Re-implemented the -R feature

6bc02d6e · devttys0 · b8d6b8d9 · 6bc02d6e · 6bc02d6e
Commit 6bc02d6e authored Nov 07, 2014 by devttys0
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 19 deletions

magic.py src/binwalk/core/magic.py +17 -13

signature.py src/binwalk/modules/signature.py +6 -6

No files found.
--- a/src/binwalk/core/magic.py
+++ b/src/binwalk/core/magic.py
+__all__ = ['Magic']
+
 import re
 import struct
 import datetime
@@ -222,7 +224,7 @@ class Magic(object):
        self.bspace = re.compile(".\\\\b")
        self.printable = re.compile("[ -~]*")

-    def filtered(self, text):
+    def _filtered(self, text):
        filtered = None
        text = text.lower()

@@ -244,7 +246,7 @@ class Magic(object):

        return filtered

-    def do_math(self, offset, expression):
+    def _do_math(self, offset, expression):
        # (4.l+12)
        if '.' in expression:
            (o, t) = expression.split('.', 1)
@@ -273,7 +275,7 @@ class Magic(object):
        #print ("Converted offset '%s' to '%s'" % (expression, v))
        return binwalk.core.common.MathExpression(v).value

-    def parse(self, signature, offset):
+    def _analyze(self, signature, offset):
        description = []
        tag_strlen = None
        max_line_level = 0
@@ -284,7 +286,7 @@ class Magic(object):
                if isinstance(line.offset, int):
                    line_offset = line.offset
                else:
-                    line_offset = self.do_math(offset, line.offset)
+                    line_offset = self._do_math(offset, line.offset)

                start = offset + line_offset
                end = start + line.size
@@ -308,7 +310,7 @@ class Magic(object):
                    if isinstance(line.opvalue, int):
                        opval = line.opvalue
                    else:
-                        opval = self.do_math(offset, line.opvalue)
+                        opval = self._do_math(offset, line.opvalue)

                    if line.operator == '&':
                        dvalue &= opval
@@ -396,7 +398,7 @@ class Magic(object):
            for match in signature.regex.finditer(self.data):
                offset = match.start() - signature.offset
                if (offset not in matched_offsets or self.show_invalid) and offset >= 0 and offset <= dlen:
-                    tags = self.parse(signature, offset)
+                    tags = self._analyze(signature, offset)
                    if not tags['invalid'] or self.show_invalid:
                        results.append(SignatureResult(**tags))
                        matched_offsets.add(offset)
@@ -412,17 +414,21 @@ class Magic(object):

        Returns None.
        '''
-        signature = None
-
        fp = open(fname, "r")
+        lines = fp.readlines()
+        self.parse(lines)
+        fp.close()

-        for line in fp.readlines():
+    def parse(self, lines):
+        signature = None
+
+        for line in lines:
            line = line.split('#')[0].strip()
            if line:
                sigline = SignatureLine(line)
                if sigline.level == 0:
                    if signature:
-                        if not self.filtered(signature.title):
+                        if not self._filtered(signature.title):
                            self.signatures.append(signature)
                    signature = Signature(len(self.signatures), sigline)
                elif signature:
@@ -431,10 +437,8 @@ class Magic(object):
                    raise ParserException("Invalid signature line: '%s'" % line)

        if signature:
-            if not self.filtered(signature.lines[0].format):
+            if not self._filtered(signature.lines[0].format):
                self.signatures.append(signature)

-        fp.close()
-
        self.signatures.sort(key=lambda x: x.confidence, reverse=True)

--- a/src/binwalk/modules/signature.py
+++ b/src/binwalk/modules/signature.py
@@ -70,11 +70,6 @@ class Signature(Module):
    def init(self):
        self.one_of_many = None

-        # If a raw byte sequence was specified, build a magic file from that instead of using the default magic files
-        # TODO: re-implement this
-        #if self.raw_bytes is not None:
-        #    self.magic_files = [self.parser.file_from_string(self.raw_bytes)]
-
        # Append the user's magic file first so that those signatures take precedence
        if self.search_for_opcodes:
            self.magic_files = [
@@ -83,7 +78,7 @@ class Signature(Module):
            ]

        # Use the system default magic file if no other was specified, or if -B was explicitly specified
-        if (not self.magic_files) or self.explicit_signature_scan:
+        if (not self.magic_files and not self.raw_bytes) or self.explicit_signature_scan:
            self.magic_files += self.config.settings.user.magic + self.config.settings.system.magic

        # Initialize libmagic
@@ -91,6 +86,11 @@ class Signature(Module):
                                              exclude=self.exclude_filters,
                                              invalid=self.show_invalid)

+        # Create a signature from the raw bytes, if any
+        if self.raw_bytes:
+            binwalk.core.common.debug("Generating signature for raw byte sequence: '%s'" % self.raw_bytes)
+            self.magic.parse(["0    string    %s    Raw signature" % self.raw_bytes])
+
        # Parse the magic file(s)
        binwalk.core.common.debug("Loading magic files: %s" % str(self.magic_files))
        for f in self.magic_files: