From 62e9caa164305a18d7d1f037ab27d14ac933d3cf Mon Sep 17 00:00:00 2001
From: Craig Heffner <heffnercj@gmail.com>
Date: Thu, 16 Mar 2017 19:30:30 -0400
Subject: [PATCH] Improved MPFS and CramFS false positive detection
---
src/binwalk/magic/filesystems | 31 ++++++++++++++++++-------------
src/binwalk/modules/extractor.py | 6 ++++++
2 files changed, 24 insertions(+), 13 deletions(-)
diff --git a/src/binwalk/magic/filesystems b/src/binwalk/magic/filesystems
index 1a69254..c1ca8d8 100644
--- a/src/binwalk/magic/filesystems
+++ b/src/binwalk/magic/filesystems
@@ -73,7 +73,10 @@
# MPFS file system
0 string MPFS MPFS filesystem, Microchop,
>4 byte <0 {invalid}
+>4 byte >10 {invalid}
>5 byte <0 {invalid}
+>4 byte 0
+>>5 byte 0 {invalid}
>4 byte x version %d.
>5 byte x \b%d,
>6 leshort <0 {invalid}
@@ -81,33 +84,35 @@
# cramfs filesystem - russell@coker.com.au
0 lelong 0x28cd3d45 CramFS filesystem, little endian,
->4 lelong <0 invalid size,{invalid}
+>4 lelong <1 invalid size,{invalid}
>4 lelong >1073741824 invalid size,{invalid}
->4 ulelong x size: %u
->8 lelong &1 version 2
->8 lelong &2 sorted_dirs
->8 lelong &4 hole_support
+>4 ulelong x size: %u,
+>8 lelong &1 version 2,
+>8 lelong &2 sorted_dirs,
+>8 lelong &4 hole_support,
+>32 ulelong 0 invalid{invalid}
>32 ulelong x CRC 0x%.8X,
>36 ulelong x edition %u,
>40 lelong <0 invalid blocks,{invalid}
>40 ulelong x %u blocks,
->44 lelong <0 invalid file count,{invalid}
+>44 lelong <1 invalid file count,{invalid}
>44 ulelong x %u files
>4 ulelong x {jump:%u}
>4 ulelong x {size:%u}
0 belong 0x28cd3d45 CramFS filesystem, big endian
->4 belong <0 {invalid}
+>4 belong <1 {invalid}
>4 belong >1073741824 {invalid}
->4 belong x size %u
->8 belong &1 version 2
->8 belong &2 sorted_dirs
->8 belong &4 hole_support
+>4 belong x size %u,
+>8 belong &1 version 2,
+>8 belong &2 sorted_dirs,
+>8 belong &4 hole_support,
+>32 ubelong 0 invalid{invalid}
>32 ubelong x CRC 0x%.8X,
>36 belong x edition %u,
->40 belong <0 {invalid}
+>40 belong <0 invalid blocks,{invalid}
>40 ubelong x %u blocks,
->44 belong <0 {invalid}
+>44 belong <1 invalid file count,{invalid}
>44 ubelong x %u files
>4 ubelong x {jump:%u}
>4 ubelong x {size:%u}
diff --git a/src/binwalk/modules/extractor.py b/src/binwalk/modules/extractor.py
index faf5977..ee1d9b2 100644
--- a/src/binwalk/modules/extractor.py
+++ b/src/binwalk/modules/extractor.py
@@ -82,6 +82,11 @@ class Extractor(Module):
type=int,
kwargs={'max_count': 0},
description='Limit the number of extracted files'),
+ #Option(short='u',
+ # long='limit',
+ # type=int,
+ # kwargs={'recursive_max_size': 0},
+ # description="Limit the total size of all extracted files"),
Option(short='r',
long='rm',
kwargs={'remove_after_execute': True},
@@ -94,6 +99,7 @@ class Extractor(Module):
KWARGS = [
Kwarg(name='max_size', default=None),
+ Kwarg(name='recursive_max_size', default=None),
Kwarg(name='max_count', default=None),
Kwarg(name='base_directory', default=None),
Kwarg(name='remove_after_execute', default=False),
--
libgit2 0.26.0