Skip to content

B
binwalk
Commit 62e9caa1 by Craig Heffner
Options

Improved MPFS and CramFS false positive detection

parent 3e7893b9
Showing with 24 additions and 13 deletions
src/binwalk/magic/filesystems
...@@ -73,7 +73,10 @@ ...@@ -73,7 +73,10 @@
# MPFS file system # MPFS file system
0 string MPFS MPFS filesystem, Microchop, 0 string MPFS MPFS filesystem, Microchop,
>4 byte <0 {invalid} >4 byte <0 {invalid}
>4 byte >10 {invalid}
>5 byte <0 {invalid} >5 byte <0 {invalid}
>4 byte 0
>>5 byte 0 {invalid}
>4 byte x version %d. >4 byte x version %d.
>5 byte x \b%d, >5 byte x \b%d,
>6 leshort <0 {invalid} >6 leshort <0 {invalid}
...@@ -81,33 +84,35 @@ ...@@ -81,33 +84,35 @@
# cramfs filesystem - russell@coker.com.au # cramfs filesystem - russell@coker.com.au
0 lelong 0x28cd3d45 CramFS filesystem, little endian, 0 lelong 0x28cd3d45 CramFS filesystem, little endian,
>4 lelong <0 invalid size,{invalid} >4 lelong <1 invalid size,{invalid}
>4 lelong >1073741824 invalid size,{invalid} >4 lelong >1073741824 invalid size,{invalid}
>4 ulelong x size: %u >4 ulelong x size: %u,
>8 lelong &1 version 2 >8 lelong &1 version 2,
>8 lelong &2 sorted_dirs >8 lelong &2 sorted_dirs,
>8 lelong &4 hole_support >8 lelong &4 hole_support,
>32 ulelong 0 invalid{invalid}
>32 ulelong x CRC 0x%.8X, >32 ulelong x CRC 0x%.8X,
>36 ulelong x edition %u, >36 ulelong x edition %u,
>40 lelong <0 invalid blocks,{invalid} >40 lelong <0 invalid blocks,{invalid}
>40 ulelong x %u blocks, >40 ulelong x %u blocks,
>44 lelong <0 invalid file count,{invalid} >44 lelong <1 invalid file count,{invalid}
>44 ulelong x %u files >44 ulelong x %u files
>4 ulelong x {jump:%u} >4 ulelong x {jump:%u}
>4 ulelong x {size:%u} >4 ulelong x {size:%u}
0 belong 0x28cd3d45 CramFS filesystem, big endian 0 belong 0x28cd3d45 CramFS filesystem, big endian
>4 belong <0 {invalid} >4 belong <1 {invalid}
>4 belong >1073741824 {invalid} >4 belong >1073741824 {invalid}
>4 belong x size %u >4 belong x size %u,
>8 belong &1 version 2 >8 belong &1 version 2,
>8 belong &2 sorted_dirs >8 belong &2 sorted_dirs,
>8 belong &4 hole_support >8 belong &4 hole_support,
>32 ubelong 0 invalid{invalid}
>32 ubelong x CRC 0x%.8X, >32 ubelong x CRC 0x%.8X,
>36 belong x edition %u, >36 belong x edition %u,
>40 belong <0 {invalid} >40 belong <0 invalid blocks,{invalid}
>40 ubelong x %u blocks, >40 ubelong x %u blocks,
>44 belong <0 {invalid} >44 belong <1 invalid file count,{invalid}
>44 ubelong x %u files >44 ubelong x %u files
>4 ubelong x {jump:%u} >4 ubelong x {jump:%u}
>4 ubelong x {size:%u} >4 ubelong x {size:%u}
......
src/binwalk/modules/extractor.py
...@@ -82,6 +82,11 @@ class Extractor(Module): ...@@ -82,6 +82,11 @@ class Extractor(Module):
type=int, type=int,
kwargs={'max_count': 0}, kwargs={'max_count': 0},
description='Limit the number of extracted files'), description='Limit the number of extracted files'),
#Option(short='u',
# long='limit',
# type=int,
# kwargs={'recursive_max_size': 0},
# description="Limit the total size of all extracted files"),
Option(short='r', Option(short='r',
long='rm', long='rm',
kwargs={'remove_after_execute': True}, kwargs={'remove_after_execute': True},
...@@ -94,6 +99,7 @@ class Extractor(Module): ...@@ -94,6 +99,7 @@ class Extractor(Module):
KWARGS = [ KWARGS = [
Kwarg(name='max_size', default=None), Kwarg(name='max_size', default=None),
Kwarg(name='recursive_max_size', default=None),
Kwarg(name='max_count', default=None), Kwarg(name='max_count', default=None),
Kwarg(name='base_directory', default=None), Kwarg(name='base_directory', default=None),
Kwarg(name='remove_after_execute', default=False), Kwarg(name='remove_after_execute', default=False),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment