Exemplo n.º 1
0
def parseInfo(rawData,noOfPartition):	
	# 1MB = 1024 * 1024 B
	CalFormula = 1048576
	# MBR
	maxPartitionMBR = 4
	#	         0   1   2   3   4   5   6   7   8	 9   10  11  12  13  14  15
	partion = [[446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461],
			   [462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477],
			   [478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493],
			   [494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509],]
	for x in range(maxPartitionMBR):
		try:
			if ((rawData[partion[x][0]] == "00" or rawData[partion[x][0]] == "80") and (rawData[partion[x][1]] != "00" 
				or rawData[partion[x][2]] != "00" or rawData[partion[x][3]] !="00") and rawData[partion[x][4]] != "00"):
				print ("")
				print ("---------------------------  " + str(x + 1) + "st Partition found   ---------------------------")
				# The reference from https://github.com/shubham0d/MBR-extractor
				partitionTypes = partitionID.partitionIdList(rawData[partion[x][4]])
				partitionStartSector = int(rawData[partion[x][11]] + rawData[partion[x][10]] + rawData[partion[x][9]] + rawData[partion[x][8]], 16)
				partitionEndSector = int(rawData[partion[x][15]] + rawData[partion[x][14]] + rawData[partion[x][13]] + rawData[partion[x][12]], 16)
				print ("Partition type:       "+ partitionTypes)
				print ("")
				noOfSectors = int(rawData[partion[x][15]] + rawData[partion[x][14]] + rawData[partion[x][13]] + rawData[partion[x][12]], 16)
				totalSizeInByte = ((partitionStartSector+noOfSectors) * 512)-(partitionStartSector * 512)
				print ("Total partition size:					     "+ str(totalSizeInByte/CalFormula) + " MB")
				## call the function if the current partition type is FAT32
				if (rawData[partion[x][4]] == "0b" or rawData[partion[x][4]] == "0c"):
					FAT32Ana(saveData((partitionStartSector*512),512,noOfPartition),x+1)
				if (rawData[partion[x][4]] == "07"):
					NTFSAna(saveData((partitionStartSector*512),512,noOfPartition),x+1)
		except:
			pass
Exemplo n.º 2
0
def parseInfo(rawData):	
	# 1MB = 1024 * 1024 B
	CalFormula = 1048576
	maxPartition = 4	
	#	         0   1   2   3   4   5   6   7   8	 9   10  11  12  13  14  15
	partion = [[446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461],
			   [462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477],
			   [478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493],
			   [494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509],]
	for x in range(maxPartition):
		if ((rawData[partion[x][0]] == "00" or rawData[partion[x][0]] == "80") and (rawData[partion[x][1]] != "00" 
			or rawData[partion[x][2]] != "00" or rawData[partion[x][3]] !="00") and rawData[partion[x][4]] != "00"):
			print ("---------------------------" + str(x + 1) + "st Partition found---------------------------")
			# The reference from https://github.com/shubham0d/MBR-extractor
			partitionTypes = partitionID.partitionIdList(rawData[partion[x][4]])
			partitionStartSector = int(rawData[partion[x][11]] + rawData[partion[x][10]] + rawData[partion[x][9]] + rawData[partion[x][8]], 16)
			partitionEndSector = int(rawData[partion[x][15]] + rawData[partion[x][14]] + rawData[partion[x][13]] + rawData[partion[x][12]], 16)
			# call the function to save the current partition data to a new file
			saveData((partitionStartSector*512),(partitionEndSector*512),flag_ptt,str(x+1))
			# call the function to hash the current partition
			hashPartition(str(x+1))			
			print ("Partition type:       "+ partitionTypes)
			noOfSectors = int(rawData[partion[x][15]] + rawData[partion[x][14]] + rawData[partion[x][13]] + rawData[partion[x][12]], 16)
			totalSizeInByte = ((partitionStartSector+noOfSectors) * 512)-(partitionStartSector * 512)
			print ("Total partition size: "+ str(totalSizeInByte/CalFormula) + " MB")
			# call the function if the current partition type is FAT32
			if (rawData[partion[x][4]] == "0b"):
				FAT32Ana(extractMBR(currentFileName + "." + flag_ptt + str(x+1)),str(x+1))
			if (rawData[partion[x][4]] == "07"):
				NTFSAna(extractMBR(currentFileName + "." + flag_ptt + str(x+1)),str(x+1))
		else:
			print("-----------------------No Partition found on disk-----------------------")
Exemplo n.º 3
0
def parseInfo(rawData):
	if (checkSignature(rawData) != True):
		exit

	print ("Parsing info....")
	print ("------------------------")
	print ("Disk Signature:" +rawData[443] + rawData[442] + rawData[441] +rawData[440])

	print("Possible MBR scheme", end=':')
	if (rawData[218] == "00" and rawData[219] == "00"):
		print(" Modern standard MBR found.")
	elif (rawData[428] == "78" and rawData[429] == "56"):
		print (" Advanced Active Partitions (AAP) MBR found")
	elif (rawData[0] == "eb" and rawData[2] == "4e" and rawData[3] == "45" and rawData[4] == "57" and rawData[6] == "4c" and raw_input[7] == "44" and rawData[8] == "52"):
		print (" NEWLDR MBR found.")
	elif (rawData[380] == "5a" and rawData[381] == "a5"):
		print (" MS-DOS MBR found.")
	elif (rawData[252] == "aa" and rawData[253] == "55"):
		print (" Disk Manager MBR")
	else:
		print (" Generic MBR found")

	# Parsing Partition info for 1st partition
	if ((rawData[446] == "00" or rawData[446] == "80") and (rawData[447] != "00" or rawData[448] != "00" or rawData[449] !="00") and rawData[450] != "00"):
		print ("---------------------------1st Partition found---------------------------")
		partitionTypes = partitionID.partitionIdList(rawData[450])
		print ("Possible partition type: "+ partitionTypes)
		# size and sector calculator
		# 454 to 457 are starting lsb, 458 to 461 are sectors number
		lsbStringInHex = rawData[457]+rawData[456]+rawData[455]+rawData[454]
		startingSector = int(lsbStringInHex, 16)
		print("Starting sector: "+str(startingSector)+" ("+str(int(startingSector)*512)+" bytes)")
		noOfSectorsinHex = rawData[461]+rawData[460]+rawData[459]+rawData[458]
		noOfSectors = int(noOfSectorsinHex, 16)
		print ("Last sector: "+str(startingSector+noOfSectors-1)+" ("+str((startingSector+noOfSectors)*512)+" bytes)")
		totalSizeInByte = ((startingSector+noOfSectors)*512)-(startingSector*512)
		print ("Total size: "+str(totalSizeInByte/10**6)+"MB")
	else:
		print("-----------------------No Partition found on disk-----------------------")
	#Parsing Partition info for 2nd partition
	if ((rawData[462] == "00" or rawData[462] == "80") and (rawData[463] != "00" or rawData[464] !="00" or rawData[465] != "00") and rawData[466] != "00"):
		print ("---------------------------2nd Partition found---------------------------")
		partitionTypes = partitionID.partitionIdList(rawData[466])
		print ("Possible partition type: "+ partitionTypes)
		# 470 to 473 are starting lsb,474 to 477 are sector number
		lsbStringInHex = rawData[473]+rawData[472]+rawData[471]+rawData[470]
		startingSector = int(lsbStringInHex, 16)
		print("Starting sector: "+str(startingSector)+" ("+str(int(startingSector)*512)+" bytes)")
		noOfSectorsinHex = rawData[477]+rawData[476]+rawData[475]+rawData[474]
		noOfSectors = int(noOfSectorsinHex, 16)
		print ("Last sector: "+str(startingSector+noOfSectors-1)+" ("+str((startingSector+noOfSectors)*512)+" bytes)")
		totalSizeInByte = ((startingSector+noOfSectors)*512)-(startingSector*512)
		print ("Total size: "+str(totalSizeInByte/10**6)+"MB")
	else:
		print("-----------------------End partition list-----------------------")
		return
	#Parsing Partition info for 3rd partition
	if ((rawData[478] == "00" or rawData[478] == "80") and (rawData[479] != "00" or rawData[480] !="00" or rawData[481] != "00") and rawData[482] != "00"):
		print ("---------------------------3rd Partition found---------------------------")
		partitionTypes = partitionID.partitionIdList(rawData[482])
		print ("Possible partition type: "+ partitionTypes)
		# 486 to 489 are starting lsb, 490 to 493 are sector number
		lsbStringInHex = rawData[489]+rawData[488]+rawData[487]+rawData[486]
		startingSector = int(lsbStringInHex, 16)
		print("Starting sector: "+str(startingSector)+" ("+str(int(startingSector)*512)+" bytes)")
		noOfSectorsinHex = rawData[493]+rawData[492]+rawData[491]+rawData[490]
		noOfSectors = int(noOfSectorsinHex, 16)
		print ("Last sector: "+str(startingSector+noOfSectors-1)+" ("+str((startingSector+noOfSectors)*512)+" bytes)")
		totalSizeInByte = ((startingSector+noOfSectors)*512)-(startingSector*512)
		print ("Total size: "+str(totalSizeInByte/10**6)+"MB")
	else:
		print("-----------------------End partition list-----------------------")
		return
	#Parsing Partition info for 4th partition
	if ((rawData[494] == "00" or rawData[494] == "80") and (rawData[495] != "00" or rawData[496] !="00" or rawData[497] != "00") and rawData[498] != "00"):
		print ("---------------------------4th Partition found---------------------------")
		partitionTypes = partitionID.partitionIdList(rawData[498])
		print ("Possible partition type: "+ partitionTypes)
		# 502 to 505 are starting lsb, 506 to 509 are sector number
		lsbStringInHex = rawData[505]+rawData[504]+rawData[503]+rawData[502]
		startingSector = int(lsbStringInHex, 16)
		print("Starting sector: "+str(startingSector)+" ("+str(int(startingSector)*512)+" bytes)")
		noOfSectorsinHex = rawData[509]+rawData[508]+rawData[507]+rawData[506]
		noOfSectors = int(noOfSectorsinHex, 16)
		print ("Last sector: "+str(startingSector+noOfSectors-1)+" ("+str((startingSector+noOfSectors)*512)+" bytes)")
		totalSizeInByte = ((startingSector+noOfSectors)*512)-(startingSector*512)
		print ("Total size: "+str(totalSizeInByte/10**6)+"MB")
	else:
		print("-----------------------End partition list-----------------------")
		return