コード例 #1
0
 def EficheckCollectHashes(self, args):
     stderr = b"Unable to collect the hashes"
     exec_response = rdf_client_action.ExecuteBinaryResponse(stderr=stderr,
                                                             exit_status=-1)
     response = rdf_apple_firmware.CollectEfiHashesResponse(
         response=exec_response)
     return [response]
コード例 #2
0
  def Run(self, args):
    """Use eficheck to extract the binary image of the flash.

    Args:
      args: EficheckConfig
    Returns:
      DumpEfiImageResponse

    This action executes eficheck multiple times:
      * First to get the binary version, using --version.
      * Use --save -b firmware.bin to save the image.
    """

    eficheck_version = self._GetVersion(args)
    if not eficheck_version:
      return False

    with tempfiles.TemporaryDirectory(cleanup=False) as tmp_dir:
      res = client_utils_common.Execute(
          args.cmd_path, ["--save", "-b", "firmware.bin"], cwd=tmp_dir.path)
      stdout, stderr, exit_status, time_used = res
      binary_response = rdf_client_action.ExecuteBinaryResponse(
          stdout=stdout,
          stderr=stderr,
          exit_status=exit_status,
          time_used=time_used)
      response = rdf_apple_firmware.DumpEfiImageResponse(
          eficheck_version=eficheck_version, response=binary_response)
      if exit_status:
        tmp_dir.cleanup = True
      else:
        response.path = rdf_paths.PathSpec(
            path=os.path.join(tmp_dir.path, "firmware.bin"),
            pathtype=rdf_paths.PathSpec.PathType.TMPFILE)
      self.SendReply(response)
コード例 #3
0
 def EficheckDumpImage(self, args):
     stderr = "Unable to connect to the kernel driver."
     exec_response = rdf_client_action.ExecuteBinaryResponse(
         stderr=stderr.encode("utf-8"), exit_status=1)
     response = rdf_apple_firmware.DumpEfiImageResponse(
         eficheck_version="1.9.6", response=exec_response)
     return [response]
コード例 #4
0
 def EficheckDumpImage(self, args):
     flash_fd, flash_path = tempfiles.CreateGRRTempFileVFS()
     flash_fd.close()
     stdout = "Image successfully written to firmware.bin."
     exec_response = rdf_client_action.ExecuteBinaryResponse(
         stdout=stdout.encode("utf-8"), exit_status=0)
     response = rdf_apple_firmware.DumpEfiImageResponse(
         eficheck_version="1.9.6", response=exec_response, path=flash_path)
     return [response]
コード例 #5
0
ファイル: administrative_test.py プロジェクト: rezaduty/grr
        def Run(self, args):
            del args  # Unused.

            stdout = "żółć %s gęślą {} jaźń # ⛷".encode("utf-8")
            stderr = b"\x00\xff\x00\xff\x00"

            response = rdf_client_action.ExecuteBinaryResponse(stdout=stdout,
                                                               stderr=stderr,
                                                               exit_status=0,
                                                               time_used=0)
            self.SendReply(response)
コード例 #6
0
 def EficheckCollectHashes(self, args):
   stdout = (
       b"01:00:00:00190048:00003c5f:"
       b"4d37da42-3a0c-4eda-b9eb-bc0e1db4713b:"
       b"03a3fb4ca9b65be048b04e44ab5d1dd8e1af1ca9d1f53a5e96e8ae0125a02bb2")
   exec_response = rdf_client_action.ExecuteBinaryResponse(
       stdout=stdout, exit_status=0)
   response = rdf_apple_firmware.CollectEfiHashesResponse(
       eficheck_version="1.9.6",
       boot_rom_version="MBP101.B00",
       response=exec_response)
   return [response]
コード例 #7
0
    def _GetVersion(self, args):
        """Call eficheck to find out its version."""
        res = client_utils_common.Execute(args.cmd_path, ["--version"])
        stdout, stderr, exit_status, time_used = res

        # If something went wrong, forward the output directly.
        if exit_status:
            binary_response = rdf_client_action.ExecuteBinaryResponse(
                stdout=stdout,
                stderr=stderr,
                exit_status=exit_status,
                time_used=time_used)
            self.SendReply(self.out_rdfvalues[0](response=binary_response))
            return
        return stdout
コード例 #8
0
  def ProcessFile(self, path, args):
    res = client_utils_common.Execute(
        path, args.args, args.time_limit, bypass_allowlist=True)
    (stdout, stderr, status, time_used) = res

    # Limit output to 10MB so our response doesn't get too big.
    stdout = stdout[:10 * 1024 * 1024]
    stderr = stderr[:10 * 1024 * 1024]

    self.SendReply(
        rdf_client_action.ExecuteBinaryResponse(
            stdout=stdout,
            stderr=stderr,
            exit_status=status,
            # We have to return microseconds.
            time_used=int(1e6 * time_used)))
コード例 #9
0
ファイル: osx.py プロジェクト: suraj-testing2/Plants_Book
  def ProcessFile(self, path, args):

    cmd = "/usr/sbin/installer"
    cmd_args = ["-pkg", path, "-target", "/"]
    time_limit = args.time_limit

    res = client_utils_common.Execute(
        cmd, cmd_args, time_limit=time_limit, bypass_whitelist=True)
    (stdout, stderr, status, time_used) = res

    # Limit output to 10MB so our response doesn't get too big.
    stdout = stdout[:10 * 1024 * 1024]
    stderr = stderr[:10 * 1024 * 1024]

    self.SendReply(
        rdf_client_action.ExecuteBinaryResponse(
            stdout=stdout,
            stderr=stderr,
            exit_status=status,
            # We have to return microseconds.
            time_used=int(1e6 * time_used)))
コード例 #10
0
    def Run(self, args):
        """Use eficheck to extract hash files in plaintext.

    Args:
      args: EficheckConfig
    Returns:
      CollectEfiHashesResponse

    This action executes eficheck multiple times:
      * First to get the binary version, using --version.
      * Then with the --generate-hashes option. This will create one or more
        .ealf files. Each file contains a binary representation of the hashes
        extracted from a part of the flash image (e.g, EFI, SEC).
      * For each file generated, we use the --show-hashes option to get a
        plaintext representation of the hashes. This raw output is sent to the
        server which will perform further parsing.
    """

        eficheck_version = self._GetVersion(args)
        if not eficheck_version:
            return False

        with tempfiles.TemporaryDirectory() as tmp_dir:
            res = client_utils_common.Execute(args.cmd_path,
                                              ["--generate-hashes"],
                                              cwd=tmp_dir.path)
            stdout, stderr, exit_status, time_used = res
            # If something went wrong, forward the output directly.
            if exit_status:
                binary_response = rdf_client_action.ExecuteBinaryResponse(
                    stdout=stdout,
                    stderr=stderr,
                    exit_status=exit_status,
                    time_used=time_used)
                self.SendReply(
                    rdf_apple_firmware.CollectEfiHashesResponse(
                        response=binary_response))
                return
            # Otherwise, convert all the files generated and forward the output.

            for filename in glob.glob(os.path.join(tmp_dir.path, "*.ealf")):
                cmd_args = ["--show-hashes", "-h", filename]
                # Get the boot rom version from the filename.
                basename = os.path.basename(filename)
                if not self._FILENAME_RE.match(basename):
                    continue
                boot_rom_version, _ = os.path.splitext(basename)
                stdout, stderr, exit_status, time_used = client_utils_common.Execute(
                    args.cmd_path, cmd_args, bypass_allowlist=True)

                binary_response = rdf_client_action.ExecuteBinaryResponse(
                    stdout=stdout,
                    stderr=stderr,
                    exit_status=exit_status,
                    time_used=time_used)
                self.SendReply(
                    rdf_apple_firmware.CollectEfiHashesResponse(
                        eficheck_version=eficheck_version,
                        boot_rom_version=boot_rom_version,
                        response=binary_response))

                tempfiles.DeleteGRRTempFile(filename)