def main(debug, verbose, decoder_dir, decoder_source): # Setup logging kordesii.setup_logging() if debug: logging.root.setLevel(logging.DEBUG) elif verbose: logging.root.setLevel(logging.INFO) # else let log_config.yaml set log level. # Register parsers kordesii.register_entry_points() if decoder_dir: kordesii.register_decoder_directory(decoder_dir) if decoder_source: kordesii.set_default_source(decoder_source)
def run_kordesii_decoder(self, decoder_name: str, warn_no_strings=True): """ Run the specified kordesii decoder against the file data. The reporter object is returned and can be accessed as necessary to obtain output files, etc. :param decoder_name: name of the decoder to run :param warn_no_strings: Whether to produce a warning if no string were found. :return: Instance of the kordesii_reporter. :raises RuntimeError: If kordesii is not installed. """ if not kordesii: raise RuntimeError("Please install kordesii to use this function.") # Pull from cache if we already ran this decoder. if decoder_name in self._kordesii_cache: return self._kordesii_cache[decoder_name] logger.info( f"Running {decoder_name} kordesii decoder on file {self.file_name}." ) # Ensure decoderdir sources are populated kordesii.register_entry_points() kordesii_reporter = kordesii.Reporter(base64outputfiles=True) kordesii_reporter.run_decoder(decoder_name, data=self.file_data, log=True) if warn_no_strings: decrypted_strings = kordesii_reporter.get_strings() if not decrypted_strings: # Not necessarily a bad thing, the decoder might be used for something else. logger.info( f"No decrypted strings were returned by the decoder for file {self.file_name}." ) # Cache results self._kordesii_cache[decoder_name] = kordesii_reporter return kordesii_reporter
def __init__(self, decoderdir=None, tempdir=None, disabletempcleanup=False, disabledebug=False, base64outputfiles=False, ): # defaults if decoderdir: warnings.warn( 'Supplying a decoderdir in the Reporter class is no longer supported. ' 'Please call kordesii.register_decoder_directory() beforehand instead.', DeprecationWarning) kordesii.register_decoder_directory(decoderdir) else: # This is here until to keep backwards compatibility. In the future this will be removed # and the user/tool will need to call this once on startup. kordesii.register_entry_points() if disabledebug: warnings.warn('Supplying a disabledebug in the Reporter class is no longer supported. ' 'Please set the log level using the logging library instead.', DeprecationWarning) # You would think disabling "debug" would mean to set log level to INFO, however "reporter.debug()" # was really used for INFO level logs, so set level to WARNING instead. logging.root.setLevel(logging.WARNING) self.tempdir = tempdir or tempfile.gettempdir() self.metadata = {} self.errors = [] # TODO: Remove disassembler specific details from reporter. self.ida_log = '' self._log_handler = None self._temp_file_name = '' self._managed_tempdir = '' self._disable_temp_cleanup = disabletempcleanup self._base64_output_files = base64outputfiles self._other_data = None self._deserialized_data = {}
def init_app(app): kordesii.register_entry_points()
def main(): """ Run tool. """ print('') # Get command line arguments argparser = get_arg_parser() args = argparser.parse_args() # Setup logging kordesii.setup_logging() if args.debug: logging.root.setLevel(logging.DEBUG) else: logging.root.setLevel( logging.ERROR ) # By default, ignore all warning, info, and debug messages. # Register decoders kordesii.register_entry_points() if args.decoderdir: kordesii.register_decoder_directory(args.decoderdir) if args.decodersource: kordesii.set_default_source(args.decodersource) # Configure reporter based on args reporter = Reporter() # Configure test object if args.all_tests or not args.decoder_name: decoders = [None] else: decoders = [args.decoder_name] tester = Tester(reporter, results_dir=args.test_case_dir, decoder_names=decoders, nprocs=args.nprocs, field_names=filter(None, args.field_names.split(",")), ignore_field_names=filter( None, args.exclude_field_names.split(","))) # Gather all our input files input_files = [] if args.input_file: input_files = read_input_list(args.input_file) # Add/Delete if args.delete or args.update: if not args.decoder_name: sys.exit( 'Decoder must be provided when adding or deleting a file from a test case.' ) for input_file in input_files: if args.delete: tester.remove_test(input_file) else: tester.add_test(input_file) # Update elif args.update: if not args.decoder_name: sys.exit('Decoder must be provided when updating a test case.') tester.update_tests() # Default is to run test cases else: _run_tests(tester, silent=args.silent, show_passed=not args.only_failed_tests)
def main(): kordesii.register_entry_points() run(app, server='auto', host='localhost', port=8081)
(tempdir, str(e))) # Format and return results output = reporter.metadata if reporter.errors: output["error"] = str(reporter.errors) for error in reporter.errors: logger.error("_run_decoder %s %s %s" % (name, filename, error)) if append_output_text: output["output_text"] = reporter.get_output_text() return output except Exception as e: output = {'error': traceback.format_exc()} logger.error("_run_decoder %s %s %s" % (name, filename, traceback.format_exc())) return output def main(): kordesii.register_entry_points() run(app, server='auto', host='localhost', port=8081) if __name__ == '__main__': main() else: kordesii.register_entry_points() application = app
def main(): """ Takes args from the command line, runs IDA, and returns with IDA's returncode on success or a message on failure. """ opt_parse = make_opt_parser() options, args = opt_parse.parse_args() # Setup logging kordesii.setup_logging() if options.hidedebug: logging.root.setLevel(logging.ERROR) elif options.debug: logging.root.setLevel(logging.DEBUG) else: logging.root.setLevel(logging.INFO) # Register decoders kordesii.register_entry_points() if options.decoderdir: kordesii.register_decoder_directory(options.decoderdir) if options.decodersource: kordesii.set_default_source(options.decodersource) # List out decoder names and exit if options.list: _print_decoders(json_output=options.jsonoutput) sys.exit(0) # Currently only allow one file to be passed in if not args or len(args) != 1: opt_parse.print_help() return # If we can not create reporter object there is very little we can do. Just die immediately. try: reporter = Reporter( tempdir=options.tempdir, disabletempcleanup=options.disabletempcleanup, disabledebug=options.hidedebug, ) except Exception as e: error_message = "Error loading DC3-Kordesii reporter object, please check installation: %s" % ( traceback.format_exc()) if options.jsonoutput: print('{"errors": ["%s"]}' % error_message) else: print(error_message) sys.exit(1) # Run decoder if options.decoder: # Grab file from arguments input_file = os.path.abspath(args[0]) # Run the decoder reporter.run_decoder( options.decoder, input_file, timeout=options.timeout, autonomous=options.autonomous, log=options.enableidalog, cleanup_txt_files=not options.disabletxtcleanup, cleanup_output_files=options.enableoutputfilecleanup, cleanup_idb_files=options.enableidbcleanup) # Output results if options.jsonoutput: output = reporter.metadata if reporter.errors: output["errors"] = reporter.errors if reporter.ida_log: output["ida_log"] = reporter.ida_log print(json.dumps(output, indent=4)) else: reporter.print_report()