------------------------------------------------------------------------------------
import sys
import binwalk
M.commit()
for z in firmwares:
path = z.split('/')[-1]
dev = path.split('_')[0]
print dev
M.addDevice(dev, 1)
M.commit()
for module in binwalk.scan(z, matryoshka=True, signature=True, extract=True, quiet=True, directory='extracted'):
for result in module.results:
if module.extractor.output.has_key(result.file.path):
if module.extractor.output[result.file.path].carved.has_key(result.offset):
pass
if module.extractor.output[result.file.path].extracted.has_key(result.offset):
pass
M.commit()
print ("%s extracted" % z)
M.commit()
M.close()
def scan(self):
for module_object in binwalk.scan(self.firmware_path, quiet=True):
print("%s Module Results:" % module_object.name)
for result in module_object.results:
print("0x%.8X %s" % (result.offset, result.description))
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import sys
try:
import binwalk
except ImportError:
exit(-1)
filepath = sys.argv[1]
offset = int(sys.argv[2])
for module in binwalk.scan(sys.argv[1],
signature=True,
quiet=True,
string=False):
for result in module.results:
print("Offset: 0x%x\t%s" %
(offset + result.offset, result.description))
def test_output(self, thing):
"""
Args:
thing (bytes): Renerally from the dump functions
ex: thing = b'\x01\x02\x03'
Returns:
Nothing. Move output into keep directory if it's worth-while
Test if output is worth keeping. If it is, move it into the results directory.
Initially, this is using the Unix file command on the output and checking for non "Data" returns
"""
assert type(
thing
) == bytes, 'test_output got unexpected thing type of {}'.format(
type(thing))
# TODO: Test new logic...
# TODO: Iterate through binary offset to find buried data
#
# File magic test
#
m = magic.from_buffer(thing, mime=True)
# Generic Output
if m != 'application/octet-stream':
m = magic.from_buffer(thing, mime=False)
print("Found something worth keeping!\n{0}".format(m))
# Save it to disk
# TODO: Minor race condition here if we end up multi-processing
with open(os.path.join(self._keeper_directory, str(time.time())),
"wb") as f:
f.write(thing)
#
# binwalk test
#
# TODO: Update this to in-memory scanning if binwalk updates their stuff: https://github.com/ReFirmLabs/binwalk/issues/389
with tempfile.TemporaryDirectory() as tmpdirname:
tmp_scan_file = os.path.join(tmpdirname, 'scanme')
# Couldn't find a good 'output directory' option for binwalk. Changing dirs because of this.
saved_dir = os.getcwd()
os.chdir(tmpdirname)
with open(tmp_scan_file, 'wb') as f:
f.write(thing)
table = PrettyTable(
['Offset', 'Carved/Extracted', 'Description', 'File Name'])
table.align = 'l'
keepers = []
# Run the scan
for module in binwalk.scan(tmp_scan_file,
signature=True,
quiet=True,
extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
if result.offset in module.extractor.output[
result.file.path].carved:
table.add_row([
hex(result.offset), 'Carved',
result.description,
os.path.basename(module.extractor.output[
result.file.path].carved[result.offset])
])
keepers.append(module.extractor.output[
result.file.path].carved[result.offset])
#print("Carved data from offset 0x%X to %s" % (result.offset, module.extractor.output[result.file.path].carved[result.offset]))
if result.offset in module.extractor.output[
result.file.path].extracted:
table.add_row([
hex(result.offset), 'Extracted',
result.description,
os.path.basename(
module.extractor.output[result.file.path].
extracted[result.offset].files[0])
])
keepers += module.extractor.output[
result.file.path].extracted[
result.offset].files
#print("Extracted %d files from offset 0x%X to '%s' using '%s'" % (len(module.extractor.output[result.file.path].extracted[result.offset].files), result.offset, module.extractor.output[result.file.path].extracted[result.offset].files[0], module.extractor.output[result.file.path].extracted[result.offset].command))
# If we found something
if keepers != []:
print(table)
for keeper in keepers:
keeper_dst = os.path.join(self._keeper_directory,
os.path.basename(keeper))
if os.path.exists(keeper_dst):
logger.warn('Keeper name already exists, modifying.')
keeper_dst += '_' + hashlib.md5(
str(random.random()).encode()).hexdigest()
shutil.move(keeper, keeper_dst)
os.chdir(saved_dir)
# -*- coding:utf-8 -*-
# author: pcat
# http://pcat.cnblogs.com
import sys
import binwalk
if __name__ == "__main__":
lst = sys.argv
if len(lst) < 2:
print("No files.")
exit()
try:
if lst[1][0] == '-':
binwalk.scan(*lst[2:], signature=lst[1])
elif lst[1][0] != '-':
binwalk.scan(*lst[1:], signature=True)
except:
pass
def signature_scan(self, arg):
binwalk.scan(idc.GetIdbPath(), signature=True)
def _check_recursive(self, fmt):
"""
Unified implementation for checking both "archive" and "compressed"
items.
"""
desc = None
# perform extraction
for module in binwalk.scan(self.item, "-e", "-r", "-y", fmt,
signature=True, quiet=True):
for entry in module.results:
# skip cpio/initrd files since they should be included with
# kernel
# if "cpio archive" in entry.description:
# self.printf(">> Skipping: cpio: %s" % entry.description)
# self.terminate = True
# return True
desc = entry.description
self.printf(">>>> %s" % entry.description)
break
if module.extractor.directory:
unix = Extractor.io_find_rootfs(module.extractor.directory)
# check for extracted filesystem, otherwise update queue
if unix[0]:
self.printf(">>>> Found Linux filesystem in %s!" % unix[1])
if self.output:
shutil.make_archive(self.output, "gztar",
root_dir=unix[1])
else:
self.extractor.do_rootfs = False
return True
else:
count = 0
self.printf(">> Recursing into %s ..." % fmt)
for root, _, files in os.walk(module.extractor.directory):
# sort both descending alphabetical and increasing
# length
files.sort()
files.sort(key=len)
# handle case where original file name is restored; put
# it to front of queue
if desc and "original file name:" in desc:
orig = None
for stmt in desc.split(","):
if "original file name:" in stmt:
orig = stmt.split("\"")[1]
if orig and orig in files:
files.remove(orig)
files.insert(0, orig)
for filename in files:
if count > ExtractionItem.RECURSION_BREADTH:
self.printf(">> Skipping: recursion breadth %d"\
% ExtractionItem.RECURSION_BREADTH)
self.terminate = True
return True
else:
new_item = ExtractionItem(self.extractor,
os.path.join(root,
filename),
self.depth + 1,
self.tag)
if new_item.extract():
# check that we are actually done before
# performing early termination. for example,
# we might decide to skip on one subitem,
# but we still haven't finished
if self.update_status():
return True
count += 1
return False
def _check_firmware(self):
"""
If this file is of a known firmware type, directly attempt to extract
the kernel and root filesystem.
"""
for module in binwalk.scan(self.item, "-y", "header", signature=True,
quiet=True):
for entry in module.results:
# uImage
if "uImage header" in entry.description:
if not self.get_kernel_status() and \
"OS Kernel Image" in entry.description:
kernel_offset = entry.offset + 64
kernel_size = 0
for stmt in entry.description.split(','):
if "image size:" in stmt:
kernel_size = int(''.join(
i for i in stmt if i.isdigit()), 10)
if kernel_size != 0 and kernel_offset + kernel_size \
<= os.path.getsize(self.item):
self.printf(">>>> %s" % entry.description)
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, kernel_offset,
kernel_size, tmp_path)
kernel = ExtractionItem(self.extractor, tmp_path,
self.depth, self.tag)
return kernel.extract()
# elif "RAMDisk Image" in entry.description:
# self.printf(">>>> %s" % entry.description)
# self.printf(">>>> Skipping: RAMDisk / initrd")
# self.terminate = True
# return True
# TP-Link or TRX
elif not self.get_kernel_status() and \
not self.get_rootfs_status() and \
"rootfs offset: " in entry.description and \
"kernel offset: " in entry.description:
kernel_offset = 0
kernel_size = 0
rootfs_offset = 0
rootfs_size = 0
for stmt in entry.description.split(','):
if "kernel offset:" in stmt:
kernel_offset = int(stmt.split(':')[1], 16)
elif "kernel length:" in stmt:
kernel_size = int(stmt.split(':')[1], 16)
elif "rootfs offset:" in stmt:
rootfs_offset = int(stmt.split(':')[1], 16)
elif "rootfs length:" in stmt:
rootfs_size = int(stmt.split(':')[1], 16)
# compute sizes if only offsets provided
if kernel_offset != rootfs_size and kernel_size == 0 and \
rootfs_size == 0:
kernel_size = rootfs_offset - kernel_offset
rootfs_size = os.path.getsize(self.item) - rootfs_offset
# ensure that computed values are sensible
if (kernel_size > 0 and kernel_offset + kernel_size \
<= os.path.getsize(self.item)) and \
(rootfs_size != 0 and rootfs_offset + rootfs_size \
<= os.path.getsize(self.item)):
self.printf(">>>> %s" % entry.description)
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, kernel_offset, kernel_size,
tmp_path)
kernel = ExtractionItem(self.extractor, tmp_path,
self.depth, self.tag)
kernel.extract()
tmp_fd, tmp_path = tempfile.mkstemp(dir=self.temp)
os.close(tmp_fd)
Extractor.io_dd(self.item, rootfs_offset, rootfs_size,
tmp_path)
rootfs = ExtractionItem(self.extractor, tmp_path,
self.depth, self.tag)
rootfs.extract()
return self.update_status()
return False
if len(result) >= min: # catch result at EOF
yield result
## main part
# TODO parse args
if len(sys.argv) < 2:
print("Things are missing. Usage: " + str(sys.argv[0]) + " <file>")
exit(-1)
file = sys.argv[1]
file_type = magic.from_file(
file, mime=True) # equivalent to the 'file' command on Linux
embedded = binwalk.scan(file) # binwalk scan
#TODO extract files ?
file_strings = list(strings(file))
# TODO print the results of basic scans
# TODO si image :
# TODO lancer exiftool
# TODO lancer PIT
# TODO lancer un LSB
# TODO lancer PVD
# TODO lancer Stegsolve
# TODO si wav :
# TODO ouvrir analyseur de spectre
def binExtract(cible): # {{{
pwn.info("Extraction en cours de {}".format(cible))
binwalk.scan(cible, signature=True, extract=True)
def lsh_json(data):
filename = data[0]
meta = []
print(filename)
if not data[1] or data[1] == None:
pass
else:
stuff = [d for d in data[1] if d['filename'] == os.path.basename(filename)]
if stuff:
if len(stuff) >= 1:
stuff = stuff[0]
[meta.extend([k,v]) for k,v in stuff.items()]
[meta.extend([k,v]) for k,v in meta[3].items()]
del meta[3]
[meta.extend([k,v]) for k,v in meta[-1].items()]
del meta[-3]
[meta.extend([k,v]) for k,v in meta[-4].items()]
del meta[-6]
if os.path.getsize(filename) < 256:
raise ValueError("{} must be at least 256 bytes".format(filename))
if tarfile.is_tarfile(filename):
with tarfile.open(filename, 'r') as tar:
for member in tar.getmembers():
if not member or member.size < 256:
continue
try:
meta.append(tlsh.hash(tar.extractfile(member).read()))
if use_binwalk:
for module in binwalk.scan(tar.extractfile(member).read(), signature=True, quiet=True):
for result in module.results:
meta.append(str(result.file.path))
meta.append(str(result.offset))
meta.append(str(result.description))
except:
continue
elif zipfile.is_zipfile(filename):
try:
with zipfile.ZipFile(filename) as z:
for member in z.infolist():
if not member or member.file_size < 256:
continue
try:
with z.read(member) as zipdata:
meta.append(tlsh.hash(zipdata))
if use_binwalk:
for module in binwalk.scan(zipdata):
for result in module.results:
meta.append(str(result.file.path))
meta.append(str(result.offset))
meta.append(str(result.description))
except:
continue
except:
pass
if use_binwalk:
for module in binwalk.scan(filename, signature=True, quiet=True):
for result in module.results:
meta.append(str(result.file.path))
meta.append(str(result.offset))
meta.append(str(result.description))
file_hash = tlsh.hash(open(filename, 'rb').read())
if not meta:
return file_hash
else:
return tlsh.hash(str.encode(file_hash + ''.join(map(str, meta))))
def binScan(cible): # {{{
pwn.info("Scan en cours de {}".format(cible))
binwalk.scan(cible, signature=True, extract=False)
"#76C4FF", # pastel darker blue
"#76FF9F", # pastel turquoise
"#daff76", # pastel green
"#ffff76", # pastel yellow
"#ffcc76", # pastel orange
"#76FFFA", # pastel blue
"#EBA0FF", # pastel purple
"#ff7f76"
] # pastel red
colours_len = len(note_colour)
# requires capstone, will probably hang or fail if it's not installed properly
if args.do_disasm:
print("Using --disasm against the file")
for disasms in binwalk.scan('--disasm', file):
for result in disasms.results:
if result.valid:
if result.size == 0:
end_offset = result.offset + 4
size_note = "(binwalk api didn't return a size, defaulted to 4)"
else:
end_offset = result.offset + result.size
size_note = "(binwalk api returned a size of " + str(
result.size) + ")"
all_tags += single_tag_template.substitute(
tag_id=this_id,
tag_start_offset=result.offset,
tag_end_offset=end_offset,
tag_text=escape(
hex(result.offset) + ": " + result.description + " " +
#!/usr/bin/env python
import sys
import binwalk
try:
# Perform a signature scan against the files specified on the command line
# and suppress the usual binwalk output.
for module in binwalk.scan(*sys.argv[1:], signature=True, quiet=True):
print ("%s Results:" % module.name)
for result in module.results:
print ("\t%s 0x%.8X %s [%s]" % (result.file.name,
result.offset,
result.description,
str(result.valid)))
except binwalk.ModuleException as e:
pass
def test_output(self, thing):
"""
Args:
thing (bytes): Renerally from the dump functions
ex: thing = b'\x01\x02\x03'
Returns:
Nothing. Move output into keep directory if it's worth-while
Test if output is worth keeping. If it is, move it into the results directory.
Initially, this is using the Unix file command on the output and checking for non "Data" returns
"""
assert type(
thing
) == bytes, 'test_output got unexpected thing type of {}'.format(
type(thing))
# TODO: Test new logic...
# TODO: Iterate through binary offset to find buried data
#
# File magic test
#
m = magic.from_buffer(thing, mime=True)
# Generic Output
if m != 'application/octet-stream':
m = magic.from_buffer(thing, mime=False)
print("Found something worth keeping!\n{0}".format(m))
# Save it to disk
with open(
os.path.join(self._keeper_directory,
str(time.time()) + "-" + generate_nonce()),
"wb") as f:
f.write(thing)
#
# binwalk test
#
# TODO: Update this to in-memory scanning if binwalk updates their stuff: https://github.com/ReFirmLabs/binwalk/issues/389
with tempfile.TemporaryDirectory() as tmpdirname:
tmp_scan_file = os.path.join(tmpdirname, 'scanme')
# Couldn't find a good 'output directory' option for binwalk. Changing dirs because of this.
saved_dir = os.getcwd()
os.chdir(tmpdirname)
with open(tmp_scan_file, 'wb') as f:
f.write(thing)
table = PrettyTable(
['Offset', 'Carved/Extracted', 'Description', 'File Name'])
table.align = 'l'
keepers = []
# Run the scan
for module in binwalk.scan(tmp_scan_file,
signature=True,
quiet=True,
extract=True):
for result in module.results:
if result.file.path in module.extractor.output:
if result.offset in module.extractor.output[
result.file.path].carved:
table.add_row([
hex(result.offset), 'Carved',
result.description,
os.path.basename(module.extractor.output[
result.file.path].carved[result.offset])
])
keepers.append(module.extractor.output[
result.file.path].carved[result.offset])
# print("Carved data from offset 0x%X to %s" % (result.offset, module.extractor.output[result.file.path].carved[result.offset]))
if result.offset in module.extractor.output[
result.file.path].extracted:
# print(result.offset, module.extractor.output[result.file.path].extracted)
table.add_row([
hex(result.offset), 'Extracted',
result.description,
os.path.basename(
module.extractor.output[result.file.path].
extracted[result.offset].files[0])
])
keepers += module.extractor.output[
result.file.path].extracted[
result.offset].files
# print("Extracted %d files from offset 0x%X to '%s' using '%s'" % (len(module.extractor.output[result.file.path].extracted[result.offset].files), result.offset, module.extractor.output[result.file.path].extracted[result.offset].files[0], module.extractor.output[result.file.path].extracted[result.offset].command))
# If we found something
if keepers != []:
print(table)
for keeper in keepers:
keeper_dst = os.path.join(self._keeper_directory,
os.path.basename(keeper))
if os.path.exists(keeper_dst):
logger.warn('Keeper name already exists, modifying.')
keeper_dst += '_' + generate_nonce()
# When binwalk hits a gzip (and likely bz2/xz/etc), with the extract flag it will actually
# run the uncompressor on it, thus removing the original compressed file.
# This is a simple heuristic for this situation
if not os.path.isfile(keeper):
# If there is another file, just with the extention removed, let's assume this is the uncompressed version
keeper_minus_extension = ".".join(
keeper.split(".")[:-1])
if keeper_minus_extension in keepers:
# This is fine. We may be missing info unfortunately.
logger.warn(
"Looks like binwalk removed this file during extraction %s",
keeper)
continue
logger.warn("Couldn't find extracted file named %s",
keeper)
continue
shutil.move(keeper, keeper_dst)
os.chdir(saved_dir)