def file_ssdeep(inputname):
"""returns the ssdeep hash of a file buffered,
so memory isn't swamped when dealing with large files."""
h = ssdeep.Hash()
with open(inputname, 'rb', buffering=0) as f:
for b in iter(lambda: f.read(128*1024), b''):
h.update(b)
return h.digest()
def get_hashes(data):
md5_hash = hashlib.md5()
sha1_hash = hashlib.sha1()
sha256_hash = hashlib.sha256()
ssdeep_hash = ssdeep.Hash()
md5_hash.update(data)
sha1_hash.update(data)
sha256_hash.update(data)
ssdeep_hash.update(bytes(data))
return md5_hash.hexdigest(), sha1_hash.hexdigest(
), sha256_hash.hexdigest(), ssdeep_hash.digest()
def transform(cls, sample):
""" Calculate sdeep for sample
:param sample:
:return:
"""
h = ssdeep.Hash()
for chunk in sample.chunks():
h.update(chunk)
sample.add('ssdeep.digest', h.digest())
block_size, block_chunks, double_block_chunks = cls.preprocess_hash(
sample.get('ssdeep.digest'))
sample.add('ssdeep.block_size', block_size)
sample.add('ssdeep.block_chunks', block_chunks)
sample.add('ssdeep.double_block_chunks', double_block_chunks)
def get_ssdeep(fname):
"""Get malware ssdeep
Params:
-fname
Returns:
- rslt
"""
hash_ssdeep = ssdeep.Hash()
with open(fpath + fname, 'rb') as f:
for chunk in iter(lambda: f.read(4096), b""):
hash_ssdeep.update(chunk)
rslt = hash_ssdeep.digest()
return rslt
def get_hashes(file_path):
with open(file_path, 'rb') as fh:
md5 = hashlib.md5()
sha1 = hashlib.sha1()
xx32 = xxhash.xxh32()
xx64 = xxhash.xxh64()
ssdeep = deep.Hash()
while True:
data = fh.read(8192)
if not data:
break
md5.update(data)
sha1.update(data)
xx32.update(data)
xx64.update(data)
ssdeep.update(data)
return md5.hexdigest(), sha1.hexdigest(), xx32.hexdigest(), xx64.hexdigest(
), ssdeep.digest()
def create_object(self, obj):
file = request.files['file']
file.stream.seek(0, os.SEEK_END)
fsize = file.tell()
if fsize == 0:
raise BadRequest("Uploaded file is empty")
sha256 = calc_hash(file.stream, hashlib.sha256(),
lambda h: h.hexdigest())
file.stream.seek(0, os.SEEK_SET)
fmagic = magic.from_buffer(file.stream.read())
# Create file first so we can add it without worrying about race conditions thanks to get_or_create
db_file = File()
db_file.file_name = secure_filename(request.files['file'].filename)
db_file.file_size = fsize
db_file.file_type = fmagic
db_file.parents = []
db_file.crc32 = crc32_sum(file.stream)
db_file.md5 = calc_hash(file.stream, hashlib.md5(),
lambda h: h.hexdigest())
db_file.sha1 = calc_hash(file.stream, hashlib.sha1(),
lambda h: h.hexdigest())
db_file.sha256 = sha256
db_file.dhash = sha256
db_file.sha512 = calc_hash(file.stream, hashlib.sha512(),
lambda h: h.hexdigest())
db_file.humanhash = Humanhash._humanhash(sha256)
db_file.ssdeep = calc_hash(file.stream, ssdeep.Hash(),
lambda h: h.digest())
db_file.upload_time = datetime.now()
if app_config.malwarecage.enable_maintenance and g.auth_user.login == app_config.malwarecage.admin_login:
db_file.upload_time = obj.data.get("upload_time", datetime.now())
db_file, is_file_new = File.get_or_create(db_file, file)
return db_file, is_file_new
def _init_hash(self, input):
self.hobj = ssdeep.Hash()
def calc_ssdeep(stream):
return calc_hash(stream, ssdeep.Hash(), lambda h: h.digest())
def setup(self, arg):
self.h = ssdeep.Hash()
def get_ssdeep(code):
binary = make_bytes(code)
raw_hash = ssdeep.Hash()
raw_hash.update(binary)
return raw_hash.digest()
def test_update_02(self):
obj = ssdeep.Hash()
with pytest.raises(TypeError):
obj.update(1234)
def test_update(self):
obj = ssdeep.Hash()
obj.update("Also called fuzzy hashes, Ctph can match inputs that have homologies.")
res = obj.digest()
assert res == "3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C"
def __init__(self, elffile):
ELFHashFeature.__init__(self, elffile)
self.hobj = ssdeep.Hash()
def ssdeep_hash(file):
hash_fn = ssdeep.Hash()
hash_fn.update(file.read())
file.seek(0)
ret_val = hash_fn.digest()
return ret_val
