def import_upxfile(fname, parent_oid=None): """ Given a file try to upx unpack it and import the extracted file, return the an oid list and a newfiles list. If parent_oid is passed tag the parent and the children. """ newfiles = [] if not is_upx(fname): return [], newfiles unpackcmd = "upx -d " + fname + " -qqq" if int(subprocess.os.system(unpackcmd)) != 0: print " - Not able to decompress file %s" % fname return [], newfiles unpacked_oid, newfile = api.import_file(fname) if not unpacked_oid: print " - Not able to import file %s" % fname return [], newfiles if newfile: newfiles.append(unpacked_oid) if parent_oid: tag_append(unpacked_oid, "upx_unpacked", parent_oid) tag_append(parent_oid, "upx_packed", unpacked_oid) return [unpacked_oid], newfiles
def extract_osx(args, opts): """ Imports objects from an OSX Universal Binary Syntax: """ valid, invalid = api.valid_oids(args) if not valid: raise ShellSyntaxError("No valid oids found") args = api.expand_oids(valid) for oid in args: meta = api.retrieve("file_meta", oid) name = meta["names"].pop() src_type = api.retrieve("src_type", oid) if src_type["type"] != "OSX Universal Binary": print " - %s (%s) is not an OSX Universal binary file, skipping" % (name, oid) continue data = api.retrieve("files", oid)["data"] if not data: print " - No data for this file %s (%s) " % (name, oid) continue oh = api.retrieve("object_header", oid) num = oh["header"].num_embedded print " - Found %s files embedded in file %s (%s)" % (num, name, oid) oids = [] newfiles = 0 for f in oh["header"].embedded: beg = f.header_offset end = f.file_end print " + Extracting bytes %s:%s of file type %s" % (beg, end, f.machine) fname = name + "_" + f.machine fpath = os.path.join(api.scratch_dir, fname) print " + Writing temp file to %s" % (fpath) fd = file(fpath, 'wb') fd.write(data[beg:end]) fd.close() print " + Importing file %s" % (fpath) oid, newfile = api.import_file(fpath) oids.append(oid) if newfile: newfiles += 1 print " + Removing temp file from the scratch directory" os.remove(fpath) print print " - Extracted and imported %s files, %s were new" % (len(oids), newfiles) # Return a list of the oids corresponding to the files extracted return oids
def import_tarfile(fname, parent_oid=None): """ Given a file try to untar it and import the extracted files, return the an oid list and a newfiles list. If parent_oid is passed tag the parent and the children. """ oids = [] newfiles = [] import api if not tarfile.is_tarfile(fname): return oids, newfiles tf = tarfile.open(fname) for t in tf.getmembers(): if not t.isfile(): # Skip dirs and links continue tar_out = os.path.join(api.scratch_dir, t.name) try: tf.extract(member=t, path=api.scratch_dir) except: print " - Not able to extract file %s from tarfile %s" % (f, fname) continue oid, newfile = api.import_file(tar_out) if not oid: print " - Not able to import file %s" % fname os.remove(tar_out) continue if newfile: newfiles.append(oid) if parent_oid: tag_append(oid, "untarred", [parent_oid]) os.remove(tar_out) oids.append(oid) if parent_oid and oids: tag_append(parent_oid, "tarred", oids) return oids, newfiles
def import_zipfile(fname, parent_oid=None): """ Given a file try to unzip it and import the extracted files, return the an oid list and a newfiles list. If parent_oid is passed tag the parent and the children. """ oids = [] newfiles = [] if not zipfile.is_zipfile(fname): return oids, newfiles zf = zipfile.ZipFile(fname) for f in zf.namelist(): try: zip_out = zf.read(f) except: print " - Not able to extract file %s from zipfile %s" % (f, fname) continue zout_tmp = tmp_file(f, zip_out) if not zout_tmp: continue oid, newfile = api.import_file(zout_tmp) if not oid: print " - Not able to import file %s" % fname os.remove(zout_tmp) continue if newfile: newfiles.append(oid) if parent_oid: tag_append(oid, "unzipped", [parent_oid]) os.remove(zout_tmp) oids.append(oid) if parent_oid and oids: tag_append(parent_oid, "zipped", oids) return oids, newfiles