def timer_callback(self, ctx):
if not self.one_way:
fe.log('hi')
fe.notify(json.dumps({'cmd': 'hi', 'data': time.time()}))
self.one_way = True
elif not self.two_way:
fe.log('waiting')
fe.notify(json.dumps({'cmd': 'waiting', 'data': time.time()}))
self.ticks += 1
def timer_callback(self, ctx):
if not self.one_way:
fe.log("hi")
fe.notify(json.dumps({"cmd": "hi", "data": time.time()}))
self.one_way = True
elif not self.two_way:
fe.log("waiting")
fe.notify(json.dumps({"cmd": "waiting", "data": time.time()}))
self.ticks += 1
def be_callback(self, ctx):
fe.log(f'BE CALLBACK: {ctx}')
self.two_way = True
# msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
# ALL ASYNC
# FE: hi, waiting, memdump_running, memdump_done, error
# BE: memdump_cmd: go, stop
msg = json.loads(ctx.message)
fe.log(f'JSON message: {msg}')
if msg['cmd'] == 'memdump_cmd' and msg['data'] == 'go':
if self.did >= 0:
fe.log(f'error, dump already in procress (eid={self.did})')
fe.notify(
json.dumps({
'cmd': 'error',
'data': 'memdump already running'
}))
else:
fe.log(f'running memdump')
fe.notify(
json.dumps({
'cmd': 'memdump_running',
'data': time.time()
}))
self.did = fe.event_register({
'event_type': fe.TIMER,
'time_value': 0.0,
'callback': self.memdump_callback
})
fe.log(f'registered new event {self.did}')
elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'stop':
if self.did >= 0:
fe.event_clear(self.did)
self.did = -1
fe.log(f'canceled dump')
else:
fe.log(f'error, no dump in procress (eid={self.did})')
elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'exit':
fe.log('was commanded to exit...')
fe.exit()
fe.log('BE CALLBACK done')
def memdump_callback(self, ctx):
fe.log(
f'memdump_callback: coff={self.offset}, cttl={self.ttl}, memsize={self.memsize}'
)
if self.ttl > 0:
self.ttl -= 1
read_size = 0
batch_size = 0
chunk_arr = []
while batch_size < self.bound:
try:
mem = self.memdump()
except IndexError as e:
fe.log(f'caught {e}, all done!')
self.ttl = 0
break
else:
zmem = self.zco.compress(mem)
batch_size += len(zmem)
chunk_arr.append(binascii.b2a_base64(zmem).decode())
fe.log(f'batch {batch_size} {len(mem)} -> {len(zmem)}')
#res = self.memdump()
#res_utf = binascii.b2a_base64(res).decode()
fe.log(
f'sending {self.ticks}:{batch_size} B to BE, "{chunk_arr[0][0:16]}"'
)
fe.notify(
json.dumps({
'cmd': 'memdump',
'data': chunk_arr,
'ix': self.ticks,
})) #'hash': hashlib.sha256(res).hexdigest()}))
# TODO: for benchmarking, we do not send a hash to the be
else:
fe.log('ttl < 1, clearing memdump callback timer')
fe.event_clear(self.did)
fe.notify(json.dumps({'cmd': 'memdump_done', 'data': time.time()}))
self.did = -1
self.ticks += 1
def be_callback(self, ctx):
fe.log(f"BE CALLBACK: {ctx}")
self.two_way = True
# msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
# ALL ASYNC
# FE: hi, waiting, memdump_running, memdump_done, error
# BE: memdump_cmd: go, stop
msg = json.loads(ctx.message)
fe.log(f"JSON message: {msg}")
if msg["cmd"] == "memdump_cmd" and msg["data"] == "go":
if self.did >= 0:
fe.log(f"error, dump already in procress (eid={self.did})")
fe.notify(
json.dumps({"cmd": "error", "data": "memdump already running"})
)
else:
fe.log(f"running memdump")
fe.notify(json.dumps({"cmd": "memdump_running", "data": time.time()}))
self.did = fe.event_register(
{
"event_type": fe.TIMER,
"time_value": 0.0,
"callback": self.memdump_callback,
}
)
fe.log(f"registered new event {self.did}")
elif msg["cmd"] == "memdump_cmd" and msg["data"] == "stop":
if self.did >= 0:
fe.event_clear(self.did)
self.did = -1
fe.log(f"canceled dump")
else:
fe.log(f"error, no dump in procress (eid={self.did})")
elif msg["cmd"] == "memdump_cmd" and msg["data"] == "exit":
fe.log("was commanded to exit...")
fe.exit()
fe.log("BE CALLBACK done")
def be_callback(self, ctx):
fe.log(f"BE CALLBACK: {ctx}")
self.two_way = True
# msg format: {'cmd': 'foo', 'data': 'bar'}
# ALL ASYNC
# FE: hi, waiting, rekall_running, rekall_done
# BE: rekall_cmd
msg = json.loads(ctx.message)
fe.log(f"JSON message: {msg}")
if msg["cmd"] == "rekall_cmd":
# cmd = '/opt/rekall/bin/rekal -p /opt/kernels/rekall/win7ie11.rekall.json -vf /home/furnace pslist'
cmd = msg["data"]
fe.log(f"running {cmd}")
fe.notify(
json.dumps({
"cmd": "rekall_running",
"data": time.time()
}))
stime = time.time()
output = subprocess.check_output(cmd.split())
ttime = time.time() - stime
fe.log(f"REKALL OUTPUT: {output}")
fe.log(f"got {len(output)}B output, sending to BE")
fe.log(f"time elapsed {ttime}")
fe.notify(
json.dumps({
"cmd": "rekall_done",
"data": output.decode()
}))
# fe.notify(json.dumps({'cmd': 'waiting', 'data': time.time()}))
fe.log("BE CALLBACK done")
def commit_creds_callback(self, ctx):
fe.log(f"commit_creds: {ctx}")
fe.notify(json.dumps({"cmd": "commit_creds", "data": ctx._asdict()}))