def __init__(self,
name,
status,
error,
chain_param,
ab_data,
fuzzable=True):
fields = [
UInt8(name='bMessageType', value=0x80),
SizeInBytes(name='dwLength',
sized_field=ab_data,
length=32,
fuzzable=True,
encoder=ENC_INT_LE),
DynamicInt(name='bSlot',
key='bSlot',
bitfield=UInt8(name='bSlotInt', value=0)),
DynamicInt(name='bSeq',
key='bSeq',
bitfield=UInt8(name='bSeqInt', value=0)),
UInt8(name='bStatus', value=status),
UInt8(name='bError', value=error),
UInt8(name='bChainParameter', value=chain_param),
Container(name='abData', fields=ab_data),
]
super(R2PDataBlock, self).__init__(name=name,
fields=fields,
fuzzable=fuzzable)
def __init__(self,
value,
fuzz_value=True,
fuzz_length=True,
fuzz_delim=True,
name=None):
'''
:param value: str, will be enclosed in String
:param fuzz_value: bool (default: True)
:param fuzz_length: bool (default: True)
:param fuzz_delim: bool (default: True)
:param name: name of container (default: None)
'''
name = name if name is not None else _unique_name(type(self).__name__)
if isinstance(value, str):
fvalue = String(value=value,
fuzzable=fuzz_value,
name=_merge(name, 'value'))
else:
fvalue = value
fvalue_name = fvalue.get_name()
super(TString,
self).__init__(name=name,
fields=[
SizeInBytes(sized_field=fvalue_name,
length=32,
encoder=ENC_INT_DEC,
fuzzable=fuzz_length,
name=_merge(name, 'length')),
Delimiter(value=':',
fuzzable=fuzz_delim,
name=_merge(name, 'delim')), fvalue
])
def __init__(self, name, fields, fuzzable=True):
header = Container(name="header", fields=[
SizeInBytes(name="length", sized_field=self, length=32, encoder=ENC_INT_BE),
String(name="name", value=name, fuzzable=False)
])
content = Container(name="content", fields=fields)
super(Mp4Box, self).__init__(name=name.replace("\xa9", "\\xa9"), fields=[header, content],
fuzzable=fuzzable)
def __init__(self, name, fields):
'''
:param name: name of the Container
:param fields: list of fields in the container
'''
if isinstance(fields, BaseField):
fields = [fields]
fields.insert(
0,
SizeInBytes(name='%s size' % name,
sized_field=self,
length=8,
fuzzable=True))
super(SizedPt, self).__init__(name=name, fields=fields)
def __init__(self, key, value, flags=0, fuzzable=True):
fields = [
SizeInBytes(name="Size of Item Value",
sized_field="Item Value",
length=32,
encoder=ENC_INT_LE),
LE32(name="Item Flags", value=flags),
String(name="Item Key", value=key, fuzzable=False),
Static("\x00"),
Container(name="Item Value", fields=[value])
]
super(apev2item, self).__init__(name=key,
fields=fields,
fuzzable=fuzzable)
def __init__(self, name, descriptor_type, fields, fuzz_type=True):
if isinstance(fields, BaseField):
fields = [fields]
fields.insert(
0,
SizeInBytes(name='bLength',
sized_field=self,
length=8,
fuzzable=True))
fields.insert(
1,
UInt8(name='bDescriptorType',
value=descriptor_type,
fuzzable=fuzz_type))
super(SubDescriptor, self).__init__(name=name, fields=fields)
def __init__(self,
name,
tag,
fields=None,
tag_size=32,
length_size=32,
encoder=ENC_INT_BE,
fuzzable=True,
fuzz_tag=False,
fuzz_length=True):
'''
:param name: name of the tlv element
:param tag: tag of element
:param fields: element fields, e.g. value (default: None)
:param tag_size: size of tag field in bits (default: 32)
:param length_size: size of length field in bits (default: 32)
:param encoder: encoder for tag and length fields (default: ENC_INT_BE)
:param fuzzable: should fuzz the element (default: True)
:param fuzz_tag: should fuzz the tag value (default: False)
:param fuzz_length: should fuzz the element length (default: True)
'''
tag_name = '%s-tag' % name
len_name = '%s-length' % name
val_name = '%s-value' % name
if fields is None:
fields = []
_fields = [
BitField(name=tag_name,
value=tag,
length=tag_size,
signed=False,
encoder=encoder,
fuzzable=fuzz_tag),
SizeInBytes(name=len_name,
sized_field=val_name,
length=length_size,
encoder=encoder,
fuzzable=fuzz_length),
Container(name=val_name, fields=fields)
]
super(TLV, self).__init__(fields=_fields,
encoder=ENC_BITS_DEFAULT,
fuzzable=fuzzable,
name=name)
def __init__(self,
frameid,
fields,
flags=0,
fuzzable=True,
fuzz_frame_id=False):
content = Container(name="content", fields=fields)
header = Container(name="header",
fields=[
BE32(name="Frame ID",
value=struct.unpack(">I", frameid)[0],
fuzzable=fuzz_frame_id),
SizeInBytes(name="Size",
sized_field=content,
length=32,
encoder=ENC_INT_BE),
BE16(name="Flags", value=flags),
])
fields = [header, content]
super(id3v23_frame, self).__init__(name=frameid,
fields=fields,
fuzzable=fuzzable)
super(id3v23_url_frame, self).__init__(frameid,
flags=flags,
fields=fields,
fuzzable=fuzzable,
fuzz_frame_id=fuzz_frame_id)
id3v23container = Container(
name="id3v23container",
fields=[
Static("ID3"),
BE8(name="majorversion", value=3),
BE8(name="revision", value=0),
BE8(name="flags", value=0x00, fuzzable=False),
SizeInBytes(name="size",
sized_field="frames",
length=28,
encoder=id3v23_size_encoder()),
# TODO: Extended header
OneOf(
name="frames",
fields=[
id3v23_frame("UFID",
fields=[
String(name="Owner Identifier",
value="owner identifier",
encoder=STR_ENC_NULLTERM),
RandomBytes(name="Identifier",
value="A" * 64,
min_length=1,
max_length=100)
]),
UInt8(name='bInterfaceSubClass', value=0x01,
fuzzable=False), # audio control
UInt8(name='bInterfaceProtocol', value=0x00),
UInt8(name='iInterface', value=0x01),
]),
List(
name='Class-Specific AC interfaces',
fields=[
SubDescriptor(
name='header',
descriptor_type=_DescriptorTypes.CS_INTERFACE,
fields=[
UInt8(name='bDesciptorSubType', value=0x01),
LE16(name='bcdADC', value=0x100),
SizeInBytes(name='wTotalLength',
sized_field='Class-Specific AC interfaces',
length=16,
encoder=ENC_INT_LE),
SizeInBytes(name='bInCollection',
sized_field='baInterfaceNr',
length=8),
RandomBytes(name='baInterfaceNr',
value='\x01',
min_length=0,
max_length=250),
]),
SubDescriptor(
name='input terminal',
descriptor_type=_DescriptorTypes.CS_INTERFACE,
fields=[
UInt8(name='bDesciptorSubType', value=0x02),
UInt8(name='bTerminalID', value=1),
class apev2textitem(apev2item):
def __init__(self, key, value, fuzzable=True):
value_field = String(name="key", value=value)
super(apev2textitem, self).__init__(key,
value_field,
flags=0,
fuzzable=fuzzable)
apev2container = Container(
name="apev2container",
fields=[
Static("APETAGEX"),
LE32(name="version", value=struct.unpack("<I", "2000")[0]),
SizeInBytes(name="size",
sized_field="items and footer",
length=32,
encoder=ENC_INT_LE),
ElementCount(depends_on="items",
length=32,
name="item count",
encoder=ENC_INT_LE),
LE32(name="flags", value=0xa0000000),
RandomBytes(name="reserved",
value="\x00" * 8,
min_length=8,
max_length=8),
Container(
name="items and footer",
fields=[
OneOf(
name="items",
UInt8(name='SenseKeySpecific_2', value=0x00),
])
])
# Inquiry - FuzzableUSBMassStorageInterface
scsi_inquiry_response = Template(
name='scsi_inquiry_response',
fields=[
UInt8(name='Peripheral', value=0x00),
UInt8(name='Removable', value=0x80),
UInt8(name='Version', value=0x04),
UInt8(name='Response_Data_Format', value=0x02),
SizeInBytes(
name='Additional Length',
sized_field='Additional Inquiry Data',
length=8
),
SizedPt(name='Additional Inquiry Data',
fields=[
UInt8(name='Sccstp', value=0x00),
UInt8(name='Bqueetc', value=0x00),
UInt8(name='CmdQue', value=0x00),
Pad(8 * 8, fields=String(name='VendorID', value='Paul', max_size=8)),
Pad(16 * 8, fields=String(name='ProductID', value='Atreides', max_size=16)),
Pad(4 * 8, fields=String(name='productRev', value='1718', max_size=4)),
])
])
# Mode Sense - FuzzableUSBMassStorageInterface
UInt8(name='bDeviceSubClass', value=0),
UInt8(name='bDeviceProtocol', value=0),
UInt8(name='bMaxPacketSize', value=0), # valid sizes: 8,16,32,64
UInt8(name='bNumConfigurations', value=0),
UInt8(name='bReserved', value=0)
])
# Configuration descriptor
# Section 9.6.3, page 265
configuration_descriptor = Template(
name='configuration_descriptor',
fields=[
UInt8(name='bLength', value=9),
UInt8(name='bDescriptorType', value=DescriptorType.configuration),
SizeInBytes(name='wTotalLength',
sized_field='/',
length=16,
encoder=ENC_INT_LE),
ElementCount(name='bNumInterfaces', depends_on='interfaces', length=8),
UInt8(name='bConfigurationValue', value=1),
UInt8(name='iConfiguration', value=0),
BitField(name='bmAttributes', value=0, length=8),
UInt8(name='bMaxPower', value=1),
List(name='interfaces',
fields=[
Container(
name='iface and eps',
fields=[
SubDescriptor(
name='interface_descriptor',
descriptor_type=DescriptorType.interface,
fields=[