def sdhash_get_from_file(_in):
    statinfo = os.stat(_in)
    # sdhash cannot deal with file smaller than 512
    if statinfo.st_size <= 512 + 50:
        with open(_in) as f:
            return f.read()
    _in1 = sdbf_class.sdbf(_in, 0).to_string()
    return _in1[_in1.find(":sha1:")]
def sdhash_compare(_in_1, _in_2):
    sdbf_1 = sdbf_class.sdbf(_in_1, 0)
    sdbf_2 = sdbf_class.sdbf(_in_2, 0)
    return sdbf_1.compare(sdbf_2, 0)
Exemple #3
0
#!/usr/bin/python3

# Import our module, living in the same directory as _sdbf_class.so
import sdbf_class

# Name a few standalone objects to hash
name1 = b"hoge.txt"
name2 = b"test2.txt"

# Create new objects from these names, in "regular" non-block mode.
test1 = sdbf_class.sdbf(name1, 0)
test2 = sdbf_class.sdbf(name2, 0)

# print out some vital statistics and the hash itself
print("test1")
print(test1.name())
print(test1.size())
print(test1.input_size())
print(test1.to_string())

print("test2")
print(test2.name())
print(test2.size())
print(test2.input_size())
print(test1.to_string())

# test2.print_sdbf(test2)

# Compare the two hashes and get back a score
score = test2.compare(test1, 0)
 def update(self, arg):
     self.h = sdbf_class.sdbf('unknown', arg, 0, len(arg), None)
Exemple #5
0
    hash.append(sizeOfHeapCommit[8:16] ^ sizeOfHeapCommit[16:24] ^ sizeOfHeapCommit[24:32])
    heapcommit_hash = sizeOfHeapCommit[8:16] ^ sizeOfHeapCommit[16:24] ^ sizeOfHeapCommit[24:32]

    sections_holder = []
    for section in sections:
        section_copy = copy.deepcopy(section)
        section_hash = section_copy[1]
        section_hash.append(section_copy[2])
        section_hash.append(section_copy[3][16:24] ^ section_copy[3][24:32])
        section_hash.append(section_copy[4])
        hash.append(section[1])
        hash.append(section[2])
        hash.append(section[3][16:24] ^ section[3][24:32])
        hash.append(section[4])

        sections_holder.append(str(section_hash))

    return hashlib.md5(str(hash)).hexdigest()
pe_data = open(sys.argv[1], 'rb').read()
try:
  pehash = peHash(pe_data)
except:
  pehash = ''
sdhash = sdbf_class.sdbf(sys.argv[1], 0)
ssdeephash = ssdeep.hash(pe_data)
print anyjson.serialize({
    'pe_hash': pehash,
    'sdhash': sdhash.to_string(),
    'ssdeep': ssdeephash,
    'timestamp': int(time.time())
   }),
#!/usr/bin/python

# Import our module, living in the same directory as _sdbf_class.so
import sdbf_class

# Name a few standalone objects to hash
name = "sdbf_class.py"
name2 = "sdbf_class.pyc"

# Create new objects from these names, in "regular" non-block mode.
test1 = sdbf_class.sdbf(name,0)
test2 = sdbf_class.sdbf(name2,0)

# print out some vital statistics and the hash itself
print "test 1"
print test1.name()
print test1.size()
print test1.input_size()
print test1.to_string()

print "test 2"
print test2.name()
print test2.size()
print test2.input_size()
bar=test2.to_string()

print bar

#test2.print_sdbf(test2)

# Compare the two hashes and get back a score
Exemple #7
0
 def test_read_cstring(self):
     with open(self.TEST_FILE, 'rb') as f:
         data = f.read()
         s = sdbf_class.sdbf(self.TEST_FILE, data, 0, len(data), None)
         self.check_sdbf(s, "{}\n".format(self.TEST_FILE_SDBF))
Exemple #8
0
 def test_read_file(self):
     s = sdbf_class.sdbf(self.TEST_FILE, 0)
     self.check_sdbf(s, "{}\n".format(self.TEST_FILE_SDBF))
Exemple #9
0
 def test_formated_string(self):
     s = sdbf_class.sdbf(self.TEST_FILE_SDBF)
     self.check_sdbf(s, "{}\n".format(self.TEST_FILE_SDBF))