def displayMessage(self, message): # Clean the hexdump view self.textview.get_buffer().delete(self.textview.get_buffer().get_start_iter(), self.textview.get_buffer().get_end_iter()) # Fecth the content of the message to display hexContent = TypeConvertor.hexdump(TypeConvertor.netzobRawToPythonRaw(message.getData())) # Update the hexdump self.textview.get_buffer().insert_with_tags_by_name(self.textview.get_buffer().get_start_iter(), hexContent, "normalTag")
def getMessageDetails(self, messageID): if not messageID in self._payloadDict: errorMessage = _("Message ID: {0} not found in importer " + "message list").format(messageID) logging.error(errorMessage) raise NetzobImportException("IPC", errorMessage, ERROR) payload = self._payloadDict[messageID] return TypeConvertor.hexdump(TypeConvertor.netzobRawToPythonRaw(payload))
def getMessageDetails(self, messageID): if not messageID in self._payloadDict: errorMessage = _("Message ID: {0} not found in importer " + "message list").format(messageID) logging.error(errorMessage) raise NetzobImportException("IPC", errorMessage, ERROR) payload = self._payloadDict[messageID] return TypeConvertor.hexdump( TypeConvertor.netzobRawToPythonRaw(payload))
def doGetMessageDetails(self, messageID): message = self.model.getMessageByID(str(messageID)) properties = [(props.getName(), props.getCurrentValue()) for props in message.getProperties() if props.getName() != 'Data'] messageDetails = "\n".join(["{0}: {1}".format(*prop) for prop in properties]) messageDetails += "\n\n" + TypeConvertor.hexdump(TypeConvertor.netzobRawToPythonRaw(message.getStringData())) return messageDetails
def compilePattern(self): # self.log.debug("CALL COMPILE") tokens = [] maxA = 126 # Max of ascii char not extended minA = 32 # Min of ascii printable spe = [9, 10, 13] # tab, \n, \r tempstr = "" tempbstr = "" ASCIITHRESHOLD = 5 # TODO put as option in UI isAsciiPrintable = lambda t: (ord(t) >= minA and ord(t) <= maxA ) # or ord(t) in spe current = "" tempLength = 0 # Temporary length of byte token canRemove = False if len(str(self.getData())) > 0: # self.log.debug(str(self.getData())) for i in TypeConvertor.netzobRawToPythonRaw(str(self.getData())): if isAsciiPrintable(i): if tempLength: if not canRemove: # Means that there where bytes before tokens.append( Token(Format.HEX, tempLength, "constant", tempbstr)) canRemove = True tempLength += 1 tempstr += i else: # We have a byte if len(tempstr) > ASCIITHRESHOLD: tempbstr = "" tempLength = 0 tokens.append( Token(Format.STRING, len(tempstr), "constant", tempstr)) canRemove = False elif canRemove: # It is not considered as a text string or we have a byte tokens.pop() tempbstr += tempstr canRemove = False elif tempstr: tempLength += len(tempstr) tempbstr += tempstr tempstr = "" tempbstr += i tempLength += 1 if len(tempstr) > ASCIITHRESHOLD or (not tokens and tempstr): tokens.append( Token(Format.STRING, len(tempstr), "constant", tempstr)) else: if canRemove: tokens.pop() tokens.append( Token(Format.HEX, tempLength, "constant", tempbstr)) self.pattern.append(tokens)
def doGetMessageDetails(self, messageID): message = self.model.getMessageByID(str(messageID)) properties = [(props.getName(), props.getCurrentValue()) for props in message.getProperties() if props.getName() != 'Data'] messageDetails = "\n".join( ["{0}: {1}".format(*prop) for prop in properties]) messageDetails += "\n\n" + TypeConvertor.hexdump( TypeConvertor.netzobRawToPythonRaw(message.getStringData())) return messageDetails
def reverse(self, message): """reverse: Encode in B64 the provided message""" result = message try: rawContent = TypeConvertor.netzobRawToPythonRaw(message) b64Content = base64.b64encode(rawContent) result = TypeConvertor.pythonRawToNetzobRaw(b64Content) except TypeError as error: logging.warning("Impossible to compute the base64 value of message (error={0})".format(str(error))) result = "" return result
def apply(self, message): result = message rawData = TypeConvertor.netzobRawToPythonRaw(message) compressedstream = StringIO.StringIO(rawData) try: gzipper = gzip.GzipFile(fileobj=compressedstream) data = gzipper.read() result = TypeConvertor.pythonRawToNetzobRaw(data) except Exception as e: logging.info("Impossible to apply GZip function on provided message (error= {0})".format(str(e))) result = "" return result
def reverse(self, message): """reverse: This compress the provided message in bz2 format""" result = message rawData = TypeConvertor.netzobRawToPythonRaw(message) try: rawResult = bz2.compress(rawData) result = TypeConvertor.pythonRawToNetzobRaw(rawResult) except Exception as e: logging.info("Impossible to reverse BZ2 function (compress) on provided message (error= {0})".format(str(e))) result = "" return result
def reverse(self, message): result = message rawData = TypeConvertor.netzobRawToPythonRaw(message) compressedstream = StringIO.StringIO() try: gzipper = gzip.GzipFile(fileobj=compressedstream, mode='w') gzipper.write(rawData) gzipper.close() result = TypeConvertor.pythonRawToNetzobRaw(compressedstream.getvalue()) except Exception as e: logging.info("Impossible to apply GZip function on provided message (error= {0})".format(str(e))) result = "" return result
def reverse(self, message): """reverse: Encode in B64 the provided message""" result = message try: rawContent = TypeConvertor.netzobRawToPythonRaw(message) b64Content = base64.b64encode(rawContent) result = TypeConvertor.pythonRawToNetzobRaw(b64Content) except TypeError as error: logging.warning( "Impossible to compute the base64 value of message (error={0})" .format(str(error))) result = "" return result
def compilePattern(self): # self.log.debug("CALL COMPILE") tokens = [] maxA = 126 # Max of ascii char not extended minA = 32 # Min of ascii printable spe = [9, 10, 13] # tab, \n, \r tempstr = "" tempbstr = "" ASCIITHRESHOLD = 5 # TODO put as option in UI isAsciiPrintable = lambda t: (ord(t) >= minA and ord(t) <= maxA) # or ord(t) in spe current = "" tempLength = 0 # Temporary length of byte token canRemove = False if len(str(self.getData())) > 0: # self.log.debug(str(self.getData())) for i in TypeConvertor.netzobRawToPythonRaw(str(self.getData())): if isAsciiPrintable(i): if tempLength: if not canRemove: # Means that there where bytes before tokens.append(Token(Format.HEX, tempLength, "constant", tempbstr)) canRemove = True tempLength += 1 tempstr += i else: # We have a byte if len(tempstr) > ASCIITHRESHOLD: tempbstr = "" tempLength = 0 tokens.append(Token(Format.STRING, len(tempstr), "constant", tempstr)) canRemove = False elif canRemove: # It is not considered as a text string or we have a byte tokens.pop() tempbstr += tempstr canRemove = False elif tempstr: tempLength += len(tempstr) tempbstr += tempstr tempstr = "" tempbstr += i tempLength += 1 if len(tempstr) > ASCIITHRESHOLD or (not tokens and tempstr): tokens.append(Token(Format.STRING, len(tempstr), "constant", tempstr)) else: if canRemove: tokens.pop() tokens.append(Token(Format.HEX, tempLength, "constant", tempbstr)) self.pattern.append(tokens)
def getEncodedSizes(self, cell): res = {} # Loop over different possible encoding of size field for n in [4, 2, 1]: # Handle big and little endian for size field of 1, 2 and 4 octets length rawMsgSize = TypeConvertor.netzobRawToPythonRaw(cell[:n * 2]) # We take the tiniest encoding form if len(rawMsgSize) == 1: expectedSizeType = "B" elif len(rawMsgSize) == 2: expectedSizeType = "H" elif len(rawMsgSize) == 4: expectedSizeType = "I" else: # Do not consider size field with len > 4 break # We want both little and big endian version of the size (expectedSizeLE,) = struct.unpack("<" + expectedSizeType, rawMsgSize) (expectedSizeBE,) = struct.unpack(">" + expectedSizeType, rawMsgSize) res[len(rawMsgSize)] = (expectedSizeLE, expectedSizeBE) return res
def getEncodedSizes(self, cell): res = {} # Loop over different possible encoding of size field for n in [4, 2, 1]: # Handle big and little endian for size field of 1, 2 and 4 octets length rawMsgSize = TypeConvertor.netzobRawToPythonRaw(cell[:n * 2]) # We take the tiniest encoding form if len(rawMsgSize) == 1: expectedSizeType = "B" elif len(rawMsgSize) == 2: expectedSizeType = "H" elif len(rawMsgSize) == 4: expectedSizeType = "I" else: # Do not consider size field with len > 4 break # We want both little and big endian version of the size (expectedSizeLE, ) = struct.unpack("<" + expectedSizeType, rawMsgSize) (expectedSizeBE, ) = struct.unpack(">" + expectedSizeType, rawMsgSize) res[len(rawMsgSize)] = (expectedSizeLE, expectedSizeBE) return res
def doGetMessageDetails(self, messageID): message = self.model.getMessageByID(str(messageID)) return TypeConvertor.hexdump(TypeConvertor.netzobRawToPythonRaw(message.getData()))
def __init__(self, message, symbol): data = message.getReducedStringData() self.alignment = TypeConvertor.netzobRawToPythonRaw(data) self.uid = symbol.getID() self.length = len(self.alignment)
def doGetMessageDetails(self, messageID): message = self.model.getMessageByID(str(messageID)) return TypeConvertor.hexdump( TypeConvertor.netzobRawToPythonRaw(message.getData()))
def apply(self, message): if self.unitsize != UnitSize.NONE: # First we apply the unit size # Default modulo = 2 => 8BITS if self.unitsize == UnitSize.BIT: modulo = 1 else: modulo = UnitSize.getSizeInBits(self.unitsize) / 4 splittedData = [] tmpResult = "" for i in range(0, len(message)): if i > 0 and i % modulo == 0: splittedData.append(tmpResult) tmpResult = "" tmpResult = tmpResult + message[i] splittedData.append(tmpResult) else: splittedData = [message] encodedSplittedData = [] # Now we have the message splitted per unit size # we apply endianess on it # we consider the normal mode is big-endian for i in range(0, len(splittedData)): origNetzobRaw = splittedData[i] # SPECIAL CASE : ASCII we do not compute endianess neither signed/unsigned if not self.formatType == Format.STRING and UnitSize.getSizeInBits(self.unitsize) >= 8 and not self.formatType == Format.BINARY: tmpVal = UnitSize.getSizeInBits(self.unitsize) / 4 - len(origNetzobRaw) if self.endianness == Endianess.BIG: netzobRaw = (tmpVal * "0") + origNetzobRaw else: netzobRaw = origNetzobRaw + (tmpVal * "0") # Convert in Python raw pythonraw = TypeConvertor.netzobRawToPythonRaw(netzobRaw) # Create transformer # - ENDIANESS transformer = ">" if self.endianness == Endianess.LITTLE: transformer = "<" # - SIGNED/UNISGNED if self.sign == Sign.SIGNED: transformer = transformer + (UnitSize.getPackDefiniton(self.unitsize)).lower() else: transformer = transformer + (UnitSize.getPackDefiniton(self.unitsize)).upper() # Apply the transformation (unpackRaw,) = struct.unpack(transformer, pythonraw) localResult = "" fmt = "%" + str(UnitSize.getMaxDigitForTypeAndUnitSize(self.formatType, self.unitsize)) if self.formatType == Format.OCTAL: localResult = (fmt + "o") % unpackRaw elif self.formatType == Format.DECIMAL: localResult = (fmt + "d") % unpackRaw elif self.formatType == Format.HEX: localResult = (fmt + "s") % origNetzobRaw encodedSplittedData.append(localResult) elif self.formatType == Format.STRING: encodedSplittedData.append(TypeConvertor.netzobRawToString(origNetzobRaw)) elif self.formatType == Format.BINARY: encodedSplittedData.append(TypeConvertor.netzobRawToBinary(origNetzobRaw)) elif self.formatType == Format.IPv4: encodedSplittedData.append(TypeConvertor.netzobRawToIPv4(origNetzobRaw)) elif UnitSize.getSizeInBits(self.unitsize) < UnitSize.getSizeInBits(UnitSize.BITS8): encodedSplittedData.append(TypeConvertor.encodeNetzobRawToGivenType(origNetzobRaw, self.formatType)) # Before sending back (;D) we join everything return " ".join(encodedSplittedData)
def apply(self, message): if self.unitsize != UnitSize.NONE: # First we apply the unit size # Default modulo = 2 => 8BITS if self.unitsize == UnitSize.BIT: modulo = 1 else: modulo = UnitSize.getSizeInBits(self.unitsize) / 4 splittedData = [] tmpResult = "" for i in range(0, len(message)): if i > 0 and i % modulo == 0: splittedData.append(tmpResult) tmpResult = "" tmpResult = tmpResult + message[i] splittedData.append(tmpResult) else: splittedData = [message] encodedSplittedData = [] # Now we have the message splitted per unit size # we apply endianess on it # we consider the normal mode is big-endian for i in range(0, len(splittedData)): origNetzobRaw = splittedData[i] # SPECIAL CASE : ASCII we do not compute endianess neither signed/unsigned if not self.formatType == Format.STRING and UnitSize.getSizeInBits( self.unitsize ) >= 8 and not self.formatType == Format.BINARY: tmpVal = UnitSize.getSizeInBits( self.unitsize) / 4 - len(origNetzobRaw) if self.endianness == Endianess.BIG: netzobRaw = (tmpVal * "0") + origNetzobRaw else: netzobRaw = origNetzobRaw + (tmpVal * "0") # Convert in Python raw pythonraw = TypeConvertor.netzobRawToPythonRaw(netzobRaw) # Create transformer # - ENDIANESS transformer = ">" if self.endianness == Endianess.LITTLE: transformer = "<" # - SIGNED/UNISGNED if self.sign == Sign.SIGNED: transformer = transformer + (UnitSize.getPackDefiniton( self.unitsize)).lower() else: transformer = transformer + (UnitSize.getPackDefiniton( self.unitsize)).upper() # Apply the transformation (unpackRaw, ) = struct.unpack(transformer, pythonraw) localResult = "" fmt = "%" + str( UnitSize.getMaxDigitForTypeAndUnitSize( self.formatType, self.unitsize)) if self.formatType == Format.OCTAL: localResult = (fmt + "o") % unpackRaw elif self.formatType == Format.DECIMAL: localResult = (fmt + "d") % unpackRaw elif self.formatType == Format.HEX: localResult = (fmt + "s") % origNetzobRaw encodedSplittedData.append(localResult) elif self.formatType == Format.STRING: encodedSplittedData.append( TypeConvertor.netzobRawToString(origNetzobRaw)) elif self.formatType == Format.BINARY: encodedSplittedData.append( TypeConvertor.netzobRawToBinary(origNetzobRaw)) elif self.formatType == Format.IPv4: encodedSplittedData.append( TypeConvertor.netzobRawToIPv4(origNetzobRaw)) elif UnitSize.getSizeInBits( self.unitsize) < UnitSize.getSizeInBits(UnitSize.BITS8): encodedSplittedData.append( TypeConvertor.encodeNetzobRawToGivenType( origNetzobRaw, self.formatType)) # Before sending back (;D) we join everything return " ".join(encodedSplittedData)