def CiscoIOSImageFileScanner(filewildcard, options):
if options.resume == None:
filenames = GlobFilelist(filewildcard, options)
countFilenames = len(filenames)
counter = 1
if options.log != None:
f = open(options.log, 'w')
f.close()
else:
fPickle = open(options.resume, 'rb')
filenames, countFilenames, counter = pickle.load(fPickle)
fPickle.close()
print('Pickle file loaded')
while len(filenames) > 0:
filename = filenames[0]
try:
line = [str(counter), str(countFilenames), filename]
image = naft_uf.File2Data(filename)
if image == None:
line.extend(['Error reading'])
else:
oIOSImage = naft_iipf.cIOSImage(image)
if oIOSImage.oCWStrings != None and oIOSImage.oCWStrings.error == '':
line.extend([naft_uf.cn(vn(oIOSImage.oCWStrings.dCWStrings, 'CW_VERSION')), naft_uf.cn(vn(oIOSImage.oCWStrings.dCWStrings, 'CW_FAMILY'))])
else:
line.extend([naft_uf.cn(None), naft_uf.cn(None)])
line.extend([str(len(image)), '%.2f' % Entropy(image), str(oIOSImage.error), str(oIOSImage.oELF.error), str(oIOSImage.oELF.countSections), str(naft_uf.cn(oIOSImage.oELF.stringTableIndex)), naft_uf.cn(oIOSImage.checksumCompressed, '0x%08X'), str(oIOSImage.checksumCompressed != None and oIOSImage.checksumCompressed == oIOSImage.calculatedChecksumCompressed), naft_uf.cn(oIOSImage.checksumUncompressed, '0x%08X'), str(oIOSImage.checksumUncompressed != None and oIOSImage.checksumUncompressed == oIOSImage.calculatedChecksumUncompressed), naft_uf.cn(oIOSImage.imageUncompressedName), naft_uf.cn(oIOSImage.embeddedMD5)])
if options.md5db:
md5hash = hashlib.md5(image).hexdigest()
filenameCSV, filenameDB = oMD5Database.Find(md5hash)
line.extend([md5hash, naft_uf.cn(filenameCSV), naft_uf.cn(filenameDB)])
strLine = ';'.join(line)
print(strLine)
if options.log != None:
f = open(options.log, 'a')
f.write(strLine + '\n')
f.close()
counter += 1
filenames = filenames[1:]
except KeyboardInterrupt:
print('KeyboardInterrupt')
PickleData([filenames, countFilenames, counter])
return
except:
traceback.print_exc()
PickleData([filenames, countFilenames, counter])
return
def Line(self):
line = '%4d %s%-2s ' % (self.processID, self.Q_str, self.Ty_str)
if self.PC == None:
line += '???????? '
else:
line += '%08X ' % self.PC
if self.Runtime == None:
line += ' ? '
else:
line += '%8d ' % self.Runtime
if self.Invoked == None:
line += ' ? '
else:
line += '%8d ' % self.Invoked
if self.Invoked == 0 or self.Invoked == None or self.Runtime == None:
line += ' ?'
else:
line += '%7d' % (self.Runtime * 1000 / self.Invoked)
if self.LowWaterMark == None:
line += ' ?/'
else:
line += '%5d/' % self.LowWaterMark
if self.Stack2 == None:
line += '? '
else:
line += '%-5d ' % self.Stack2
if self.TTY == None:
line += ' ? '
else:
line += '%2d ' % self.TTY
line += naft_uf.cn(self.name)
return line
def Line(self):
line = '%4d %s%-2s ' % (self.processID, self.Q_str, self.Ty_str)
if self.PC == None:
line += '???????? '
else:
line += '%08X ' % self.PC
if self.Runtime == None:
line += ' ? '
else:
line += '%8d ' % self.Runtime
if self.Invoked == None:
line += ' ? '
else:
line += '%8d ' % self.Invoked
if self.Invoked == 0 or self.Invoked == None or self.Runtime == None:
line += ' ?'
else:
line += '%7d' % (self.Runtime * 1000 / self.Invoked)
if self.LowWaterMark == None:
line += ' ?/'
else:
line += '%5d/' % self.LowWaterMark
if self.Stack2 == None:
line += '? '
else:
line += '%-5d ' % self.Stack2
if self.TTY == None:
line += ' ? '
else:
line += '%2d ' % self.TTY
line += naft_uf.cn(self.name)
return line
def Line(self):
line = "%4d %s%-2s " % (self.processID, self.Q_str, self.Ty_str)
if self.PC == None:
line += "???????? "
else:
line += "%08X " % self.PC
if self.Runtime == None:
line += " ? "
else:
line += "%8d " % self.Runtime
if self.Invoked == None:
line += " ? "
else:
line += "%8d " % self.Invoked
if self.Invoked == 0 or self.Invoked == None or self.Runtime == None:
line += " ?"
else:
line += "%7d" % (self.Runtime * 1000 / self.Invoked)
if self.LowWaterMark == None:
line += " ?/"
else:
line += "%5d/" % self.LowWaterMark
if self.Stack2 == None:
line += "? "
else:
line += "%-5d " % self.Stack2
if self.TTY == None:
line += " ? "
else:
line += "%2d " % self.TTY
line += naft_uf.cn(self.name)
return line
def Print(self):
if self.oCWStrings != None and self.oCWStrings.error == '':
for key in ['CW_VERSION', 'CW_FAMILY', 'CW_FEATURE', 'CW_IMAGE', 'CW_SYSDESCR']:
if key in self.oCWStrings.dCWStrings:
print('%s:%s%s' % (key, ' ' * (22 - len(key)), self.oCWStrings.dCWStrings[key]))
if self.oELF.error == 0:
print('Entry point: 0x%08X' % self.oELF.addressEntry)
print('Number of sections: %d' % self.oELF.countSections)
print('Embedded MD5: %s' % naft_uf.cn(self.embeddedMD5))
# print('Calculated MD5: %s' % naft_uf.cn(self.calculatedMD5))
print('Compressed size: %s' % naft_uf.cn(self.sizeCompressed, '%d'))
print('Checksum compressed: %s' % naft_uf.cn(self.checksumCompressed, '0x%08X'))
print('Calculated checksum: %s (%s)' % (naft_uf.cn(self.calculatedChecksumCompressed, '0x%08X'), naft_uf.iif(self.checksumCompressed == self.calculatedChecksumCompressed, 'identical', 'DIFFERENT')))
print('Uncompressed size: %s' % naft_uf.cn(self.sizeUncompressed, '%d'))
print('Image name: %s' % naft_uf.cn(self.imageUncompressedName))
print('Checksum uncompressed: %s' % naft_uf.cn(self.checksumUncompressed, '0x%08X'))
print('Calculated checksum: %s (%s)' % (naft_uf.cn(self.calculatedChecksumUncompressed, '0x%08X'), naft_uf.iif(self.checksumUncompressed == self.calculatedChecksumUncompressed, 'identical', 'DIFFERENT')))
def Print(self):
if self.oCWStrings != None and self.oCWStrings.error == '':
for key in [
'CW_VERSION', 'CW_FAMILY', 'CW_FEATURE', 'CW_IMAGE',
'CW_SYSDESCR'
]:
if key in self.oCWStrings.dCWStrings:
print('%s:%s%s' %
(key, ' ' *
(22 - len(key)), self.oCWStrings.dCWStrings[key]))
if self.oELF.error == 0:
print('Entry point: 0x%08X' % self.oELF.addressEntry)
print('Number of sections: %d' % self.oELF.countSections)
print('Embedded MD5: %s' % naft_uf.cn(self.embeddedMD5))
# print('Calculated MD5: %s' % naft_uf.cn(self.calculatedMD5))
print('Compressed size: %s' %
naft_uf.cn(self.sizeCompressed, '%d'))
print('Checksum compressed: %s' %
naft_uf.cn(self.checksumCompressed, '0x%08X'))
print('Calculated checksum: %s (%s)' %
(naft_uf.cn(self.calculatedChecksumCompressed, '0x%08X'),
naft_uf.iif(
self.checksumCompressed
== self.calculatedChecksumCompressed, 'identical',
'DIFFERENT')))
print('Uncompressed size: %s' %
naft_uf.cn(self.sizeUncompressed, '%d'))
print('Image name: %s' %
naft_uf.cn(self.imageUncompressedName))
print('Checksum uncompressed: %s' %
naft_uf.cn(self.checksumUncompressed, '0x%08X'))
print('Calculated checksum: %s (%s)' %
(naft_uf.cn(self.calculatedChecksumUncompressed, '0x%08X'),
naft_uf.iif(
self.checksumUncompressed
== self.calculatedChecksumUncompressed, 'identical',
'DIFFERENT')))
def CiscoIOSImageFileScanner(filewildcard, options):
if options.resume == None:
filenames = GlobFilelist(filewildcard, options)
countFilenames = len(filenames)
counter = 1
if options.log != None:
f = open(options.log, 'w')
f.close()
else:
fPickle = open(options.resume, 'rb')
filenames, countFilenames, counter = pickle.load(fPickle)
fPickle.close()
print('Pickle file loaded')
while len(filenames) > 0:
filename = filenames[0]
try:
line = [str(counter), str(countFilenames), filename]
image = naft_uf.File2Data(filename)
if image == None:
line.extend(['Error reading'])
else:
oIOSImage = naft_iipf.cIOSImage(image)
if oIOSImage.oCWStrings != None and oIOSImage.oCWStrings.error == '':
line.extend([
naft_uf.cn(
vn(oIOSImage.oCWStrings.dCWStrings, 'CW_VERSION')),
naft_uf.cn(
vn(oIOSImage.oCWStrings.dCWStrings, 'CW_FAMILY'))
])
else:
line.extend([naft_uf.cn(None), naft_uf.cn(None)])
line.extend([
str(len(image)),
'%.2f' % Entropy(image),
str(oIOSImage.error),
str(oIOSImage.oELF.error),
str(oIOSImage.oELF.countSections),
str(naft_uf.cn(oIOSImage.oELF.stringTableIndex)),
naft_uf.cn(oIOSImage.checksumCompressed, '0x%08X'),
str(oIOSImage.checksumCompressed != None
and oIOSImage.checksumCompressed
== oIOSImage.calculatedChecksumCompressed),
naft_uf.cn(oIOSImage.checksumUncompressed, '0x%08X'),
str(oIOSImage.checksumUncompressed != None
and oIOSImage.checksumUncompressed
== oIOSImage.calculatedChecksumUncompressed),
naft_uf.cn(oIOSImage.imageUncompressedName),
naft_uf.cn(oIOSImage.embeddedMD5)
])
if options.md5db:
md5hash = hashlib.md5(image).hexdigest()
filenameCSV, filenameDB = oMD5Database.Find(md5hash)
line.extend([
md5hash,
naft_uf.cn(filenameCSV),
naft_uf.cn(filenameDB)
])
strLine = ';'.join(line)
print(strLine)
if options.log != None:
f = open(options.log, 'a')
f.write(strLine + '\n')
f.close()
counter += 1
filenames = filenames[1:]
except KeyboardInterrupt:
print('KeyboardInterrupt')
PickleData([filenames, countFilenames, counter])
return
except:
traceback.print_exc()
PickleData([filenames, countFilenames, counter])
return