示例#1
0
    def timer_callback(self, ctx):
        if not self.one_way:
            fe.log('hi')
            fe.notify(json.dumps({'cmd': 'hi', 'data': time.time()}))
            self.one_way = True
        elif not self.two_way:
            fe.log('waiting')
            fe.notify(json.dumps({'cmd': 'waiting', 'data': time.time()}))

        self.ticks += 1
示例#2
0
    def timer_callback(self, ctx):
        if not self.one_way:
            fe.log("hi")
            fe.notify(json.dumps({"cmd": "hi", "data": time.time()}))
            self.one_way = True
        elif not self.two_way:
            fe.log("waiting")
            fe.notify(json.dumps({"cmd": "waiting", "data": time.time()}))

        self.ticks += 1
示例#3
0
    def be_callback(self, ctx):
        fe.log(f'BE CALLBACK: {ctx}')
        self.two_way = True

        # msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
        # ALL ASYNC
        # FE: hi, waiting, memdump_running, memdump_done, error
        # BE: memdump_cmd: go, stop
        msg = json.loads(ctx.message)
        fe.log(f'JSON message: {msg}')

        if msg['cmd'] == 'memdump_cmd' and msg['data'] == 'go':
            if self.did >= 0:
                fe.log(f'error, dump already in procress (eid={self.did})')
                fe.notify(
                    json.dumps({
                        'cmd': 'error',
                        'data': 'memdump already running'
                    }))
            else:
                fe.log(f'running memdump')
                fe.notify(
                    json.dumps({
                        'cmd': 'memdump_running',
                        'data': time.time()
                    }))
                self.did = fe.event_register({
                    'event_type': fe.TIMER,
                    'time_value': 0.0,
                    'callback': self.memdump_callback
                })
                fe.log(f'registered new event {self.did}')

        elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'stop':
            if self.did >= 0:
                fe.event_clear(self.did)
                self.did = -1
                fe.log(f'canceled dump')
            else:
                fe.log(f'error, no dump in procress (eid={self.did})')

        elif msg['cmd'] == 'memdump_cmd' and msg['data'] == 'exit':
            fe.log('was commanded to exit...')
            fe.exit()

        fe.log('BE CALLBACK done')
示例#4
0
    def memdump_callback(self, ctx):
        fe.log(
            f'memdump_callback: coff={self.offset}, cttl={self.ttl}, memsize={self.memsize}'
        )

        if self.ttl > 0:
            self.ttl -= 1

            read_size = 0
            batch_size = 0
            chunk_arr = []
            while batch_size < self.bound:
                try:
                    mem = self.memdump()
                except IndexError as e:
                    fe.log(f'caught {e}, all done!')
                    self.ttl = 0
                    break
                else:
                    zmem = self.zco.compress(mem)
                    batch_size += len(zmem)
                    chunk_arr.append(binascii.b2a_base64(zmem).decode())
                    fe.log(f'batch {batch_size} {len(mem)} -> {len(zmem)}')

            #res = self.memdump()
            #res_utf = binascii.b2a_base64(res).decode()
            fe.log(
                f'sending {self.ticks}:{batch_size} B to BE, "{chunk_arr[0][0:16]}"'
            )
            fe.notify(
                json.dumps({
                    'cmd': 'memdump',
                    'data': chunk_arr,
                    'ix': self.ticks,
                }))  #'hash': hashlib.sha256(res).hexdigest()}))
            # TODO: for benchmarking, we do not send a hash to the be
        else:
            fe.log('ttl < 1, clearing memdump callback timer')
            fe.event_clear(self.did)
            fe.notify(json.dumps({'cmd': 'memdump_done', 'data': time.time()}))
            self.did = -1

        self.ticks += 1
示例#5
0
    def be_callback(self, ctx):
        fe.log(f"BE CALLBACK: {ctx}")
        self.two_way = True

        # msg format: {'cmd': 'foo', 'data': 'bar', 'ix': dump_order, 'hash': hash}
        # ALL ASYNC
        # FE: hi, waiting, memdump_running, memdump_done, error
        # BE: memdump_cmd: go, stop
        msg = json.loads(ctx.message)
        fe.log(f"JSON message: {msg}")

        if msg["cmd"] == "memdump_cmd" and msg["data"] == "go":
            if self.did >= 0:
                fe.log(f"error, dump already in procress (eid={self.did})")
                fe.notify(
                    json.dumps({"cmd": "error", "data": "memdump already running"})
                )
            else:
                fe.log(f"running memdump")
                fe.notify(json.dumps({"cmd": "memdump_running", "data": time.time()}))
                self.did = fe.event_register(
                    {
                        "event_type": fe.TIMER,
                        "time_value": 0.0,
                        "callback": self.memdump_callback,
                    }
                )
                fe.log(f"registered new event {self.did}")

        elif msg["cmd"] == "memdump_cmd" and msg["data"] == "stop":
            if self.did >= 0:
                fe.event_clear(self.did)
                self.did = -1
                fe.log(f"canceled dump")
            else:
                fe.log(f"error, no dump in procress (eid={self.did})")

        elif msg["cmd"] == "memdump_cmd" and msg["data"] == "exit":
            fe.log("was commanded to exit...")
            fe.exit()

        fe.log("BE CALLBACK done")
示例#6
0
    def be_callback(self, ctx):
        fe.log(f"BE CALLBACK: {ctx}")
        self.two_way = True

        # msg format: {'cmd': 'foo', 'data': 'bar'}
        # ALL ASYNC
        # FE: hi, waiting, rekall_running, rekall_done
        # BE: rekall_cmd
        msg = json.loads(ctx.message)
        fe.log(f"JSON message: {msg}")

        if msg["cmd"] == "rekall_cmd":
            # cmd = '/opt/rekall/bin/rekal -p /opt/kernels/rekall/win7ie11.rekall.json -vf /home/furnace pslist'
            cmd = msg["data"]
            fe.log(f"running {cmd}")

            fe.notify(
                json.dumps({
                    "cmd": "rekall_running",
                    "data": time.time()
                }))
            stime = time.time()
            output = subprocess.check_output(cmd.split())
            ttime = time.time() - stime

            fe.log(f"REKALL OUTPUT: {output}")
            fe.log(f"got {len(output)}B output, sending to BE")
            fe.log(f"time elapsed {ttime}")
            fe.notify(
                json.dumps({
                    "cmd": "rekall_done",
                    "data": output.decode()
                }))
            # fe.notify(json.dumps({'cmd': 'waiting', 'data': time.time()}))

        fe.log("BE CALLBACK done")
示例#7
0
 def commit_creds_callback(self, ctx):
     fe.log(f"commit_creds: {ctx}")
     fe.notify(json.dumps({"cmd": "commit_creds", "data": ctx._asdict()}))