Ejemplo n.º 1
0
def IOSCWStringsSub(data):
    oCWStrings = naft_impf.cCiscoCWStrings(data)
    if oCWStrings.error != '':
        print(oCWStrings.error)
        return
    keys = oCWStrings.dCWStrings.keys()
    keys.sort()
    for key in keys:
        if key == 'CW_SYSDESCR':
            print('%s:' % key)
            print(oCWStrings.dCWStrings[key])
        else:
            print('%s:%s%s' % (key, ' ' * (22 - len(key)), oCWStrings.dCWStrings[key]))
Ejemplo n.º 2
0
def IOSCWStringsSub(data):
    oCWStrings = naft_impf.cCiscoCWStrings(data)
    if oCWStrings.error != '':
        print(oCWStrings.error)
        return
    keys = oCWStrings.dCWStrings.keys()
    keys.sort()
    for key in keys:
        if key == 'CW_SYSDESCR':
            print('%s:' % key)
            print(oCWStrings.dCWStrings[key])
        else:
            print('%s:%s%s' % (key, ' ' *
                               (22 - len(key)), oCWStrings.dCWStrings[key]))
Ejemplo n.º 3
0
def IOSCWStringsSub(data):
    returnString = ''
    oCWStrings = naft_impf.cCiscoCWStrings(data)
    if oCWStrings.error != '':
        returnString += (oCWStrings.error)
        return
    keys = oCWStrings.dCWStrings.keys()
    keys.sort()
    for key in keys:
        if key == 'CW_SYSDESCR':
            returnString += ('%s:<br>' % key)
            returnString += (oCWStrings.dCWStrings[key] + '<br>')
        else:
            returnString += ('%s:%s%s<br>' %
                             (key, ' ' *
                              (22 - len(key)), oCWStrings.dCWStrings[key]))
    return returnString
Ejemplo n.º 4
0
    def Parse(self):
        self.error = 0
        self.oELF = cELF(self.data)
        if self.oELF.error != 0:
            self.error = 1
            print('ELF parsing error %d.' % self.oELF.error)
            if self.oELF.error <= 2:
                print('This is not an ELF file.')
            elif self.oELF.error < 5:
                print('This is probably not an ELF file/Cisco IOS image.')
            return
        self.oSectionHeaderCompressedImage, self.oSectionHeaderEmbeddedMD5, self.oSectionHeaderCWStrings = self.ExtractSections(
            self.oELF)
        if self.oSectionHeaderEmbeddedMD5 != None:
            self.embeddedMD5 = self.ExtractEmbeddedMD5(
                self.oSectionHeaderEmbeddedMD5.sectionData)
        if self.oSectionHeaderCWStrings != None:
            self.oCWStrings = naft_impf.cCiscoCWStrings(
                self.oSectionHeaderCWStrings.sectionData)

        md5 = hashlib.md5()
        index = 0
        for oSectionHeader in self.oELF.sections:
            if index != 3 and index != 4:
                md5.update(oSectionHeader.sectionData)
            index += 1
        self.calculatedMD5 = md5.hexdigest()

        if self.oSectionHeaderCompressedImage == None:
            print('MAGIC number FEEDFACE not found')
            self.error = 4
            return
        self.sizeUncompressed, self.sizeCompressed, self.checksumCompressed, self.checksumUncompressed = struct.unpack(
            '>IIII', self.oSectionHeaderCompressedImage.
            sectionData[len(naft_impf.cCiscoMagic.STR_FEEDFACE
                            ):len(naft_impf.cCiscoMagic.STR_FEEDFACE) + 4 * 4])
        zipData = self.oSectionHeaderCompressedImage.sectionData[
            len(naft_impf.cCiscoMagic.STR_FEEDFACE) +
            4 * 4:len(naft_impf.cCiscoMagic.STR_FEEDFACE) + 4 * 4 +
            self.sizeCompressed]
        self.calculatedChecksumCompressed = cIOSImage.CalcChecksum(zipData)
        try:
            oZipFile = zipfile.ZipFile(cStringIO.StringIO(zipData))
            try:
                names = oZipFile.namelist()
            except:
                self.error = 6
                print('Error retrieving ZIP namelist')
                oZipFile = None
        except:
            self.error = 5
            print('Error parsing ZIP section')
            oZipFile = None
        if oZipFile != None:
            if len(names) == 0:
                self.error = 7
                print('Error: no file found in ZIP')
            elif len(names) == 1:
                self.imageUncompressedName = names[0]
            else:
                self.error = 8
                print('More than one file found in ZIP')
                print(','.join(names))
            if self.imageUncompressedName != None:
                try:
                    self.imageUncompressed = oZipFile.open(
                        self.imageUncompressedName).read()
                except:
                    self.error = 9
                    print('Error decompressing ZIP section')
                if self.imageUncompressed != None:
                    self.calculatedChecksumUncompressed = cIOSImage.CalcChecksum(
                        self.imageUncompressed)
Ejemplo n.º 5
0
def IOSCheckText(coredumpFilename, imageFilename, options):
    oIOSCoreDump = naft_impf.cIOSCoreDump(coredumpFilename)
    if oIOSCoreDump.error  != '':
        print(oIOSCoreDump.error)
        return
    else:
        textAddress, textCoredump = oIOSCoreDump.RegionTEXT()
        if textCoredump == None:
            print('Error extracting text region from coredump %s' % coredumpFilename)
            return
        sysdescrCoredump = ''
        dataAddress, dataCoredump = oIOSCoreDump.RegionDATA()
        if dataCoredump != None:
            oCWStrings = naft_impf.cCiscoCWStrings(dataCoredump)
            if oCWStrings.error == '' and 'CW_SYSDESCR' in oCWStrings.dCWStrings:
                sysdescrCoredump = oCWStrings.dCWStrings['CW_SYSDESCR']

    image = naft_uf.File2Data(imageFilename)
    if image == None:
        print('Error reading image %s' % imageFilename)
        return

    oIOSImage = naft_iipf.cIOSImage(image)
    if oIOSImage.error != 0:
        return
    sysdescrImage = ''
    if oIOSImage.oCWStrings != None and oIOSImage.oCWStrings.error == '' and 'CW_SYSDESCR' in oIOSImage.oCWStrings.dCWStrings:
        sysdescrImage = oIOSImage.oCWStrings.dCWStrings['CW_SYSDESCR']
    if sysdescrCoredump != '' or sysdescrImage != '':
        if sysdescrCoredump == sysdescrImage:
            print('CW_SYSDESCR are identical:\n')
            print(sysdescrCoredump)
        elif sysdescrCoredump == sysdescrImage.replace('-MZ', '-M', 1):
            print('CW_SYSDESCR are equivalent:\n')
            print(sysdescrCoredump)
        else:
            print('CW_SYSDESCR are different:\n')
            print(sysdescrCoredump)
            print
            print(sysdescrImage)
        print

    oELF = naft_iipf.cELF(oIOSImage.imageUncompressed)
    if oELF.error != 0:
        print('ELF parsing error %d.' % oELF.error)
        return
    countSectionExecutableInstructions = 0
    for oSectionHeader in oELF.sections:
        if oSectionHeader.flags & 4: # SHF_EXECINSTR executable instructions
            textSectionData = oSectionHeader.sectionData
            countSectionExecutableInstructions += 1
    if countSectionExecutableInstructions != 1:
        print('Error executable sections in image: found %d sections, expected 1' % countSectionExecutableInstructions)
        return
    start = textAddress & 0xFF # to be further researched
    textImage = textSectionData[start:start + len(textCoredump)]
    if len(textCoredump) != len(textImage):
        print('the text region is longer than the text section')
    countBytesDifferent = 0
    shortestLength = min(len(textCoredump), len(textImage))
    for iIter in range(shortestLength):
        if textCoredump[iIter] != textImage[iIter]:
            if countBytesDifferent == 0:
                print('text region and section are different starting 0x%08X in coredump (iter = 0x%08X)' % ((textAddress + iIter), iIter))
            countBytesDifferent += 1
    if countBytesDifferent == 0:
        print('text region and section are identical')
    else:
        print('number of different bytes: %d (%.2f%%)' % (countBytesDifferent, (countBytesDifferent * 100.0) / shortestLength))
Ejemplo n.º 6
0
    def Parse(self):
        self.error = 0
        self.oELF = cELF(self.data)
        if self.oELF.error != 0:
            self.error = 1
            print('ELF parsing error %d.' % self.oELF.error)
            if self.oELF.error <= 2:
                print('This is not an ELF file.')
            elif self.oELF.error < 5:
                print('This is probably not an ELF file/Cisco IOS image.')
            return
        self.oSectionHeaderCompressedImage, self.oSectionHeaderEmbeddedMD5, self.oSectionHeaderCWStrings = self.ExtractSections(self.oELF)
        if self.oSectionHeaderEmbeddedMD5 != None:
            self.embeddedMD5 = self.ExtractEmbeddedMD5(self.oSectionHeaderEmbeddedMD5.sectionData)
        if self.oSectionHeaderCWStrings != None:
            self.oCWStrings = naft_impf.cCiscoCWStrings(self.oSectionHeaderCWStrings.sectionData)

        md5 = hashlib.md5()
        index = 0
        for oSectionHeader in self.oELF.sections:
            if index != 3 and index != 4:
                md5.update(oSectionHeader.sectionData)
            index += 1
        self.calculatedMD5 = md5.hexdigest()

        if self.oSectionHeaderCompressedImage == None:
            print('MAGIC number FEEDFACE not found')
            self.error = 4
            return
        self.sizeUncompressed, self.sizeCompressed, self.checksumCompressed, self.checksumUncompressed = struct.unpack('>IIII', self.oSectionHeaderCompressedImage.sectionData[len(naft_impf.cCiscoMagic.STR_FEEDFACE):len(naft_impf.cCiscoMagic.STR_FEEDFACE) + 4*4])
        zipData = self.oSectionHeaderCompressedImage.sectionData[len(naft_impf.cCiscoMagic.STR_FEEDFACE) + 4*4:len(naft_impf.cCiscoMagic.STR_FEEDFACE) + 4*4 + self.sizeCompressed]
        self.calculatedChecksumCompressed = cIOSImage.CalcChecksum(zipData)
        try:
            oZipFile = zipfile.ZipFile(cStringIO.StringIO(zipData))
            try:
                names = oZipFile.namelist()
            except:
                self.error = 6
                print('Error retrieving ZIP namelist')
                oZipFile = None
        except:
            self.error = 5
            print('Error parsing ZIP section')
            oZipFile = None
        if oZipFile != None:
            if len(names) == 0:
                self.error = 7
                print('Error: no file found in ZIP')
            elif len(names) == 1:
                self.imageUncompressedName = names[0]
            else:
                self.error = 8
                print('More than one file found in ZIP')
                print(','.join(names))
            if self.imageUncompressedName != None:
                try:
                    self.imageUncompressed = oZipFile.open(self.imageUncompressedName).read()
                except:
                    self.error = 9
                    print('Error decompressing ZIP section')
                if self.imageUncompressed != None:
                    self.calculatedChecksumUncompressed = cIOSImage.CalcChecksum(self.imageUncompressed)
Ejemplo n.º 7
0
def IOSCheckText(coredumpFilename, imageFilename, options):
    returnString = ''
    oIOSCoreDump = naft_impf.cIOSCoreDump(coredumpFilename)
    if oIOSCoreDump.error != '':
        returnString += (oIOSCoreDump.error) + '<br>'
        return returnString
    else:
        textAddress, textCoredump = oIOSCoreDump.RegionTEXT()
        if textCoredump == None:
            returnString += (
                'Error extracting text region from coredump %s<br>' %
                coredumpFilename)
            return returnString
        sysdescrCoredump = ''
        dataAddress, dataCoredump = oIOSCoreDump.RegionDATA()
        if dataCoredump != None:
            oCWStrings = naft_impf.cCiscoCWStrings(dataCoredump)
            if oCWStrings.error == '' and 'CW_SYSDESCR' in oCWStrings.dCWStrings:
                sysdescrCoredump = oCWStrings.dCWStrings['CW_SYSDESCR']

    image = naft_uf.File2Data(imageFilename)
    if image == None:
        returnString += ('Error reading image %s' % imageFilename)
        return returnString

    oIOSImage = naft_iipf.cIOSImage(image)
    if oIOSImage.error != 0:
        return
    sysdescrImage = ''
    if oIOSImage.oCWStrings != None and oIOSImage.oCWStrings.error == '' and 'CW_SYSDESCR' in oIOSImage.oCWStrings.dCWStrings:
        sysdescrImage = oIOSImage.oCWStrings.dCWStrings['CW_SYSDESCR']
    if sysdescrCoredump != '' or sysdescrImage != '':
        if sysdescrCoredump == sysdescrImage:
            returnString += ('CW_SYSDESCR are identical:<br>')
            returnString += (sysdescrCoredump) + '<br>'
        elif sysdescrCoredump == sysdescrImage.replace('-MZ', '-M', 1):
            returnString += ('CW_SYSDESCR are equivalent:<br>')
            returnString += (sysdescrCoredump) + '<br>'
        else:
            returnString += ('CW_SYSDESCR are different:<br>')
            returnString += (sysdescrCoredump) + '<br>'
            returnString += '<br>'
            returnString += (sysdescrImage) + '<br>'
        returnString += '<br>'

    oELF = naft_iipf.cELF(oIOSImage.imageUncompressed)
    if oELF.error != 0:
        returnString += ('ELF parsing error %d.' % oELF.error)
        return returnString
    countSectionExecutableInstructions = 0
    countSectionSRELOC = 0
    for oSectionHeader in oELF.sections:
        if oSectionHeader.flags & 4:  # SHF_EXECINSTR executable instructions
            textSectionData = oSectionHeader.sectionData
            countSectionExecutableInstructions += 1
        if oSectionHeader.nameIndexString == 'sreloc':
            countSectionSRELOC += 1
    if countSectionExecutableInstructions != 1:
        returnString += (
            'Error executable sections in image: found %d sections, expected 1'
            % countSectionExecutableInstructions)
        return returnString
    if countSectionSRELOC != 0:
        returnString += (
            'Error found %d sreloc section in image: checktext command does not support relocation'
            % countSectionSRELOC)
        return returnString
    start = textAddress & 0xFF  # to be further researched
    textImage = textSectionData[start:start + len(textCoredump)]
    if len(textCoredump) != len(textImage):
        returnString += ('the text region is longer than the text section<br>')
        returnString += ('len(textCoredump) = %d<br>' % len(textCoredump))
        returnString += ('len(textImage) = %d<br>' % len(textImage))
    countBytesDifferent = 0
    shortestLength = min(len(textCoredump), len(textImage))
    for iIter in range(shortestLength):
        if textCoredump[iIter] != textImage[iIter]:
            if countBytesDifferent == 0:
                returnString += (
                    'text region and section are different starting 0x%08X in coredump (iter = 0x%08X)<br>'
                    % ((textAddress + iIter), iIter))
            countBytesDifferent += 1
    if countBytesDifferent == 0:
        returnString += ('text region and section are identical <br>')
    else:
        returnString += ('number of different bytes: %d (%.2f%%)<br>' %
                         (countBytesDifferent,
                          (countBytesDifferent * 100.0) / shortestLength))

    return returnString