def dump(self): print self._header print "" if self._text: print "Text:" hexdump(self._text) print "" if self._data: print "Data:" hexdump(self._data) print "" print "Symbols:" for symbol in self._symbols: print " ", symbol.as_string(self._strings) print "" if self._text_relocs: print "Text relocations:" for reloc in self._text_relocs: print " ", reloc.as_string(self._strings) print "" if self._data_relocs: print "Data relocations:" for reloc in self._text_relocs: print " ", reloc.as_string(self._strings) print ""
def ReadFile(path): with HunkFile(path) as hf: hunks = [] units = 0 while not hf.eof(): with hf.rollback(): hunkId = hf.readLong() type_ = Hunk.getType(hunkId) if type_ is 'HUNK_HEADER': hf.type = 'executable' if type_ is 'HUNK_UNIT': units += 1 if units > 1: hf.type = 'library' hunk = HunkClassMap.get(type_, None) if not hunk: raise NotImplementedError('%s not handled.' % type_) try: hunks.append(hunk.parse(hf)) except ValueError: log.error('Parse error at position 0x%x.', hf.tell()) util.hexdump(hf.read()) return hunks
def dump(self): print self._header print '' if self._text: print 'Text:' hexdump(self._text) print '' if self._data: print 'Data:' hexdump(self._data) print '' print 'Symbols:' for symbol in self._symbols: print ' ', symbol.as_string(self._strings) print '' if self._text_relocs: print 'Text relocations:' for reloc in self._text_relocs: print ' ', reloc.as_string(self._strings) print '' if self._data_relocs: print 'Data relocations:' for reloc in self._text_relocs: print ' ', reloc.as_string(self._strings) print ''
def writeFile(self, f, decrypted_chunks): path = os.path.join(self.outputFolder, re.sub(r'[:|*<>?"]', "_", f.RelativePath)) print path makedirs(os.path.dirname(path)) ff = open(path, "wb") h = hashlib.sha1() for i in xrange(len(decrypted_chunks)): d = decrypted_chunks[i] h.update(d) ff.write(d) ff.close() if f.Attributes.EncryptionKey: EncryptionKey = f.Attributes.EncryptionKey #ProtectionClass = f.Attributes.ProtectionClass hexdump(EncryptionKey) ProtectionClass = struct.unpack(">L", EncryptionKey[0x18:0x1C])[0] assert ProtectionClass == f.Attributes.ProtectionClass #EncryptionKeyVersion=2 => starts with keybag uuid if f.Attributes.EncryptionKeyVersion and f.Attributes.EncryptionKeyVersion == 2: assert self.kb.uuid == EncryptionKey[:0x10] keyLength = struct.unpack(">L", EncryptionKey[0x20:0x24])[0] assert keyLength == 0x48 wrapped_key = EncryptionKey[0x24:] else: #XXX old format ios 5 backup wrapped_key = EncryptionKey[0x1C:] print "ProtectionClass= %d" % ProtectionClass filekey = self.kb.unwrapCurve25519(ProtectionClass, wrapped_key) if not filekey: print "Failed to unwrap file key for file %s !!!" % f.RelativePath else: print "filekey", filekey.encode("hex") self.decryptProtectedFile(path, filekey, f.Attributes.DecryptedSize)
def writeFile(self, f, decrypted_chunks): path = os.path.join(self.outputFolder, re.sub(r'[:|*<>?"]', "_", f.RelativePath)) print path makedirs(os.path.dirname(path)) ff = open(path, "wb") h = hashlib.sha1() for i in xrange(len(decrypted_chunks)): d = decrypted_chunks[i] h.update(d) ff.write(d) ff.close() if f.Attributes.EncryptionKey: EncryptionKey = f.Attributes.EncryptionKey #ProtectionClass = f.Attributes.ProtectionClass hexdump(EncryptionKey) ProtectionClass = struct.unpack(">L", EncryptionKey[0x18:0x1C])[0] assert ProtectionClass == f.Attributes.ProtectionClass #EncryptionKeyVersion=2 => starts with keybag uuid if f.Attributes.EncryptionKeyVersion and f.Attributes.EncryptionKeyVersion == 2: assert self.kb.uuid == EncryptionKey[:0x10] keyLength = struct.unpack(">L", EncryptionKey[0x20:0x24])[0] assert keyLength == 0x48 wrapped_key = EncryptionKey[0x24:] else:#XXX old format ios 5 backup wrapped_key = EncryptionKey[0x1C:] print "ProtectionClass= %d" % ProtectionClass filekey = self.kb.unwrapCurve25519(ProtectionClass, wrapped_key) if not filekey: print "Failed to unwrap file key for file %s !!!" % f.RelativePath else: print "filekey",filekey.encode("hex") self.decryptProtectedFile(path, filekey, f.Attributes.DecryptedSize)
def validate_readv(expecteds, actual, msg): if expecteds is None: return if type(actual) is int: return validate_readiv(expecteds, actual, msg) if actual not in expecteds: print 'Failed %s' % msg for expected in expecteds: if do_str2hex: print ' Expected; %d' % (len(expected), ) print str2hex(expected, prefix=' ') else: print ' Expected: %d %s' % (len(expected), binascii.hexlify(expected)) if do_hexdump: hexdump(expected, indent=' ') if do_str2hex: print ' Actual; %d' % (len(actual), ) print str2hex(actual, prefix=' ') else: print ' Actual: %d %s' % (len(actual), binascii.hexlify(actual)) if do_hexdump: hexdump(actual, indent=' ') if do_exception: raise Exception('failed validate: %s' % msg)
def validate_readv(expecteds, actual, msg): if expecteds is None: return if type(actual) is int: return validate_readiv(expecteds, actual, msg) if actual not in expecteds: print 'Failed %s' % msg for expected in expecteds: if do_str2hex: print ' Expected; %d' % (len(expected),) print str2hex(expected, prefix=' ') else: print ' Expected: %d %s' % (len(expected), binascii.hexlify(expected)) if do_hexdump: hexdump(expected, indent=' ') if do_str2hex: print ' Actual; %d' % (len(actual),) print str2hex(actual, prefix=' ') else: print ' Actual: %d %s' % (len(actual), binascii.hexlify(actual)) if do_hexdump: hexdump(actual, indent=' ') if do_exception: raise Exception('failed validate: %s' % msg)
def _recv_cmd(self, c, noprint=False): msg = c.read_device(0x140) pos = 0x0 cursize = 0x20 msgauth = msg[pos:pos + cursize] pos += cursize if msgauth != nxsm_auth: raise Exception("TransportCmd: Recv-msg auth is invalid.") cursize = 0x4 magic = struct.unpack('<I', msg[pos:pos + cursize])[0] pos += cursize if magic != 0x4d53584e: raise Exception( "TransportCmd: Recv-msg magic is invalid: 0x%08x." % magic) cursize = 0x4 version = struct.unpack('<I', msg[pos:pos + cursize])[0] pos += cursize if version != 1: raise Exception( "TransportCmd: Recv-msg version is invalid: 0x%08x." % version) cursize = 0x4 raw_data_size = struct.unpack('<I', msg[pos:pos + cursize])[0] pos += cursize if raw_data_size >= (0x100 >> 2): raise Exception( "TransportCmd: Recv-msg raw_data_size is too large: 0x%x." % raw_data_size) cursize = 0x4 tmp_types = struct.unpack('<BBBB', msg[pos:pos + cursize]) pos += cursize cursize = 0x10 tmp_sizes = struct.unpack('<IIII', msg[pos:pos + cursize]) pos += cursize for i in range(4): if i < len(self.buffer_types): self.buffer_types[i] = tmp_types[i] self.buffer_sizes[i] = tmp_sizes[i] cursize = raw_data_size << 2 self.rawdata = msg[pos:pos + cursize] pos += cursize if not noprint: print "Raw msg reply:" print hexdump(msg) print "Rawdata payload:" print hexdump(self.rawdata[0x4:]) print "Retval: 0x%x" % self.recv_ret self.recv_ret = struct.unpack('<I', self.rawdata[0x0:0x0 + 0x4])[0] for i in range(4): if i < len(self.buffer_types): self.buffers[i] = '' if self.buffer_types[i] == 1: # To host self.buffers[i] = c.read_device(self.buffer_sizes[i])
def read(self, addr, length): """Read data from RAM.""" self._checkConnected() addr = int(addr, 16) length = int(length, 16) data = self.client.read(addr, length) self.client.conn.send(b"\xAA") # ACK hexdump(data, addr)
def dump(self): print '{0} (format: {1!r})'.format(self.type, self.fmt) if self.fmt is 'GNU': for symbol in self.data[0]: print ' ', symbol.as_string(self.data[1]) else: util.hexdump(self.data)
def do_xxd(self, p): t = p.split() path = self.get_path(t[0]) data = self.volume.readFile(path, returnString=True) if not data: return if len(t) > 1: hexdump(data[:int(t[1])]) else: hexdump(data)
def do_xxd(self, p): t = p.split() path = self.get_path(t[0]) data = self.volume.readFile(path, returnString=True) if not data: return if len(t) > 1: hexdump(data[:int(t[1])]) else: hexdump(data[:0x200]) if len(data) > 0x200: print "Output truncated to %d bytes" % 0x200
def do_hexdump(self, p): t = p.split(" ") l = 0 if len(t) < 1: return if len(t) == 2: l = int(t[1]) z = self.afc.get_file_contents(self.curdir + "/" + t[0]) if not z: return if l: z = z[:l] hexdump(z)
def watch(self, addr, length): """Read data from RAM until stopped.""" self._checkConnected() addr = int(addr, 16) length = int(length, 16) try: while True: data = self.client.read(addr, length) print("\x1B[2J\x1B[H", end='') # clear; cursor to 1,1 hexdump(data, addr) self.client.conn.send(b"\xAA") # ACK; BB=retry, CC=cancel time.sleep(0.01) except KeyboardInterrupt: self.client.conn.send(b"\xAA")
def dumpCurrentUser(buf): rVer, rInst, rType, rLen = getHdr(buf[:8]) printHdr(rVer, rInst, rType, rLen, 1, 1, 0) ( size, headerToken, offsetToCurrentEdit, lenUserName, docFileVersion, majorVersion, minorVersion, unused, ) = struct.unpack("IIIHHBBH", buf[8:28]) ansiUserName = buf[28 : 28 + lenUserName] relVersion = struct.unpack("I", buf[28 + lenUserName : 28 + lenUserName + 4])[0] uniUserName = buf[28 + lenUserName + 4 :] print ( "\tDWORD size %#x (%d)\n\tDWORD headerToken %#x (%d)\n" "\tDWORD offsetToCurrentEdit %#x (%d)\n\tWORD lenUserName %#x (%d)\n" "\tWORD docFileVersion %#x (%d)\n\tBYTE majorVersion %#x (%d)\n" "\tBYTE minorVersion %#x (%d)\n\tWORD unused %#x (%d)\n" "\tASCIIZ AnsiUserName '%s'\n\tDWORD relVersion %#x (%d)\n" "\tUNICODE uniUserName:\n" % ( size, size, headerToken, headerToken, offsetToCurrentEdit, offsetToCurrentEdit, lenUserName, lenUserName, docFileVersion, docFileVersion, majorVersion, majorVersion, minorVersion, minorVersion, unused, unused, ansiUserName, relVersion, relVersion, ) ) print hexdump(uniUserName, indent=12)
def dumpPPD(buf, maxLen, depth, count_offset, recList=None): nRead = 0 while nRead < maxLen: #read the header, check for atom/container rVer, rInst, rType, rLen = getHdr(buf[nRead:nRead + PPT_HDR_LEN]) nRead += PPT_HDR_LEN if (rVer & 0xf) == 0xf: isAtom = False prefix = "["*depth + "Container" else: isAtom = True prefix = "{"*depth + "Atom" #try to look up record description try: rDesc = recDict[rType] rName = rDesc[0] except KeyError: rDesc = None rName = "!!!Unknown" #pretty print the header print "%s(%d) %s (%#x, %d) size %#x (%d), instance %#x version %#x [offset %#x (%d)]" % \ (prefix, count_offset[REC_COUNT], rName, rType, rType, rLen, rLen, rInst, rVer, count_offset[REC_OFFSET], count_offset[REC_OFFSET]) #update ghetoo reference parameters, record count and total offset count_offset[REC_COUNT] += 1 count_offset[REC_OFFSET] += PPT_HDR_LEN if not isAtom: nRead += dumpPPD(buf[nRead:maxLen], min(maxLen - nRead, rLen), depth + 1, count_offset, recList) print "]"*depth, "End container %s" % rName else: #only save atoms if recList is not None: recList.append((rType, buf[nRead:nRead+(min(rLen, maxLen - nRead))])) if rDesc: printAtom(buf[nRead:nRead+(min(rLen, maxLen - nRead))], rLen, rDesc) #look for a manual rec printer try: handler = customPrinters[rType] handler(buf[nRead:nRead+(min(rLen, maxLen - nRead))]) except KeyError: pass else: print("No descriptor, dumping:\n", hexdump(buf[nRead+PPT_HDR_LEN:nRead+PPT_HDR_LEN+rLen], indent=8)) nRead += rLen count_offset[REC_OFFSET] += rLen return nRead
def decode_nsec3_rdata(pkt, offset, rdlen): b32_to_ext_hex = bytes.maketrans(b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', b'0123456789ABCDEFGHIJKLMNOPQRSTUV') end_rdata = offset + rdlen hashalg, flags, iterations, saltlen = struct.unpack( '!BBHB', pkt[offset:offset + 5]) salt = hexdump(pkt[offset + 5:offset + 5 + saltlen]) offset += (5 + saltlen) hashlen, = struct.unpack('!B', pkt[offset:offset + 1]) offset += 1 hashed_next_owner = base64.b32encode(pkt[offset:offset + hashlen]) hashed_next_owner = hashed_next_owner.translate(b32_to_ext_hex).decode() offset += hashlen type_bitmap = pkt[offset:end_rdata] p = type_bitmap rrtypelist = [] while p: windownum, winlen = struct.unpack('BB', p[0:2]) bitmap = p[2:2 + winlen] rrtypelist += decode_typebitmap(windownum, bitmap) p = p[2 + winlen:] rrtypes = ' '.join(rrtypelist) result = "%d %d %d %s %s %s" % \ (hashalg, flags, iterations, salt, hashed_next_owner, rrtypes) return result
def __str__(self): s = 'Section ' + self.name + '\n' s += '---\n' s += 'Type: ' + self.type + '\n' s += 'Flags: ' + self.flags + '\n' padding = 8 if self._class == 'ELF32' else 16 s += 'Offset: ' + '0x{num:0{width}x}'.format(num=self.offset, width=padding) + '\n' s += 'Content:\n' + hexdump(self.content, self.offset) + '\n' return s
def dump_loop(dev, req, max_read, dump_addr, dump_len, do_hexdump=True): bin = '' to_dump = dump_len addr_cur = dump_addr while to_dump > 0: l_this = max(to_dump, to_dump - max_read) l_this = min(l_this, max_read) print print 'Addr 0x%04X, len 0x%04X' % (addr_cur, l_this) res = dev.controlRead(0xC0, 0xB0, req, addr_cur, l_this, timeout=1000) bin += res if do_hexdump: hexdump(res) if len(res) != l_this: print "WARNING: wanted 0x%04X bytes but got 0x%04X" % (dump_len, len(res),) to_dump -= l_this addr_cur += l_this return bin
def msoDrawPrinter(data, dLen, depth=2): off = 0 while off <= dLen - 8: try: vif, l = struct.unpack("<LL", data[off:off+8]) except struct.error: return ver = vif & 0xf inst = (vif & 0xfff0) >> 4 fbt = (vif & 0xffff0000) >> 16 try: desc = msoDrawTypeMap[fbt] print(" "*(depth*4) + "Subtype %s [%#x (%d)] ver %#x inst %#x offset %#x, len %#x (%d) (%s)" % (desc[0], fbt, fbt, ver, inst, off, l, l, desc[1])) if ver == 0xf: msoDrawPrinter(data[off+8:off+8+l], l, depth + 1) else: #CONTINUE records can make the actual length of the property span across #multiple records, which we don't currently support, so we chop it at what #we have left in the current record lenLeft = min(l, dLen - off - 8) if lenLeft != l: print "!!Warning, data chopped short, wanted %d, got %d, CONTINUE rec?" % \ (l, lenLeft) #print out sub-record data with custom printer if available if desc[2]: if isinstance(desc[2], list): printFmt(data[off+8:off+8+lenLeft], lenLeft, desc[2][0], desc[2][1], depth + 1) elif callable(desc[2]): desc[2](data[off+8:off+8+lenLeft], lenLeft, inst, depth + 1) else: print hexdump(data[off+8:off+8+lenLeft], indent=(depth + 1)*4), except KeyError: print " "*(depth*4) + "obj.subtype %#x (%d) ver %#x inst %#x obj.sublen %#x (%d)" % \ (fbt, fbt, ver, inst, l, l) print hexdump(data[off+8:min(off+8+l, dLen - 8)], indent=(depth + 1)*4), off += l + 8 return -1
def optPrinter(data, dLen, propCount, depth): cProps = [] off = 0 #first we have an array of property descriptors packed together while off <= dLen - 6 and propCount > 0: try: pff, op = struct.unpack("<HL", data[off:off+6]) except struct.error: return pid = pff & 0x3fff fBid = (pff & 0x4000) >> 14 fComplex = (pff & 0x8000) >> 15 #op contains the length if fComplex: cProps.append((op, pid)) print(" "*(depth*4) + "Prop ID %#x (%d), Blip ID %#x (%d), Complex %#x, Op %#x (%#d)" % (pid, pid, fBid, fBid, fComplex, op, op)) off += 6 propCount -= 1 #dump the data for any complex properties if off < dLen: print("\n" + " "*(depth*4) + "Dumping data for %d complex props\n" % len(cProps)) for (cLen, pid) in cProps: if off + cLen > dLen: print "Warning: breaking early, not enough to print remaining props" break lenLeft = min(cLen, dLen - off) print(" "*(depth*4) + "Dumping property %#x (%d)...\n" % (pid, pid)) print hexdump(data[off:off+lenLeft], indent=(depth)*4) off += cLen
def decode_ds_rdata(pkt, offset, rdlen): keytag, alg, digesttype = struct.unpack('!HBB', pkt[offset:offset + 4]) digest = hexdump(pkt[offset + 4:offset + rdlen]) if options['DEBUG']: result = "%d %d(%s) %d(%s) %s" % \ (keytag, alg, dnssec_alg[alg], digesttype, dnssec_digest[digesttype], digest) else: result = "%d %d %d %s" % (keytag, alg, digesttype, digest) return result
def objSubPrinter(data, dLen, depth=2): off = 0 while off <= dLen - 4: t, l = struct.unpack("<HH", data[off:off+4]) try: desc = objSubTypeMap[t] print(" Subtype %s [%#x (%d)] offset %#x, len %#x (%d) (%s)" % (desc[0], t, t, off, l, l, desc[1])) lenLeft = min(l, dLen - off - 4) if desc[2]: desc[2](data[off+4:off+4+lenLeft], lenLeft, depth + 1) else: print hexdump(data[off+4:off+4+lenLeft], indent=(depth + 1)*4), except KeyError: print " obj.subtype %#x (%d) obj.sublen %#x (%d)" % (t, t, l, l) off += l + 4 return -1
def _request_device(self, command, params='', accept=[], debug=False): req = struct.pack('>BHB', self.CMD_PREFIX, 1+len(params), command) req += params req += struct.pack('>B', self._calc_checksum(req[1:])) self._port.timeout = 2 resp_h = None accept.append(command) for knock in range(4): self._drain() if debug: self.log.debug("Write:\n%s" % hexdump(req)) self._port.write(req) resp_h = self._port.read(3) if len(resp_h) < 3: continue (cmd, resp_len) = struct.unpack('>BH', resp_h) if cmd not in accept: self.log.error('Unexpected response %s' % hexdump(resp_h)) self._drain() continue break if not resp_h: raise AssertionError('No answer from device') if len(resp_h) < 3: raise AssertionError('Communication error') if debug: self.log.debug('%d bytes to receive' % resp_len) resp = self._port.read(resp_len) cksum = self._port.read(1) if debug: self.log.debug("Read:\n%s" % hexdump(resp)) self._port.timeout = 1 if not len(cksum): raise AssertionError('Communication error') rcksum = ord(cksum) dcksum = self._calc_checksum(resp_h[1:], resp) if rcksum != dcksum: raise AssertionError('Comm. error, checksum error 0x%02x/0x%02x' \ % (rcksum, dcksum)) return (resp, cmd)
def _request_device(self, command, params='', accept=[], debug=False): req = struct.pack('>BHB', self.CMD_PREFIX, 1 + len(params), command) req += params req += struct.pack('>B', self._calc_checksum(req[1:])) self._port.timeout = 2 resp_h = None accept.append(command) for knock in range(4): self._drain() if debug: self.log.debug("Write:\n%s" % hexdump(req)) self._port.write(req) resp_h = self._port.read(3) if len(resp_h) < 3: continue (cmd, resp_len) = struct.unpack('>BH', resp_h) if cmd not in accept: self.log.error('Unexpected response %s' % hexdump(resp_h)) self._drain() continue break if not resp_h: raise AssertionError('No answer from device') if len(resp_h) < 3: raise AssertionError('Communication error') if debug: self.log.debug('%d bytes to receive' % resp_len) resp = self._port.read(resp_len) cksum = self._port.read(1) if debug: self.log.debug("Read:\n%s" % hexdump(resp)) self._port.timeout = 1 if not len(cksum): raise AssertionError('Communication error') rcksum = ord(cksum) dcksum = self._calc_checksum(resp_h[1:], resp) if rcksum != dcksum: raise AssertionError('Comm. error, checksum error 0x%02x/0x%02x' \ % (rcksum, dcksum)) return (resp, cmd)
def decode_rr(pkt, offset, hexrdata): """ Decode a resource record, given DNS packet and offset""" orig_offset = offset domainname, offset = name_from_wire_message(pkt, offset) rrtype, rrclass, ttl, rdlen = \ struct.unpack("!HHIH", pkt[offset:offset+10]) offset += 10 rdata = pkt[offset:offset + rdlen] if hexrdata: rdata = hexdump(rdata) elif options["generic"]: rdata = generic_rdata_encoding(rdata, rdlen) elif rrtype == 1: # A rdata = socket.inet_ntop(socket.AF_INET, rdata) elif rrtype in [2, 5, 12, 39]: # NS, CNAME, PTR rdata, _ = name_from_wire_message(pkt, offset) # DNAME rdata = rdata.text() elif rrtype == 6: # SOA rdata = decode_soa_rdata(pkt, offset, rdlen) elif rrtype == 15: # MX mx_pref, = struct.unpack('!H', pkt[offset:offset + 2]) rdata, _ = name_from_wire_message(pkt, offset + 2) rdata = "%d %s" % (mx_pref, rdata.text()) elif rrtype in [16, 99]: # TXT, SPF rdata = decode_txt_rdata(rdata, rdlen) elif rrtype == 28: # AAAA rdata = socket.inet_ntop(socket.AF_INET6, rdata) elif rrtype == 33: # SRV rdata = decode_srv_rdata(pkt, offset) elif rrtype == 41: # OPT pass elif rrtype in [43, 59, 32769]: # [C]DS, DLV rdata = decode_ds_rdata(pkt, offset, rdlen) elif rrtype == 45: # IPSECKEY rdata = decode_ipseckey_rdata(pkt, offset, rdlen) elif rrtype in [46, 24]: # RRSIG, SIG rdata = decode_rrsig_rdata(pkt, offset, rdlen) elif rrtype == 47: # NSEC rdata = decode_nsec_rdata(pkt, offset, rdlen) elif rrtype in [48, 25, 60]: # [C]DNSKEY, KEY rdata = decode_dnskey_rdata(pkt, offset, rdlen) elif rrtype == 50: # NSEC3 rdata = decode_nsec3_rdata(pkt, offset, rdlen) elif rrtype == 51: # NSEC3PARAM rdata = decode_nsec3param_rdata(rdata) elif rrtype == 257: # CAA rdata = decode_caa_rdata(rdata) else: # use RFC 3597 rdata = generic_rdata_encoding(rdata, rdlen) offset += rdlen return (domainname, rrtype, rrclass, ttl, rdata, offset)
def tree(path): for root, dirs, files in os.walk(path): base = os.path.basename(root) idnt = ' ' * (root.replace(path, '').count(os.sep)) print('%s%s/' % (idnt, base)) for f in files: pn = os.path.join(root, f) print(' %s%s [%s]' % (idnt, f, os.stat(pn).st_size)) # dump some content of blobs if opts.dump and "objects" == base: print(util.hexdump(util.read_file(pn, 32 * 2))) print
def tree(path): for root, dirs, files in os.walk(path): base = os.path.basename(root) idnt = ' ' * (root.replace(path, '').count(os.sep)) print('%s%s/' % (idnt, base)) for f in files: pn = os.path.join(root, f) print(' %s%s [%s]' % (idnt, f, os.stat(pn).st_size)) # dump some content of blobs if opts.dump and "objects" == base: print(util.hexdump(util.read_file(pn, 32*2))) print
def dumpCurrentUser(buf): rVer, rInst, rType, rLen = getHdr(buf[:8]) printHdr(rVer, rInst, rType, rLen, 1, 1, 0) (size, headerToken, offsetToCurrentEdit, lenUserName, docFileVersion, majorVersion, minorVersion, unused) = struct.unpack("IIIHHBBH", buf[8:28]) ansiUserName = buf[28:28+lenUserName] relVersion = struct.unpack("I", buf[28+lenUserName:28+lenUserName+4])[0] uniUserName = buf[28+lenUserName+4:] print("\tDWORD size %#x (%d)\n\tDWORD headerToken %#x (%d)\n" "\tDWORD offsetToCurrentEdit %#x (%d)\n\tWORD lenUserName %#x (%d)\n" "\tWORD docFileVersion %#x (%d)\n\tBYTE majorVersion %#x (%d)\n" "\tBYTE minorVersion %#x (%d)\n\tWORD unused %#x (%d)\n" "\tASCIIZ AnsiUserName '%s'\n\tDWORD relVersion %#x (%d)\n" "\tUNICODE uniUserName:\n" % ( size, size, headerToken, headerToken, offsetToCurrentEdit, offsetToCurrentEdit, lenUserName, lenUserName, docFileVersion, docFileVersion, majorVersion, majorVersion, minorVersion, minorVersion, unused, unused, ansiUserName, relVersion, relVersion)) print hexdump(uniUserName, indent=12)
def _recv_cmd(self, c, noprint=False): msg = c.read_device(0x11c) magic = struct.unpack('<I', msg[0x0:0x0 + 0x4])[0] if magic != 0x4d53584e: raise Exception( "TransportCmd: Recv-msg magic is invalid: 0x%08x." % magic) raw_data_size = struct.unpack('<I', msg[0x4:0x4 + 0x4])[0] if raw_data_size >= (0x100 >> 2): raise Exception( "TransportCmd: Recv-msg raw_data_size is too large: 0x%x." % raw_data_size) tmp_types = struct.unpack('<BBBB', msg[0x8:0x8 + 0x4]) tmp_sizes = struct.unpack('<IIII', msg[0xc:0xc + 0x10]) for i in range(4): if i < len(self.buffer_types): self.buffer_types[i] = tmp_types[i] self.buffer_sizes[i] = tmp_sizes[i] self.rawdata = msg[0x1c:0x1c + (raw_data_size << 2)] if not noprint: print "Raw msg reply:" print hexdump(msg) print "Rawdata payload:" print hexdump(self.rawdata[0x4:]) print "Retval: 0x%x" % self.recv_ret self.recv_ret = struct.unpack('<I', self.rawdata[0x0:0x0 + 0x4])[0] for i in range(4): if i < len(self.buffer_types): self.buffers[i] = '' if self.buffer_types[i] == 1: # To host self.buffers[i] = c.read_device(self.buffer_sizes[i])
def dump(ole): # wb = ole.openstream("Workbook") buf = wb.read() wbLen = len(buf) print("*" * 80 + "\n[*]Dumping Workbook stream %#x (%d) bytes...\n") % (wbLen, wbLen) bofCount = offset = count = 0 while offset + XL_HDRLEN <= wbLen: rType, rLen = struct.unpack("<HH", buf[offset:offset + XL_HDRLEN]) nLeft = wbLen - offset - XL_HDRLEN if rLen > nLeft: print "!!Invalid record length (%#x, %d) only have %#x (%d) left" % ( rLen, rLen, nLeft, nLeft) print "!!Attempting to recover from error" #assume 0 length record and advance past type/len oOff = offset success, offset = recover(buf, wbLen, offset + XL_HDRLEN) if success: print "!!Recovered from error, skipped %#x (%d) bytes\n" % ( offset - oOff, offset - oOff) else: print "!!Couldn't recover from length error, hexdumping rest of stream" sys.stdout.write(hexdump(buf[oOff:])) return False else: if rType == 0x809: bofCount += 1 print "[ii]BOF record: current count %d" % bofCount elif rType == 0xa: bofCount -= 1 print "[ii]EOF record: current count %d" % bofCount printRec(rType, rLen, buf[offset + XL_HDRLEN:offset + XL_HDRLEN + rLen], count, offset) offset += XL_HDRLEN + rLen count += 1 return True
def dump(ole): # wb = ole.openstream("Workbook") buf = wb.read() wbLen = len(buf) print ("*"*80+ "\n[*]Dumping Workbook stream %#x (%d) bytes...\n") % (wbLen, wbLen) bofCount = offset = count = 0 while offset + XL_HDRLEN <= wbLen: rType, rLen = struct.unpack("<HH", buf[offset:offset + XL_HDRLEN]) nLeft = wbLen - offset - XL_HDRLEN if rLen > nLeft: print "!!Invalid record length (%#x, %d) only have %#x (%d) left" % (rLen, rLen, nLeft, nLeft) print "!!Attempting to recover from error" #assume 0 length record and advance past type/len oOff = offset success, offset = recover(buf, wbLen, offset + XL_HDRLEN) if success: print "!!Recovered from error, skipped %#x (%d) bytes\n" % (offset - oOff, offset - oOff) else: print "!!Couldn't recover from length error, hexdumping rest of stream" sys.stdout.write(hexdump(buf[oOff:])) return False else: if rType == 0x809: bofCount += 1 print "[ii]BOF record: current count %d" % bofCount elif rType == 0xa: bofCount -= 1 print "[ii]EOF record: current count %d" % bofCount printRec(rType, rLen, buf[offset+XL_HDRLEN:offset+XL_HDRLEN+rLen], count, offset) offset += XL_HDRLEN + rLen count += 1 return True
def test_hexdump(): s = '' b = b'\x41\x42\x43' s += '\n' s += util.hexdump(b) s += '\n' s += file_test1('C:/test/a.txt') s += file_test1('C:/test/127.txt') s += file_test1('C:/test/128.txt') s += file_test1('C:/test/129.txt') #---------------------------- s += file_test2('C:/test/127.txt') s += file_test2('C:/test/128.txt') s += file_test2('C:/test/129.txt') #---------------------------- s += file_test2('C:/test/32.txt') #---------------------------- s += 'no ascii-------------' s += file_test3('C:/test/128.txt') s += 'no addr-------------' s += file_test4('C:/test/128.txt') s += 'no header-------------' s += file_test5('C:/test/128.txt') #---------------------------- s += 'file_dump-------------' s += file_dump_test1('C:/test/32.txt') s += file_dump_test1('C:/test/127.txt') return s
def print_optrr(rcode, rrclass, ttl, rdata): packed_ttl = struct.pack('!I', ttl) ercode_hi, version, z = struct.unpack('!BBH', packed_ttl) ercode = (ercode_hi << 4) | rcode flags = [] if z & 0x8000: flags.append("do") print(";; OPT: edns_version=%d, udp_payload=%d, flags=%s, ercode=%d(%s)" % (version, rrclass, ' '.join(flags), ercode, rc.get_name(ercode))) blob = rdata while blob: ocode, olen = struct.unpack('!HH', blob[:4]) odesc = edns_opt.get(ocode, "Unknown") print(";; OPT code=%d (%s), length=%d" % (ocode, odesc, olen)) data_raw = blob[4:4 + olen] data_out = hexdump(data_raw) if ocode == 3: human_readable_data = '' try: human_readable_data = data_raw.decode('ascii') except (TypeError, UnicodeDecodeError): pass if human_readable_data: data_out = '%s (%s)' % (data_out, human_readable_data) elif ocode in [5, 6, 7]: data_out = ' '.join([str(x) for x in data_raw]) elif ocode == 15: info_code, = struct.unpack('!H', data_raw[0:2]) extra_text = data_raw[2:] info_code_desc = extended_error.get(info_code, "Unknown") data_out = "{} ({})".format(info_code, info_code_desc) if extra_text: data_out += " :{}".format(extra_text) print(";; DATA: %s" % data_out) blob = blob[4 + olen:]
def fwd(self, data): self.factory.log.debug('received: %s', '\n' + hexdump(data)) self.__class__.__bases__[0].dataReceived(self, data)
def dumpPropSetStream(ole, streamName): stream = ole.openstream(streamName) data = stream.read() dLen = len(data) if streamName[0] == "\x05": streamName = "\\x05" + streamName[1:] print "*" * 80, "\n[*]Dumping '%s' stream %#x (%d) bytes\n" % (streamName, dLen, dLen) #get the header (wByteOrder, wFormat, dwOsVer, clsid, cSections) = struct.unpack("HHI16sI", data[:28]) curOffset = 28 print "\nDumping property set header:\n" print "wByteOrder %#hx, wFormat %#hx, dwOsVer %#x" % (wByteOrder, wFormat, dwOsVer) print "CLSID [%s] cSections %#x (%d)\n" % (clsidStr(clsid), cSections, cSections) #get each section header sections = [] for i in xrange(cSections): #fmtid/offset (fmtid, dwOffset) = struct.unpack("16sI", data[curOffset:curOffset + 20]) sections.append((fmtid, dwOffset)) curOffset += 20 #for each section print "Dumping sections:\n" for (sectionID, sectionOffset) in sections: props = [] (cbSection, cProps) = struct.unpack("II", data[sectionOffset:sectionOffset + 8]) print "Section\tFMTID [%s] sectionOffset %#x (%d)" % ( clsidStr(fmtid), sectionOffset, sectionOffset) print "\tcbSection %#x (%d) cProps %#x (%d)" % (cbSection, cbSection, cProps, cProps) #get the offset/length of each property curOffset = sectionOffset + 8 last = None for i in xrange(cProps): (propid, offset) = struct.unpack("II", data[curOffset:curOffset + 8]) cur = [propid, offset] props.append(cur) #fill in length of last property if last: last.append(offset - last[1]) last = cur curOffset += 8 #fill in the last offset last.append(len(data) - sectionOffset - last[1]) #display the properties for prop in props: pId = prop[0] pOff = prop[1] pSz = prop[2] #take into account the section start realOffset = pOff + sectionOffset pType = struct.unpack("I", data[realOffset:realOffset + 4])[0] try: origType = pType pType = pType & 0xfff pName = "" if pType & VT_VECTOR: pName = "VECTOR|" pType &= ~VT_VECTOR if pType & VT_ARRAY: pName = "ARRAY|" pType &= ~VT_ARRAY if pType & VT_BYREF: pName = "BYREF|" pType &= ~VT_BYREF if pType & VT_RESERVED: pName = "RESERVED|" pType &= ~VT_RESERVED pName += propTypes[pType] except KeyError: pName = "!!UNKNOWN" print " Prop ID %#x (%d) Masked Type %#x (%s) (Orig Type %#x), offset %#x (%d) size %#x (%d)" % \ (pId, pId, pType, pName, origType, pOff, pOff, pSz, pSz) pData = data[realOffset + 4:realOffset + 4 + pSz - 4] print hexdump(pData, indent=8)
if __name__ == "__main__": parser = argparse.ArgumentParser(description='Replay captured USB packets') parser.add_argument('--verbose', '-v', action='store_true', help='verbose') parser.add_argument('fout', nargs='?', default=None, help='File out') args = parser.parse_args() usbcontext = usb1.USBContext() dev = open_dev(usbcontext) print print 'Reading memory' # The FX2 has eight kbytes of internal program/data RAM, # Only the internal eight kbytes and scratch pad 0.5 kbytes RAM spaces have the following access: ''' The available RAM spaces are 8 kbytes from 0x0000-0x1FFF (code/data) and 512 bytes from 0xE000-0xE1FF (scratch pad RAM). ''' r = ram_r(dev, 0x0000, 0x2000) #r = ram_r(dev, 0xE000, 0x2000) if args.fout: if args.fout.find('.hex') >= 0: pass else: open(args.fout, 'w').write(r) else: hexdump(r)
def printRec(rType, rLen, rData, rCount, rOffset): #attempt to lookup the description for this record try: rec = recDict[rType] rName, rDesc, rFmt, rFNames = rec print "[%d]Record %s [%#x (%d)] offset %#x (%d), len %#x (%d) (%s)" % ( rCount, rName, rType, rType, rOffset, rOffset, rLen, rLen, rDesc) fieldCount = offset = 0 #skip last element due to trailing '%' in format string for fmt in rFmt.split("%")[:-1]: nLeft = rLen - offset fieldName = rFNames[fieldCount] if fmt == "1": if ensure(fieldName, 1, nLeft): val = struct.unpack("B", rData[offset:offset+1])[0] print " BYTE %s = %#x (%d)" % (fieldName, val, val) offset += 1 elif fmt == "2": if ensure(fieldName, 2, nLeft): val = struct.unpack("H", rData[offset:offset+2])[0] print " WORD %s = %#x (%d)" % (fieldName, val, val) offset += 2 elif fmt == "4": if ensure(fieldName, 4, nLeft): val = struct.unpack("I", rData[offset:offset+4])[0] print " DWORD %s = %#x (%d)" % (fieldName, val, val) offset += 4 elif fmt[0] == "f": dataLen = int(fmt[1:]) if dataLen > nLeft: print " Warning, field %s is longer (%d) than data left (%d). Dumping what's left:" % \ (fieldName, dataLen, nLeft) sys.stdout.write(hexdump(rData[offset:], indent=12)) else: print " Field %s is %#x (%d) bytes, dumping:" % (fieldName, dataLen, dataLen) sys.stdout.write(hexdump(rData[offset:offset+dataLen], indent=12)) offset += dataLen elif fmt == "v": print " Field '%s' is variable length, dumping rest of record:" % (fieldName) sys.stdout.write(hexdump(rData[offset:], indent=12)) break elif fmt[0] == "[": try: handler = extraPrinters[fmt] o = handler(rData[offset:], nLeft) if o == -1: break else: offset += o except KeyError: print "Error: no handler defined for custom format '%s'" % (fmt) else: print "ERROR:Invalid format in record format string [%s]. Developer error!!" % (f) sys.exit(1) fieldCount += 1 except KeyError: print "WARNING:No record description for id %#x (%d) len %#x (%d)" % (rType, rType, rLen, rLen) sys.stdout.write(hexdump(rData, indent=8)) return
def get_trackpoints(self, track): """Obtain the trackpoints of an activity""" (resp, ack) = self._request_device(self.CMD_TP_GET_HDR, struct.pack('>HH', 1, track)) trackpoints = [] start = 0 # New catatalog entry end = start+struct.calcsize('>%s' % (self.TP_CAT_FMT)) if end > len(resp): raise AssertionError('Missing data in response %d / %d' % \ (end, len(resp))) # there are 6 trailing bytes whose signification is yet to be # discovered, decoded here into the silent variable '_' (yy,mm,dd,hh,mn,ss,lap,dtime,dst,kcal,mspd,mhr,ahr,cmi,cmd,_,track,idx) = \ struct.unpack('>%s' % (self.TP_CAT_FMT), resp[start:end]) #if lap > 1: # raise AssertionError('Multi-lap entries not supported') rem_lap = lap laps = [] count = 0 while rem_lap > 0: start = end end = start + struct.calcsize('%s' % (self.TP_DB_LAP)) (stop,ttime,tdst,kcal,mspd,mhr,ahr,sidx,eidx) = \ struct.unpack('>%s' % (self.TP_DB_LAP), resp[start:end]) lap = { 'acctime' : stop, 'tottime' : ttime, 'totdist' : tdst, 'kcal' : kcal, 'maxspeed': mspd, 'maxheart': mhr, 'avgheart': ahr, 'startptidx': sidx, 'endptidx': eidx, 'points' : []} laps.append(lap) count = eidx rem_lap -= 1 lap_sec = dtime//10 lap_msec = (dtime-lap_sec*10)*100 tp = { 'start': datetime.datetime(2000+yy,mm,dd,hh,mn,ss), 'time' : datetime.timedelta(0, lap_sec, 0, lap_msec), 'distance': dst, 'kcal' : kcal, 'maxspeed' : mspd, 'maxheart' : mhr, 'avgheart' : ahr, 'cmlplus' : cmi, 'cmlmin' : cmd, 'count' : count, 'laps' : lap, 'points' : []} rem_tp = count print 'Points: %d' % count while rem_tp > 0: (resp, ack) = self._request_device(self.CMD_TP_GET_NEXT, accept=[self.ACK_TP_GET_NONE, self.CMD_TP_GET_HDR]) if ack == self.ACK_TP_GET_NONE: # no more point return tp start = 0 end = start+struct.calcsize('>%s' % self.TP_CAT_FMT) header = struct.unpack('>%s' % self.TP_CAT_FMT, resp[start:end]) entry_len = struct.calcsize('>%s' % self.TP_ENT_FMT) start = end points = [] while start+entry_len <= len(resp): lapIdx = self._get_lap_index_for_point(laps, count-rem_tp) (x,y,z,s,h,d) = struct.unpack('>%s' % self.TP_ENT_FMT, resp[start:start+entry_len]) points.append((lapIdx,x,y,z,s,h,d)) rem_tp -= 1 start += entry_len tp['points'].extend(points) pc = (50*(count-rem_tp))/count progress = '%s%s: %d%%' % ('+'*pc, '.'*(50-pc), 2*pc) print 'TP: ', progress, '\r', sys.stdout.flush() if start < len(resp): self.log.error("Remaining bytes: %s" % hexdump(resp[start:])) print '' return (laps, tp)
def readFileHax(self, filename, filerecord, filekeys): lba0 = self.first_lba + filerecord.dataFork.HFSPlusExtentDescriptor[0].startBlock filekey = None good_usn = None first_usn = 0 lba0_versions = self.nand.ftl.findAllVersions(lba0) print "%d versions for first lba" % len(lba0_versions) for k in filekeys: for addr in lba0_versions: ciphertext = self.nand.ftl.readPage1(addr, key=None, lpn=lba0) if not ciphertext: continue d = self.decryptFileBlock2(ciphertext, k, lba0, 0) if isDecryptedCorrectly(d): hexdump(d[:16]) filekey = k weaveSeq = addr[0] break if not filekey: return False logicalSize = filerecord.dataFork.logicalSize missing_pages = 0 file_pages = [] lbns = [] for extent in self.volume.getAllExtents(filerecord.dataFork, filerecord.fileID): for bn in xrange(extent.startBlock, extent.startBlock + extent.blockCount): lbns.append(self.first_lba + bn) datas = {} first_block = True done = False for weaveSeq,lbn,ce,block,page in self.nand.ftl.findPagesInRange(weaveSeq, weaveSeq+50000): if not lbn in lbns: continue idx = lbns.index(lbn) ciphertext = self.nand.ftl.readPage1((weaveSeq,ce,block,page), key=None, lpn=lbn) if not ciphertext: continue ciphertext = self.decryptFileBlock2(ciphertext, filekey, lbn, idx*self.pageSize) if idx == 0: if not isDecryptedCorrectly(ciphertext): continue datas[idx*self.pageSize] = (ciphertext, lbn - self.first_lba) #if idx == len(lbns): if len(datas) == len(lbns): done=True break if done: break cleartext = "" decrypt_offset = 0 for i in xrange(0,logicalSize, self.pageSize): if datas.has_key(i): ciphertext, lbn = datas[i] cleartext += ciphertext else: cleartext += self.blankPage missing_pages += 1 decrypt_offset += self.pageSize print "Recovered %d:%s %d missing pages, size %s, created %s, contentModDate %s" % \ (filerecord.fileID, filename.encode("utf-8"), missing_pages, sizeof_fmt(logicalSize), hfs_date(filerecord.createDate), hfs_date(filerecord.contentModDate)) filename = "%d_%d_%s" % (filerecord.fileID, first_usn, filename) if missing_pages == 0: filename = "OK_" + filename self.okfiles += 1 if True:#exactSize: cleartext = cleartext[:logicalSize] self.writeUndeletedFile(filename, cleartext) return True
def gbld_mod_parser(hdr, km, istr): return 'mod {}:\n{}'.format(km, util.hexdump(istr.data))
def decode_nsec3param_rdata(rdata): hashalg, flags, iterations, saltlen = struct.unpack('!BBHB', rdata[:5]) salt = hexdump(rdata[5:5 + saltlen]) result = "%d %d %d %s" % (hashalg, flags, iterations, salt) return result
def dumpPropSetStream(ole, streamName): stream = ole.openstream(streamName) data = stream.read() dLen = len(data) if streamName[0] == "\x05": streamName = "\\x05" + streamName[1:] print "*"*80, "\n[*]Dumping '%s' stream %#x (%d) bytes\n" % (streamName, dLen, dLen) #get the header (wByteOrder, wFormat, dwOsVer, clsid, cSections) = struct.unpack("HHI16sI", data[:28]) curOffset = 28 print "\nDumping property set header:\n" print "wByteOrder %#hx, wFormat %#hx, dwOsVer %#x" % (wByteOrder, wFormat, dwOsVer) print "CLSID [%s] cSections %#x (%d)\n" % (clsidStr(clsid), cSections, cSections) #get each section header sections = [] for i in xrange(cSections): #fmtid/offset (fmtid, dwOffset) = struct.unpack("16sI", data[curOffset:curOffset + 20]) sections.append((fmtid, dwOffset)) curOffset += 20 #for each section print "Dumping sections:\n" for (sectionID, sectionOffset) in sections: props = [] (cbSection, cProps) = struct.unpack("II", data[sectionOffset:sectionOffset + 8]) print "Section\tFMTID [%s] sectionOffset %#x (%d)" % (clsidStr(fmtid), sectionOffset, sectionOffset) print "\tcbSection %#x (%d) cProps %#x (%d)" % (cbSection, cbSection, cProps, cProps) #get the offset/length of each property curOffset = sectionOffset + 8 last = None for i in xrange(cProps): (propid, offset) = struct.unpack("II", data[curOffset:curOffset + 8]) cur = [propid, offset] props.append(cur) #fill in length of last property if last: last.append(offset - last[1]) last = cur curOffset += 8 #fill in the last offset last.append(len(data) - sectionOffset - last[1]) #display the properties for prop in props: pId = prop[0] pOff = prop[1] pSz = prop[2] #take into account the section start realOffset = pOff + sectionOffset pType = struct.unpack("I", data[realOffset:realOffset + 4])[0] try: origType = pType pType = pType & 0xfff pName = "" if pType & VT_VECTOR: pName = "VECTOR|" pType &= ~VT_VECTOR if pType & VT_ARRAY: pName = "ARRAY|" pType &= ~VT_ARRAY if pType & VT_BYREF: pName = "BYREF|" pType &= ~VT_BYREF if pType & VT_RESERVED: pName = "RESERVED|" pType &= ~VT_RESERVED pName += propTypes[pType] except KeyError: pName = "!!UNKNOWN" print " Prop ID %#x (%d) Masked Type %#x (%s) (Orig Type %#x), offset %#x (%d) size %#x (%d)" % \ (pId, pId, pType, pName, origType, pOff, pOff, pSz, pSz) pData = data[realOffset + 4:realOffset + 4 + pSz - 4] print hexdump(pData, indent=8)
def printAtom(rData, rLen, rDesc): # see if actual len is equal to real len if len(rData) != rLen: print "!!Warning: claimed len %#x (%d), actual %#x (%d)" % (rLen, rLen, len(rData), len(rData)) rLen = len(rData) rFmt = rDesc[2] rFNames = rDesc[3] fieldCount = offset = 0 # skip last element due to trailing '%' in format string for fmt in rFmt.split("%")[:-1]: nLeft = rLen - offset fieldType = rFNames[fieldCount][0] fieldName = rFNames[fieldCount][1] fieldDesc = rFNames[fieldCount][2] if fieldType in COMPLEX_TYPES: isComplex = True else: isComplex = False if fmt == "1": if ensure(fieldName, 1, nLeft): val = struct.unpack("B", rData[offset : offset + 1])[0] if isComplex: print " %s.BYTE %s = %#x (%d)" % (fieldType, fieldName, val, val) else: print " BYTE %s = %#x (%d)" % (fieldName, val, val) offset += 1 elif fmt == "2": if ensure(fieldName, 2, nLeft): val = struct.unpack("H", rData[offset : offset + 2])[0] if isComplex: print " %s.WORD %s = %#x (%d)" % (fieldType, fieldName, val, val) else: print " WORD %s = %#x (%d)" % (fieldName, val, val) offset += 2 elif fmt == "4": if ensure(fieldName, 4, nLeft): val = struct.unpack("I", rData[offset : offset + 4])[0] if isComplex: print " %s.DWORD %s = %#x (%d)" % (fieldType, fieldName, val, val) else: print " DWORD %s = %#x (%d)" % (fieldName, val, val) offset += 4 elif fmt == "s": print " Field '%s' is variable length ASCIIZ, dumping rest of record:" % (fieldName) sys.stdout.write(hexdump(rData[offset:], indent=12)) break elif fmt == "u": print " Field '%s' is variable length UNICODE, dumping rest of record:" % (fieldName) sys.stdout.write(hexdump(rData[offset:], indent=12)) break elif fmt == "v": print " Field '%s' is variable length DATA, dumping rest of record:" % (fieldName) sys.stdout.write(hexdump(rData[offset:], indent=12)) break else: print "ERROR:Invalid format in record format string [%s]. Developer error!!" % (f) sys.exit(1) fieldCount += 1
def dump(self): print '{0} {1}'.format(self.type, ', '.join(self.flags)) if self.data: util.hexdump(self.data) else: print ' [empty]'
def do_BAG1(self, p): print "BAG1 locker from effaceable storage" bag1 = self.image.lockers.get("BAG1") hexdump(bag1) print "IV:", bag1[4:20].encode("hex") print "Key:", bag1[20:].encode("hex")
# if ole.exists("Workbook"): print "\n[**]Detected Excel file %s" % fName dumpXL.dump(ole) # if ole.exists("PowerPoint Document"): print "\n[**]Detected PowerPoint file %s" % fName dumpPPT.dump(ole, xole=extractOLE) # if ole.exists("\x05SummaryInformation"): dumpPropSetStream(ole, "\x05SummaryInformation") # if ole.exists("\x05DocumentSummaryInformation"): dumpPropSetStream(ole, "\x05DocumentSummaryInformation") # if verbose: paths = ole.getPaths() for path in paths: #dont try to read a storage if path[-1] != "/": print "Opening %s" % (path) stream = ole.openstream(path) buf = stream.read() sys.stdout.write(util.hexdump(buf, indent=4))
def generic_rdata_encoding(rdata, rdlen): return r"\# %d %s" % (rdlen, hexdump(rdata))
def dumpPPD(buf, maxLen, depth, count_offset, recList=None): nRead = 0 while nRead < maxLen: # read the header, check for atom/container rVer, rInst, rType, rLen = getHdr(buf[nRead : nRead + PPT_HDR_LEN]) nRead += PPT_HDR_LEN if (rVer & 0xF) == 0xF: isAtom = False prefix = "[" * depth + "Container" else: isAtom = True prefix = "{" * depth + "Atom" # try to look up record description try: rDesc = recDict[rType] rName = rDesc[0] except KeyError: rDesc = None rName = "!!!Unknown" # pretty print the header print "%s(%d) %s (%#x, %d) size %#x (%d), instance %#x version %#x [offset %#x (%d)]" % ( prefix, count_offset[REC_COUNT], rName, rType, rType, rLen, rLen, rInst, rVer, count_offset[REC_OFFSET], count_offset[REC_OFFSET], ) # update ghetoo reference parameters, record count and total offset count_offset[REC_COUNT] += 1 count_offset[REC_OFFSET] += PPT_HDR_LEN if not isAtom: nRead += dumpPPD(buf[nRead:maxLen], min(maxLen - nRead, rLen), depth + 1, count_offset, recList) print "]" * depth, "End container %s" % rName else: # only save atoms if recList is not None: recList.append((rType, buf[nRead : nRead + (min(rLen, maxLen - nRead))])) if rDesc: printAtom(buf[nRead : nRead + (min(rLen, maxLen - nRead))], rLen, rDesc) # look for a manual rec printer try: handler = customPrinters[rType] handler(buf[nRead : nRead + (min(rLen, maxLen - nRead))]) except KeyError: pass else: print ( "No descriptor, dumping:\n", hexdump(buf[nRead + PPT_HDR_LEN : nRead + PPT_HDR_LEN + rLen], indent=8), ) nRead += rLen count_offset[REC_OFFSET] += rLen return nRead