Added validity check for specified file-size keywords; non-zero magic offsets are now supported.

b5a97bff · devttys0 · 95eadc29 · b5a97bff · b5a97bff · b5a97bff
Commit b5a97bff authored Nov 30, 2013 by devttys0
7 changed files
--- a/src/bin/binwalk
+++ b/src/bin/binwalk
@@ -147,7 +147,7 @@ def main():
 			save_plot = True
 		elif opt in ("-N", "--no-plot"):
 			show_plot = False
-		elif opt in ("-3", "--3D"):
+		elif opt in ("-3", "--3D", "--3d"):
 			requested_scans.append(binwalk.Binwalk.BINVIS)
 		elif opt in ("-E", "--entropy"):
 			requested_scans.append(binwalk.Binwalk.ENTROPY)
@@ -469,8 +469,8 @@ def main():
 		pass
 	except IOError:
 		pass
-	except Exception as e:
-		print("Unexpected error: %s" % str(e))
+#	except Exception as e:
+#		print("Unexpected error: %s" % str(e))
 		
 	bwalk.cleanup()


--- a/src/binwalk/__init__.py
+++ b/src/binwalk/__init__.py
@@ -533,7 +533,7 @@ class Binwalk(object):
 				# start after the end of dlen.
 				for candidate in self.parser.find_signature_candidates(data[i:dlen+self.MAX_SIGNATURE_SIZE], (dlen-i)):

-					# If a signature specified a jump offset beyond this candidate signature offset, ignore it
+					# If a previous signature specified a jump offset beyond this candidate signature offset, ignore it
 					if (i + candidate + self.total_scanned) < jump_offset:
 						continue

@@ -570,7 +570,7 @@ class Binwalk(object):
 							smart = self.smart.parse(magic_result)

 							# Validate the jump value and check if the response description should be displayed
-							if smart['jump'] > -1 and self._should_display(smart):
+							if self._is_valid(smart, candidate+i, fsize):
 								# If multiple results are returned and one of them has smart['jump'] set to a non-zero value,
 								# the calculated results offset will be wrong since i will have been incremented. Only set the
 								# results_offset value when the first match is encountered.
@@ -678,16 +678,23 @@ class Binwalk(object):
 					if not found_offset:
 						results[new_file_name] += new_data

-	def _should_display(self, result):
+	def _is_valid(self, result, location, file_size):
 		'''
-		Determines if a result string should be displayed to the user or not.
+		Determines if a result string is valid and should be displayed to the user or not.
 		
 		@result    - Result dictionary, as returned by self.smart.parse.
+		@location  - The file offset of the result.
+		@file_size - The total size of the file.

 		Returns True if the string should be displayed.
 		Returns False if the string should not be displayed.
 		'''
-		if result['invalid'] == True or (self.year and result['year'] > self.year) or (self.epoch and result['epoch'] > self.epoch):
+		if self.filter.show_invalid_results:
+			return True
+
+		if result['jump'] < 0 or result['invalid']:
+			return False
+		if ((location + result['size']) > file_size) or (self.year and result['year'] > self.year) or (self.epoch and result['epoch'] > self.epoch):
 			return False

 		desc = result['description']

--- a/src/binwalk/cmdopts.py
+++ b/src/binwalk/cmdopts.py
@@ -8,6 +8,7 @@ import binwalk.config
 short_options = "3AaBbCcdEeGHhIiJkLMNnOPpQqrSTtUuvWwz?D:F:f:g:j:K:o:l:m:R:s:X:x:Y:y:Z:"
 long_options = [
 		"3D",
+		"3d",
 		"rm",
 		"help",
 		"green",

--- a/src/binwalk/magic/binwalk
+++ b/src/binwalk/magic/binwalk
@@ -2072,6 +2072,9 @@
 >19     string  none\n                  \b, unencrypted
 >19     string  AES-256\n               \b, encrypted AES-256

+# http://forum.xda-developers.com/showthread.php?p=47818657
+0	string	imgARMcC 		Roku aimage SB{offset-adjust:-8}
+
 # Tag Image File Format, from Daniel Quinlan (quinlan@yggdrasil.com)
 # The second word of TIFF files is the TIFF version number, 42, which has
 # never changed.  The TIFF specification recommends testing for it.
@@ -2085,6 +2088,8 @@
 # 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ...
 #
 0       string          \x89PNG\x0d\x0a\x1a\x0a         PNG image
+>16	belong		0		invalid
+>20	belong		0		invalid
 >16     belong          x               \b, %ld x
 >20     belong          x               %ld,
 >24     byte            x               %d-bit

--- a/src/binwalk/parser.py
+++ b/src/binwalk/parser.py
@@ -255,18 +255,17 @@ class MagicParser:

 		Returns a list of tuples in the format: [(<signature offset>, [signature regex])].
 		'''
-		signature_set = []
+		self.signature_set = set()

 		for (offset, sigs) in iterator(self.signatures):
+			
 			for sig in sigs:
 				if sig == self.WILDCARD:
 					sig = re.compile('.')
 				else:
 					sig = re.compile(re.escape(sig))

-				signature_set.append(sig)
-
-		self.signature_set = set(signature_set)
+				self.signature_set.add((offset, sig))

 		return self.signature_set

@@ -282,8 +281,8 @@ class MagicParser:
 		'''
 		candidate_offsets = []

-		for regex in self.signature_set:
-			candidate_offsets += [match.start() for match in regex.finditer(data) if match.start() < end]
+		for (offset, regex) in self.signature_set:
+			candidate_offsets += [(match.start() - offset) for match in regex.finditer(data) if match.start() < end  and (match.start() - offset) >= 0]

 		candidate_offsets = list(set(candidate_offsets))
 		candidate_offsets.sort()

--- a/src/magic/firmware
+++ b/src/magic/firmware
@@ -445,3 +445,6 @@
 >19     string  none\n                  \b, unencrypted
 >19     string  AES-256\n               \b, encrypted AES-256

+# http://forum.xda-developers.com/showthread.php?p=47818657
+0	string	imgARMcC 		Roku aimage SB{offset-adjust:-8}
+
--- a/src/magic/images
+++ b/src/magic/images
@@ -11,6 +11,8 @@
 # 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ...
 #
 0       string          \x89PNG\x0d\x0a\x1a\x0a         PNG image
+>16	belong		0		invalid
+>20	belong		0		invalid
 >16     belong          x               \b, %ld x
 >20     belong          x               %ld,
 >24     byte            x               %d-bit