Improved false-positive prone signatures, fixed python3 bug

fd62df46 · devttys0 · f1d60527 · fd62df46 · fd62df46 · fd62df46
Commit fd62df46 authored Jan 22, 2014 by devttys0
6 changed files
--- a/src/binwalk/core/parser.py
+++ b/src/binwalk/core/parser.py
@@ -168,7 +168,8 @@ class MagicParser(object):
        line_count = 0

        try:
-            for line in open(file_name, 'r').readlines():
+            for line in open(file_name, 'rb').readlines():
+                line = bytes2str(line)
                line_count += 1

                # Check if this is the first line of a signature entry

--- a/src/binwalk/core/plugin.py
+++ b/src/binwalk/core/plugin.py
@@ -117,7 +117,10 @@ class Plugins(object):
    def _call_plugins(self, callback_list, arg):
        for callback in callback_list:
            try:
+                if arg:
                    callback(arg)
+                else:
+                    callback()
            except KeyboardInterrupt as e:
                raise e
            except Exception as e:
@@ -231,10 +234,10 @@ class Plugins(object):
                sys.stderr.write("WARNING: Failed to load plugin module '%s': %s\n" % (module, str(e)))

    def pre_scan_callbacks(self, obj):
-        return self._call_plugins(self.pre_scan, obj)
+        return self._call_plugins(self.pre_scan, None)

    def post_scan_callbacks(self, obj):
-        return self._call_plugins(self.post_scan, obj)
+        return self._call_plugins(self.post_scan, None)

    def scan_callbacks(self, obj):
        return self._call_plugins(self.scan, obj)

--- a/src/binwalk/magic/binwalk
+++ b/src/binwalk/magic/binwalk
--- a/src/binwalk/modules/hexdiff.py
+++ b/src/binwalk/modules/hexdiff.py
@@ -84,37 +84,6 @@ class HexDiff(Module):
            return True
        return False

-    def _print_block_hex(self, alt_text="*"):
-        if self._color_filter(self.block_hex):
-            desc = self.block_hex
-            self.printed_alt_text = False
-        elif not self.printed_alt_text:
-            desc = "%s" % alt_text
-            self.printed_alt_text = True
-
-        self.result(description=desc)
-        self.block_hex = ""
-        return True
-
-    def _build_block(self, c, highlight=None):
-        if highlight == self.ALL_DIFF:
-            self.block_hex += self.colorize(c, color="red")
-        elif highlight == self.ALL_SAME:
-            self.block_hex += self.colorize(c, color="green")
-        elif highlight == self.SOME_DIFF:
-            self.block_hex += self.colorize(c, color="blue")
-        else:
-            self.block_hex += c
-
-    def _build_header(self, files, block_size):
-        header = "OFFSET" + (" " * 6) + files[0].name
-
-        for i in range(1, len(files)):
-            header += " " * ((block_size * 3) + 2 + block_size + 8 - len(files[i-1].name))
-            header += files[i].name
-
-        return header
-
    def init(self):
        block = self.config.block
        if not block:
@@ -134,123 +103,6 @@ class HexDiff(Module):
            self.colorize = self._no_colorize

    def run(self):
-        i = 0
-        total = 0
-        data = {}
-        delim = '/'
-
-        self.block_hex = ""
-        self.printed_alt_text = False
-        
-        offset = self.config.offset
-        size = self.config.length
-        block = self.config.block
-
-        self.header()
-
-        if not block:
-            block = self.DEFAULT_BLOCK_SIZE
-
-        # If negative offset, then we're going that far back from the end of the file
-        if offset < 0:
-            size = offset * -1
-
-        #if common.BlockFile.READ_BLOCK_SIZE < block:
-        #    read_block_size = block
-        #else:
-        #    read_block_size = common.BlockFile.READ_BLOCK_SIZE
-        read_block_size = common.BlockFile.DEFAULT_BLOCK_READ_SIZE
-
-        # BlockFile handles calculation of negative offsets, if one was specified
-        offset = self.config.target_files[0].offset
-        size = self.config.target_files[0].length
-
-        while total < size:
-            i = 0
-            files_finished = 0
-
-            for fp in self.config.target_files:
-                (ddata, dlen) = fp.read_block()
-                data[fp.name] = ddata
-                if not ddata or dlen == 0:
-                    files_finished += 1
-            
-            if files_finished == len(self.config.target_files):
-                break
-            
-            while i < read_block_size and (total+i) < size:
-                diff_same = {}
-                alt_text = "*" + " " * 8
-
-                self._build_block("%.08X    " % (total + i + offset))
-
-                # For each byte in this block, is the byte the same in all files, the same in some files, or different in all files?
-                for j in range(0, block):
-                    byte_list = []
-
-                    try:
-                        c = data[self.config.target_files[0].name][j+i]
-                    except:
-                        c = None
-
-                    for f in self.config.target_files:
-                        try:
-                            c = data[f.name][j+i]
-                        except Exception as e:
-                            c = None
-
-                        if c not in byte_list:
-                            byte_list.append(c)
-
-                    if len(byte_list) == 1:
-                        diff_same[j] = self.ALL_SAME
-                    elif len(byte_list) == len(self.config.target_files):
-                        diff_same[j] = self.ALL_DIFF
-                    else:
-                        diff_same[j] = self.SOME_DIFF
-
-                for index in range(0, len(self.config.target_files)):
-                    if self.terse and index > 0:
-                        break
-            
-                    f = self.config.target_files[index]
-
-                    alt_text += " " * (3 + (3 * block) + 3 + block + 3)
-                    alt_text += delim
-
-                    for j in range(0, block):
-                        try:
-                            self._build_block("%.2X " % ord(data[f.name][j+i]), highlight=diff_same[j])
-                        except KeyboardInterrupt as e:
-                            raise e
-                        except Exception as e:
-                            self._build_block("   ")
-
-                        if (j+1) == block:
-                            self._build_block(" |")
-                            for k in range(0, block):
-                                try:
-                                    if data[f.name][k+i] in string.printable and data[f.name][k+i] not in string.whitespace:
-                                        self._build_block(data[f.name][k+i], highlight=diff_same[k])
-                                    else:
-                                        self._build_block('.', highlight=diff_same[k])
-                                except:
-                                    self._build_block(' ')
-
-                            if index == len(self.config.target_files)-1 or (self.terse and index == 0):
-                                self._build_block("|")
-                            else:
-                                self._build_block('|   %s   ' % delim)
-
-                if self._print_block_hex(alt_text=alt_text[:-1].strip()):
-                    if delim == '\\':
-                        delim = '/'
-                    else:
-                        delim = '\\'
-
-                i += block
-            total += read_block_size
        
-        self.footer()        
        return True

--- a/src/magic/filesystems
+++ b/src/magic/filesystems
@@ -572,8 +572,13 @@
 # Simple file system found in Foscam camera firmware
 0       beshort 0xbd9a  Foscam WebUI filesystem,
 >2      leshort x       checksum: 0x%X,
->16 lelong  <1      invalid first file name length,
+>16     lelong  <3      invalid first file name length,
+>16     lelong  >127    invalid first file name length,
 >20     byte    0       invalid first file name,
+>20     byte    !0x2E
+>>20    byte    !0x2F
+>>>20   byte    <65     invalid first file name,
+>>>20   byte    >122    invalid first file name,
 >20     byte    x       first file name: {raw-replace}
 >16     lelong  x       {raw-string-length:%d}
 >20     string  x       {raw-string:%s}

--- a/src/magic/firmware
+++ b/src/magic/firmware
@@ -419,15 +419,25 @@
 >8	lelong		x		size: %d

 0	belong		0x4D544443	NSP firmware header, big endian,
+>16 belong      <1      invalid
 >16	belong		x		header size: %d,
+>20 belong      <1      invalid
 >20	belong		x		image size: %d,
+>20 belong      x       {file-size:%d}
+>4  belong      <1      invalid
 >4	belong		x		kernel offset: %d,
+>12 belong      <1      invalid
 >12	belong		x		header version: %d,

 0	lelong		0x4D544443	NSP firmware header, little endian,
+>16 lelong      <1      invalid
 >16	lelong		x		header size: %d,
+>20 lelong      <1      invalid
 >20	lelong		x		image size: %d,
+>20 lelong      x       {file-size:%d}
+>4  lelong      <1      invalid
 >4	lelong		x		kernel offset: %d,
+>12 lelong      <1      invalid
 >12	lelong		x		header version: %d,

 # http://www.openwiz.org/wiki/Firmware_Layout#Beyonwiz_.wrp_header_structure