Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
B
binwalk
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-gitdep
binwalk
Commits
faed5bf8
Commit
faed5bf8
authored
Mar 20, 2015
by
devttys0
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update jffs2valid.py plugin to validate jffs2 node header CRCs
parent
f8f82eeb
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
24 additions
and
22 deletions
+24
-22
jffs2valid.py
src/binwalk/plugins/jffs2valid.py
+24
-22
No files found.
src/binwalk/plugins/jffs2valid.py
View file @
faed5bf8
import
struct
import
binascii
import
binwalk.core.plugin
import
binwalk.core.compat
from
binwalk.core.common
import
BlockFile
class
JFFS2ValidPlugin
(
binwalk
.
core
.
plugin
.
Plugin
):
'''
...
...
@@ -12,31 +12,33 @@ class JFFS2ValidPlugin(binwalk.core.plugin.Plugin):
'''
MODULES
=
[
'Signature'
]
MAX_DATA_SIZE
=
10240
def
_check_crc
(
self
,
node_header
):
# Get the header's reported CRC value
if
node_header
[
0
:
2
]
==
"
\x19\x85
"
:
header_crc
=
struct
.
unpack
(
">I"
,
node_header
[
8
:
12
])[
0
]
else
:
header_crc
=
struct
.
unpack
(
"<I"
,
node_header
[
8
:
12
])[
0
]
def
_validate
(
self
,
data
):
return
data
[
0
:
2
]
in
[
'
\x19\x85
'
,
'
\x85\x19
'
]
# Calculate the actual CRC
calculated_header_crc
=
(
binascii
.
crc32
(
node_header
[
0
:
8
],
-
1
)
^
-
1
)
&
0xffffffff
# Make sure they match
return
(
header_crc
==
calculated_header_crc
)
def
scan
(
self
,
result
):
if
result
.
file
and
result
.
description
.
lower
()
.
startswith
(
'jffs2 filesystem'
):
# Seek to and read the suspected JFFS2 data
fd
=
self
.
module
.
config
.
open_file
(
result
.
file
.
name
,
offset
=
result
.
offset
+
result
.
jump
,
length
=
self
.
MAX_DATA_SIZE
)
data
=
fd
.
read
(
self
.
MAX_DATA_SIZE
)
# Seek to and read the suspected JFFS2 node header
fd
=
self
.
module
.
config
.
open_file
(
result
.
file
.
name
,
offset
=
result
.
offset
)
# JFFS2 headers are only 12 bytes in size, but reading larger amounts of
# data from disk speeds up repeated disk access and decreases performance
# hits (disk caching?).
#
# TODO: Should this plugin validate the *entire* JFFS2 file system, rather
# than letting the signature module find every single JFFS2 node?
node_header
=
fd
.
read
(
1024
)
fd
.
close
()
# Skip any padding
i
=
0
while
i
<
self
.
MAX_DATA_SIZE
and
data
[
i
]
in
[
'
\xFF
'
,
'
\x00
'
]:
i
+=
1
# Did we get to the end of MAX_DATA_SIZE with nothing but padding? Assume valid.
if
i
==
self
.
MAX_DATA_SIZE
:
result
.
valid
=
True
# Else, explicitly check for the JFFS2 signature
else
:
try
:
result
.
valid
=
self
.
_validate
(
data
[
i
:
i
+
2
])
except
IndexError
:
result
.
valid
=
False
result
.
valid
=
self
.
_check_crc
(
node_header
[
0
:
12
])
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
