def parse_video(vid, out_dir=None): print "parsing video %s" % vid out_file = "%s.j3m" % vid if out_dir is not None: out_file = os.path.join(out_dir, out_file.split("/")[-1]) cmd = (BASH_CMD["DUMP_ATTACHMENT"] % (out_file, vid)).split(" ") p = Popen(cmd, stdout=PIPE, close_fds=True) p.wait() if not os.path.exists(out_file): return False with open(out_file, "rb") as J: j3m_data = J.read() if j3m_data.split("\n")[:2] == gpg_sentinel: print "Now decrypting..." j3m_asc = "%s.asc" % out_file with open(j3m_asc, "wb+") as OUT: OUT.write(j3m_data) decrypt_file(j3m_asc, out_file) return True, out_file
def parse_image(img, out_dir=None): print "parsing image %s" % img out_file = "%s.j3m" % img if out_dir is not None: out_file = os.path.join(out_dir, out_file.split("/")[-1]) j3m_data = StringIO() obscura_marker_found = False cmd = [os.path.join(os.path.dirname(os.path.abspath(__file__)), "lib", "j3mparser.out"), img] p = Popen(cmd, stdout=PIPE, close_fds=True) data = p.stdout.readline() while data: if re.match(r'^file: .*', data): pass elif re.match(r'^Generic APPn .*', data): pass elif re.match(r'^Component.*', data): pass elif re.match(r'^Didn\'t find .*', data): pass elif re.match(r'^Got obscura marker.*', data): obscura_marker_found = True else: if obscura_marker_found: j3m_data.write(data) data = p.stdout.readline() p.stdout.close() try: j3m_data = j3m_data.getvalue() if j3m_data.split('\n')[:2] == gpg_sentinel: print "Now decrypting..." j3m_asc = "%s.asc" % out_file with open(j3m_asc, 'wb+') as OUT: OUT.write(j3m_data) decrypt_file(j3m_asc, out_file) else: with open(out_file, 'wb+') as OUT: OUT.write(j3m_data) return True, out_file except Exception as e: print "could not get j3m data from this image" print e, type(e) return False
def parse_j3mlog(log, out_dir=None): print "parsing j3m log %s" % log log_data = get_log_data(log) log_alias = log last_state = log out_file = "%s.unzipped" % log if out_dir is not None: out_file = os.path.join(out_dir, log.split("/")[-1]) else: out_dir = os.path.dirname(log) if log_data.split('\n')[0] == b64encode('\n'.join(gpg_sentinel)): print "Now un-b64ing..." log_alias = "%s.unb64ed" % log_alias # if so, un-b64 cmd = ["base64", "-D", "-i", last_state, "-o", os.path.join(out_dir, log_alias)] p = Popen(cmd, stdout=PIPE, close_fds=True) data = p.stdout.readline() while data: data = data.strip() data = p.stdout.readline() p.stdout.close() last_state = log_alias log_data = get_log_data(last_state) # is it pgp? (i.e. starts with BEGIN PGP MESSAGE) if log_data.split('\n')[:2] == gpg_sentinel: print "Now decrypting..." log_alias = "%s.decrypted" % log_alias # if so, prompt user to decrypt decrypt_file(last_state, os.path.join(out_dir, log_alias)) last_state = log_alias log_data = get_log_data(last_state) # finally, unzip try: print "Now unzipping..." cmd = ["unzip", "-o", last_state, "-d", out_file] p = Popen(cmd, stdout=PIPE, close_fds=True) data = p.stdout.readline() while data: data = data.strip() data = p.stdout.readline() p.stdout.close() except Exception as e: print e, type(e) return False for r, _, files in os.walk(out_file): files = [os.path.join(r, f) for f in files] break return True, files