Skip to content

B
binwalk
Commit 43ddf9b9 by devttys0
Options

Fixed extraction bug; prettified magic files

parent d95e015d
Showing with 72 additions and 81 deletions
src/binwalk/core/magic.py
...@@ -23,6 +23,7 @@ class SignatureResult(object): ...@@ -23,6 +23,7 @@ class SignatureResult(object):
self.strlen = 0 self.strlen = 0
self.string = False self.string = False
self.invalid = False self.invalid = False
self.extract = True
# These are set by code internally # These are set by code internally
self.file = None self.file = None
......
src/binwalk/magic/console
...@@ -4,8 +4,9 @@ ...@@ -4,8 +4,9 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format # gameboy: file(1) magic for the Nintendo (Color) Gameboy raw ROM format
# #
0x104 belong 0xCEED6666 Gameboy ROM, 0x104 ubelong 0xCEED6666 Gameboy ROM,
>0x134 string >\0 name: "%.16s" >0x134 byte !0
>>0x134 string x name: "%.16s"
>0x146 byte 0x03 \b,[SGB] >0x146 byte 0x03 \b,[SGB]
>0x147 byte 0x00 \b, [ROM ONLY] >0x147 byte 0x00 \b, [ROM ONLY]
>0x147 byte 0x01 \b, [ROM+MBC1] >0x147 byte 0x01 \b, [ROM+MBC1]
...@@ -56,8 +57,9 @@ ...@@ -56,8 +57,9 @@
# genesis: file(1) magic for the Sega MegaDrive/Genesis raw ROM format # genesis: file(1) magic for the Sega MegaDrive/Genesis raw ROM format
# #
0x100 string SEGA Sega MegaDrive/Genesis raw ROM dump, 0x100 string SEGA Sega MegaDrive/Genesis raw ROM dump,
>0x120 string x Name: "%.16s" >0x120 string x Name: "%.16s",
>0x110 string >\0 "%.16s" >0x110 byte !0
>>0x110 string x "%.16s",
>0x1B0 string RA with SRAM >0x1B0 string RA with SRAM
# From: "Nelson A. de Oliveira" <naoliv@gmail.com> # From: "Nelson A. de Oliveira" <naoliv@gmail.com>
...@@ -68,7 +70,7 @@ ...@@ -68,7 +70,7 @@
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# Sony Playstation executables (Adam Sjoegren <asjo@diku.dk>) : # Sony Playstation executables (Adam Sjoegren <asjo@diku.dk>) :
0 string PS-X\ EXE Sony Playstation executable 0 string PS-X\x20EXE Sony Playstation executable
# Area: # Area:
>113 string x (%s) >113 string x (%s)
...@@ -77,17 +79,11 @@ ...@@ -77,17 +79,11 @@
0 string XBEH Microsoft Xbox executable (XBE), 0 string XBEH Microsoft Xbox executable (XBE),
## probabilistic checks whether signed or not ## probabilistic checks whether signed or not
>0x0004 ulelong =0x0 >0x0004 ulelong =0x0
>>2 ulelong !0x0 \b, {invalid} >>2 ulelong =0x0 \b, not signed
>>2 ulelong =0x0
>>>2 ulelong !0x0 \b, {invalid}
>>>2 ulelong =0x0 \b, not signed
>0x0004 ulelong >0 >0x0004 ulelong >0
>>2 ulelong =0x0 \b, {invalid} >>2 ulelong >0 \b, signed
>>2 ulelong >0
>>>2 ulelong =0x0 \b, {invalid}
>>>2 ulelong >0 \b, signed
>0x0104 lelong <0 \b, {invalid} base address
## expect base address of 0x10000 ## expect base address of 0x10000
>0x0104 ulelong !0x10000 {invalid}
>0x0104 ulelong =0x10000 >0x0104 ulelong =0x10000
>>(0x0118-0x0FF60) ulelong&0x80000007 0x80000007 \b, all regions >>(0x0118-0x0FF60) ulelong&0x80000007 0x80000007 \b, all regions
>>(0x0118-0x0FF60) ulelong&0x80000007 !0x80000007 >>(0x0118-0x0FF60) ulelong&0x80000007 !0x80000007
......
src/binwalk/magic/crypto
...@@ -10,7 +10,9 @@ ...@@ -10,7 +10,9 @@
# From: Nicolas Collignon <tsointsoin@gmail.com> # From: Nicolas Collignon <tsointsoin@gmail.com>
0 string SSH\x20PRIVATE\x20KEY OpenSSH RSA1 private key, 0 string SSH\x20PRIVATE\x20KEY OpenSSH RSA1 private key,
>28 string >\0 version "%s" >28 byte !0
>>28 string x version "%s"
>28 byte 0 {invalid}
0 string ssh-dss\x20 OpenSSH DSA public key 0 string ssh-dss\x20 OpenSSH DSA public key
0 string ssh-rsa\x20 OpenSSH RSA public key 0 string ssh-rsa\x20 OpenSSH RSA public key
...@@ -18,12 +20,12 @@ ...@@ -18,12 +20,12 @@
# Type: Certificates/key files in DER format # Type: Certificates/key files in DER format
# From: Gert Hulselmans <hulselmansgert@gmail.com> # From: Gert Hulselmans <hulselmansgert@gmail.com>
0 string \x30\x82 Private key in DER format (PKCS#8), 0 string \x30\x82 Private key in DER format (PKCS#8),
>4 string !\x02\x01\x00 {invalid}, >4 string !\x02\x01\x00 {invalid}
>>2 beshort x header length: 4, sequence length: %d >2 beshort x header length: 4, sequence length: %d
0 string \x30\x82 Certificate in DER format (x509 v3), 0 string \x30\x82 Certificate in DER format (x509 v3),
>4 string !\x30\x82 {invalid}, >4 string !\x30\x82 {invalid}
>>2 beshort x header length: 4, sequence length: %d >2 beshort x header length: 4, sequence length: %d
# GnuPG # GnuPG
# The format is very similar to pgp # The format is very similar to pgp
...@@ -66,23 +68,23 @@ ...@@ -66,23 +68,23 @@
>3 byte 16 algorithm: blowfish-256, >3 byte 16 algorithm: blowfish-256,
>3 byte 100 algorithm: RC6, >3 byte 100 algorithm: RC6,
>3 byte 101 algorithm: IDEA, >3 byte 101 algorithm: IDEA,
>3 byte <0 {invalid} algorithm >3 byte <0 {invalid}
>3 byte >101 {invalid} algorithm, >3 byte >101 {invalid}
>3 byte >16 >3 byte >16
>>3 byte <100 {invalid} algorithm, >>3 byte <100 {invalid}
>4 byte 0 mode: CBC, >4 byte 0 mode: CBC,
>4 byte 1 mode: ECB, >4 byte 1 mode: ECB,
>4 byte 2 mode: CFB, >4 byte 2 mode: CFB,
>4 byte 3 mode: OFB, >4 byte 3 mode: OFB,
>4 byte 4 mode: nOFB, >4 byte 4 mode: nOFB,
>4 byte <0 {invalid} mode, >4 byte <0 {invalid}
>4 byte >4 {invalid} mode, >4 byte >4 {invalid}
>5 byte 0 keymode: 8bit >5 byte 0 keymode: 8bit
>5 byte 1 keymode: 4bit >5 byte 1 keymode: 4bit
>5 byte 2 keymode: SHA-1 hash >5 byte 2 keymode: SHA-1 hash
>5 byte 3 keymode: MD5 hash >5 byte 3 keymode: MD5 hash
>5 byte <0 {invalid} keymode >5 byte <0 {invalid}
>5 byte >3 {invalid} keymode >5 byte >3 {invalid}
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# pgp: file(1) magic for Pretty Good Privacy # pgp: file(1) magic for Pretty Good Privacy
...@@ -100,3 +102,4 @@ ...@@ -100,3 +102,4 @@
0 string Salted__ OpenSSL encryption, salted, 0 string Salted__ OpenSSL encryption, salted,
>8 belong x salt: 0x%X >8 belong x salt: 0x%X
>12 belong x \b%X >12 belong x \b%X
src/binwalk/magic/images
...@@ -35,7 +35,6 @@ ...@@ -35,7 +35,6 @@
>25 byte 3 colormap, >25 byte 3 colormap,
>25 byte 4 gray+alpha, >25 byte 4 gray+alpha,
>25 byte 6 \b/color RGBA, >25 byte 6 \b/color RGBA,
#>26 byte 0 deflate/32K,
>28 byte 0 non-interlaced >28 byte 0 non-interlaced
>28 byte 1 interlaced >28 byte 1 interlaced
...@@ -56,22 +55,22 @@ ...@@ -56,22 +55,22 @@
#>10 byte&0x07 =0x07 256 colors #>10 byte&0x07 =0x07 256 colors
# PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu) # PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu)
0 string BM 0 string BM PC bitmap,
>14 leshort 12 PC bitmap, OS/2 1.x format >14 leshort 12 OS/2 1.x format,
>>18 lelong <1 {invalid} >>18 lelong <1 {invalid}
>>18 lelong >1000000 {invalid} >>18 lelong >1000000 {invalid}
>>18 leshort x \b, %d x >>18 leshort x \b, %d x
>>20 lelong <1 {invalid} >>20 lelong <1 {invalid}
>>20 lelong >1000000 {invalid} >>20 lelong >1000000 {invalid}
>>20 leshort x %d >>20 leshort x %d
>14 leshort 64 PC bitmap, OS/2 2.x format >14 leshort 64 OS/2 2.x format,
>>18 lelong <1 {invalid} >>18 lelong <1 {invalid}
>>18 lelong >1000000 {invalid} >>18 lelong >1000000 {invalid}
>>18 leshort x \b, %d x >>18 leshort x \b, %d x
>>20 lelong <1 {invalid} >>20 lelong <1 {invalid}
>>20 lelong >1000000 {invalid} >>20 lelong >1000000 {invalid}
>>20 leshort x %d >>20 leshort x %d
>14 leshort 40 PC bitmap, Windows 3.x format >14 leshort 40 Windows 3.x format,
>>18 lelong <1 {invalid} >>18 lelong <1 {invalid}
>>18 lelong >1000000 {invalid} >>18 lelong >1000000 {invalid}
>>18 lelong x \b, %d x >>18 lelong x \b, %d x
...@@ -81,7 +80,7 @@ ...@@ -81,7 +80,7 @@
>>28 lelong <1 {invalid} >>28 lelong <1 {invalid}
>>28 lelong >1000000 {invalid} >>28 lelong >1000000 {invalid}
>>28 leshort x %d >>28 leshort x %d
>14 leshort 128 PC bitmap, Windows NT/2000 format >14 leshort 128 Windows NT/2000 format,
>>18 lelong >1000000 {invalid} >>18 lelong >1000000 {invalid}
>>18 lelong <1 {invalid} >>18 lelong <1 {invalid}
>>18 lelong x \b, %d x >>18 lelong x \b, %d x
...@@ -239,12 +238,4 @@ ...@@ -239,12 +238,4 @@
>>(4.S+6) byte x \b, precision %d >>(4.S+6) byte x \b, precision %d
>>(4.S+7) beshort x \b, %dx >>(4.S+7) beshort x \b, %dx
>>(4.S+9) beshort x \b%d >>(4.S+9) beshort x \b%d
# I've commented-out quantisation table reporting. I doubt anyone cares yet.
#>(4.S+5) byte 0xDB \b, quantisation table
#>>(4.S+6) beshort x \b length=%d
#>14 beshort x \b, %d x
#>16 beshort x \b %d
0 string M88888888888888888888888888 Binwalk logo, ASCII art (Toph){offset-adjust:-50}
>27 string !8888888888\n {invalid}
src/binwalk/magic/kernels
...@@ -6,15 +6,14 @@ ...@@ -6,15 +6,14 @@
# and Nicolás Lichtmaier <nick@debian.org> # and Nicolás Lichtmaier <nick@debian.org>
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29 # All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
0 string \xb8\xc0\x07\x8e\xd8\xb8\x00\x90\x8e\xc0\xb9\x00\x01\x29\xf6\x29 Linux kernel boot image 0 string \xb8\xc0\x07\x8e\xd8\xb8\x00\x90\x8e\xc0\xb9\x00\x01\x29\xf6\x29 Linux kernel boot image
>514 string !HdrS ({invalid}) >514 string !HdrS {invalid}
# Finds and prints Linux kernel strings in raw Linux kernels (output like uname -a). # Finds and prints Linux kernel strings in raw Linux kernels (output like uname -a).
# Commonly found in decompressed embedded kernel binaries. # Commonly found in decompressed embedded kernel binaries.
0 string Linux\ version\ Linux kernel version 0 string Linux\x20version\x20 Linux kernel version
>14 byte 0 {invalid} >14 byte 0 {invalid}
>14 byte !0 >14 byte !0
>>14 string x "%s >>14 string x "%s"
>>45 string x \b%s"
# eCos kernel exception handlers # eCos kernel exception handlers
# #
...@@ -29,10 +28,10 @@ ...@@ -29,10 +28,10 @@
0 string \x00\x68\x1A\x40\x00\x00\x00\x00\x7F\x00\x5A\x33 eCos kernel exception handler, architecture: MIPSEL, 0 string \x00\x68\x1A\x40\x00\x00\x00\x00\x7F\x00\x5A\x33 eCos kernel exception handler, architecture: MIPSEL,
>14 leshort !0x3C1B {invalid} >14 leshort !0x3C1B {invalid}
>18 leshort !0x277B {invalid} >18 leshort !0x277B {invalid}
>12 leshort x exception vector table base address: 0x%.4X >12 uleshort x exception vector table base address: 0x%.4X
>16 leshort x \b%.4X >16 uleshort x \b%.4X
0 string \x40\x1A\x68\x00\x00\x00\x00\x00\x33\x5A\x00\x7F eCos kernel exception handler, architecture: MIPS, 0 string \x40\x1A\x68\x00\x00\x00\x00\x00\x33\x5A\x00\x7F eCos kernel exception handler, architecture: MIPS,
>12 beshort !0x3C1B {invalid} >12 beshort !0x3C1B {invalid}
>16 beshort !0x277B {invalid} >16 beshort !0x277B {invalid}
>14 beshort x exception vector table base address: 0x%.4X >14 ubeshort x exception vector table base address: 0x%.4X
>18 beshort x \b%.4X >18 ubeshort x \b%.4X
src/binwalk/magic/misc
...@@ -25,15 +25,15 @@ ...@@ -25,15 +25,15 @@
0 string LinuxGuestRecord Xen saved domain file 0 string LinuxGuestRecord Xen saved domain file
0 string \x3chtml HTML document header{extract-delay:HTML document footer} 0 string \x3chtml HTML document header
>5 byte !0x20 >5 byte !0x20
>>5 byte !0x3e \b, {invalid} >>5 byte !0x3e {invalid}
0 string \x3cHTML HTML document header{extract-delay:HTML document footer} 0 string \x3cHTML HTML document header
>5 byte !0x20 >5 byte !0x20
>>5 byte !0x3e \b, {invalid} >>5 byte !0x3e {invalid}
0 string \x3c/html\x3e HTML document footer{offset-adjust:7} 0 string \x3c/html\x3e HTML document footer
0 string \x3c/HTML\x3e HTML document footer{offset-adjust:7} 0 string \x3c/HTML\x3e HTML document footer
0 string \x3c?xml\x20version XML document, 0 string \x3c?xml\x20version XML document,
>15 string x version: "%.3s" >15 string x version: "%.3s"
...@@ -57,13 +57,13 @@ ...@@ -57,13 +57,13 @@
>63 string x \b%s" >63 string x \b%s"
0 string begin\x20 uuencoded data, 0 string begin\x20 uuencoded data,
>9 byte !0x20 {invalid} format, >9 byte !0x20 {invalid}invalid format,
>6 byte <0x30 {invalid} permissions, >6 byte <0x30 {invalid}invalid permissions,
>6 byte >0x39 {invalid} permissions, >6 byte >0x39 {invalid}invalid permissions,
>7 byte <0x30 {invalid} permissions, >7 byte <0x30 {invalid}invalid permissions,
>7 byte >0x39 {invalid} permissions, >7 byte >0x39 {invalid}invalid permissions,
>8 byte <0x30 {invalid} permissions, >8 byte <0x30 {invalid}invalid permissions,
>8 byte >0x39 {invalid} permissions, >8 byte >0x39 {invalid}invalid permissions,
>10 string x file name: "%s", >10 string x file name: "%s",
>6 string x file permissions: "%.3s" >6 string x file permissions: "%.3s"
src/binwalk/magic/network
...@@ -79,8 +79,8 @@ ...@@ -79,8 +79,8 @@
>20 belong 161 (Private use 14 >20 belong 161 (Private use 14
>20 belong 162 (Private use 15 >20 belong 162 (Private use 15
>20 belong 163 (802.11 with AVS header >20 belong 163 (802.11 with AVS header
>20 belong >163 ({invalid} link layer >20 belong >163 {invalid}(invalid link layer
>20 belong <0 ({invalid} link layer >20 belong <0 {invalid}(invalid link layer
>16 belong x \b, snaplen: %d) >16 belong x \b, snaplen: %d)
0 lelong 0xa1b2c3d4 Libpcap capture file, little-endian, 0 lelong 0xa1b2c3d4 Libpcap capture file, little-endian,
...@@ -148,7 +148,7 @@ ...@@ -148,7 +148,7 @@
>20 lelong 161 (Private use 14 >20 lelong 161 (Private use 14
>20 lelong 162 (Private use 15 >20 lelong 162 (Private use 15
>20 lelong 163 (802.11 with AVS header >20 lelong 163 (802.11 with AVS header
>20 lelong >163 ({invalid} link layer >20 lelong >163 {invalid}(invalid link layer
>20 lelong <0 ({invalid} link layer >20 lelong <0 {invalid}(invalid link layer
>16 lelong x \b, snaplen: %d) >16 lelong x \b, snaplen: %d)
src/binwalk/magic/sql
...@@ -6,24 +6,24 @@ ...@@ -6,24 +6,24 @@
# Recognize some MySQL files. # Recognize some MySQL files.
# #
0 beshort 0xfe01 MySQL table definition file 0 beshort 0xfe01 MySQL table definition file
>2 string <1 {invalid} >2 ubyte <1 {invalid}
>2 string >\11 {invalid} >2 ubyte >11 {invalid}
>2 byte x Version %d >2 byte x Version %d
0 string \xfe\xfe\x03 MySQL MISAM index file 0 string \xfe\xfe\x03 MySQL MISAM index file
>3 string <1 {invalid} >3 ubyte <1 {invalid}
>3 string >\11 {invalid} >3 ubyte >11 {invalid}
>3 byte x Version %d >3 byte x Version %d
0 string \xfe\xfe\x07 MySQL MISAM compressed data file 0 string \xfe\xfe\x07 MySQL MISAM compressed data file
>3 string <1 {invalid} >3 ubyte <1 {invalid}
>3 string >\11 {invalid} >3 ubyte >11 {invalid}
>3 byte x Version %d >3 byte x Version %d
0 string \xfe\xfe\x05 MySQL ISAM index file 0 string \xfe\xfe\x05 MySQL ISAM index file
>3 string <1 {invalid} >3 ubyte <1 {invalid}
>3 string >\11 {invalid} >3 ubyte >11 {invalid}
>3 byte x Version %d >3 byte x Version %d
0 string \xfe\xfe\x06 MySQL ISAM compressed data file 0 string \xfe\xfe\x06 MySQL ISAM compressed data file
>3 string <1 {invalid} >3 ubyte <1 {invalid}
>3 string >\11 {invalid} >3 ubyte >11 {invalid}
>3 byte x Version %d >3 byte x Version %d
#0 string \376bin MySQL replication log #0 string \376bin MySQL replication log
...@@ -33,8 +33,9 @@ ...@@ -33,8 +33,9 @@
# As observed from iRivNavi.iDB and unencoded firmware # As observed from iRivNavi.iDB and unencoded firmware
# #
0 string iRivDB iRiver Database file 0 string iRivDB iRiver Database file
>11 string >\0 Version "%s" >11 byte !0
>39 string iHP-100 [H Series] >>11 string x Version "%s"
#>39 string iHP-100 [H Series]
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# SQLite database files # SQLite database files
...@@ -49,7 +50,7 @@ ...@@ -49,7 +50,7 @@
# Version 3 of SQLite allows applications to embed their own "user version" # Version 3 of SQLite allows applications to embed their own "user version"
# number in the database. Detect this and distinguish those files. # number in the database. Detect this and distinguish those files.
0 string SQLite\x20format\x203 0 string SQLite\x20format\x203 SQLite 3.x database,
>60 string _MTN Monotone source repository >60 string _MTN monotone source repository
>60 belong !0 SQLite 3.x database, user version %u >60 ubelong !0 \b, user version %u
>60 belong 0 SQLite 3.x database
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment