nganhkhoa/binworm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

code factoring

Browse Source
This commit is contained in:
nganhkhoa 2021-08-27 09:39:14 +00:00
parent 365bcca6ba
commit 1b3fd8b104
3 changed files with 201 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
Cargo.lock generated
View File

@ -3,13 +3,10 @@
version = 3 version = 3
[[package]] [[package]]
name = "asn1" name = "arrayvec"
version = "0.6.1" version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9c13a3c9cd71e1799fc16511efe36d0281b60bce3b32b4b211156a7b1925bfd" checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
dependencies = [
"chrono",
]
[[package]] [[package]]
name = "autocfg" name = "autocfg"
@ -21,12 +18,30 @@ checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
name = "binworm" name = "binworm"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"asn1",
"byteorder", "byteorder",
"der-parser",
"memmap2", "memmap2",
"osx", "osx",
] ]
[[package]]
name = "bitflags"
version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitvec"
version = "0.19.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321"
dependencies = [
"funty",
"radium",
"tap",
"wyz",
]
[[package]] [[package]]
name = "byteorder" name = "byteorder"
version = "1.4.3" version = "1.4.3"
@ -34,13 +49,52 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
[[package]] [[package]]
name = "chrono" name = "cfg-if"
version = "0.4.19" version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "670ad68c9088c2a963aaa298cb369688cf3f9465ce5e2d4ca10e6e0098a1ce73" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "der-oid-macro"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a4cccf60bb98c0fca115a581f894aed0e43fa55bf289fdac5599bec440bb4fd6"
dependencies = [ dependencies = [
"num-integer", "nom",
"num-bigint",
"num-traits", "num-traits",
"syn",
]
[[package]]
name = "der-parser"
version = "5.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d7ededb7525bb4114bc209685ce7894edc2965f4914312a1ea578a645a237f0"
dependencies = [
"der-oid-macro",
"nom",
"num-traits",
"rusticata-macros",
]
[[package]]
name = "funty"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
[[package]]
name = "lexical-core"
version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe"
dependencies = [
"arrayvec",
"bitflags",
"cfg-if",
"ryu",
"static_assertions",
] ]
[[package]] [[package]]
@ -49,6 +103,12 @@ version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1fa8cddc8fbbee11227ef194b5317ed014b8acbf15139bd716a18ad3fe99ec5" checksum = "a1fa8cddc8fbbee11227ef194b5317ed014b8acbf15139bd716a18ad3fe99ec5"
[[package]]
name = "memchr"
version = "2.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
[[package]] [[package]]
name = "memmap2" name = "memmap2"
version = "0.3.1" version = "0.3.1"
@ -58,6 +118,30 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "nom"
version = "6.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c5c51b9083a3c620fa67a2a635d1ce7d95b897e957d6b28ff9a5da960a103a6"
dependencies = [
"bitvec",
"funty",
"lexical-core",
"memchr",
"version_check",
]
[[package]]
name = "num-bigint"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4e0d047c1062aa51e256408c560894e5251f08925980e53cf1aa5bd00eec6512"
dependencies = [
"autocfg",
"num-integer",
"num-traits",
]
[[package]] [[package]]
name = "num-integer" name = "num-integer"
version = "0.1.44" version = "0.1.44"
@ -83,3 +167,83 @@ version = "0.1.0"
dependencies = [ dependencies = [
"byteorder", "byteorder",
] ]
[[package]]
name = "proc-macro2"
version = "1.0.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c7ed8b8c7b886ea3ed7dde405212185f423ab44682667c8c6dd14aa1d9f6612"
dependencies = [
"unicode-xid",
]
[[package]]
name = "quote"
version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7"
dependencies = [
"proc-macro2",
]
[[package]]
name = "radium"
version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
[[package]]
name = "rusticata-macros"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbbee512c633ecabd4481c40111b6ded03ddd9ab10ba6caa5a74e14c889921ad"
dependencies = [
"nom",
]
[[package]]
name = "ryu"
version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e"
[[package]]
name = "static_assertions"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
[[package]]
name = "syn"
version = "1.0.75"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7f58f7e8eaa0009c5fec437aabf511bd9933e4b2d7407bd05273c01a8906ea7"
dependencies = [
"proc-macro2",
"quote",
"unicode-xid",
]
[[package]]
name = "tap"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
[[package]]
name = "unicode-xid"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"
[[package]]
name = "version_check"
version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
[[package]]
name = "wyz"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"

2
Cargo.toml
View File

@ -9,5 +9,5 @@ members = ["osx"]
[dependencies] [dependencies]
memmap2 = "0.3.1" memmap2 = "0.3.1"
byteorder = "1.4.3" byteorder = "1.4.3"
asn1 = { version = "0.6", default-features = false } der-parser = "5.1.2"
osx = { path = "./osx" } osx = { path = "./osx" }

50
src/main.rs
View File

@ -1,4 +1,4 @@
use std::io::{Cursor, Read, Write, Seek, SeekFrom}; use std::io::{Cursor, Read, Seek, SeekFrom};
use std::fs::File; use std::fs::File;
use std::error::Error; use std::error::Error;
use std::env; use std::env;
@ -9,12 +9,13 @@ use der_parser::ber::{parse_ber_sequence, BerObjectContent};
use osx::{Macho}; use osx::{Macho};
fn parse_pkcs7_signed_data(data: &[u8]) -> Result<Vec<String>, Box<dyn Error>> { fn collect_subject_key_ids(signature_blob: &[u8]) -> Result<Vec<&[u8]>, Box<dyn Error>> {
let (_, root) = parse_ber_sequence(data)?; let (_, root) = parse_ber_sequence(signature_blob)?;
let root = root.content.as_sequence()?; let root = root.content.as_sequence()?;
let oid = root[0].content.as_oid()?; let oid = root[0].as_oid()?.to_id_string();
if oid != "1.2.840.113549.1.7.2" { // signed data
// assert oid SignedData return Err("signature is not signed data")?;
}
let signed_data = { let signed_data = {
if let BerObjectContent::Unknown(_, rest) = root[1].content { if let BerObjectContent::Unknown(_, rest) = root[1].content {
@ -23,11 +24,11 @@ fn parse_pkcs7_signed_data(data: &[u8]) -> Result<Vec<String>, Box<dyn Error>> {
None None
} }
} }
.and_then(|x| parse_ber_sequence(x).ok()) .and_then(|x| parse_ber_sequence(x).map(|x| x.1).ok())
.map(|(_, x)| x) .ok_or("cannot parse nested signed data")?;
.ok_or("cannot parse nested signed data")?; let signed_data = signed_data
let signed_data = signed_data.content.as_sequence()?; .content
// println!("signed data {:?}", signed_data); .as_sequence()?;
let certificates = { let certificates = {
if let BerObjectContent::Unknown(_, rest) = signed_data[3].content { if let BerObjectContent::Unknown(_, rest) = signed_data[3].content {
@ -35,7 +36,8 @@ fn parse_pkcs7_signed_data(data: &[u8]) -> Result<Vec<String>, Box<dyn Error>> {
} else { } else {
None None
} }
}.ok_or("cannot get certificate list")?; }
.ok_or("cannot get certificate list")?;
let (rest, cert1) = parse_ber_sequence(certificates)?; let (rest, cert1) = parse_ber_sequence(certificates)?;
let (rest, cert2) = parse_ber_sequence(rest)?; let (rest, cert2) = parse_ber_sequence(rest)?;
let (_, cert3) = parse_ber_sequence(rest)?; let (_, cert3) = parse_ber_sequence(rest)?;
@ -56,8 +58,7 @@ fn parse_pkcs7_signed_data(data: &[u8]) -> Result<Vec<String>, Box<dyn Error>> {
} else { } else {
None None
} }
.and_then(|x| parse_ber_sequence(x).ok()) .and_then(|x| parse_ber_sequence(x).map(|x| x.1).ok())
.map(|(_, x)| x)
.and_then(|extention_list| { .and_then(|extention_list| {
extention_list extention_list
.content .content
@ -73,15 +74,11 @@ fn parse_pkcs7_signed_data(data: &[u8]) -> Result<Vec<String>, Box<dyn Error>> {
content[1] content[1]
.as_slice() .as_slice()
.ok() .ok()
.map(|arr| arr[2..] .map(|arr| &arr[2..])
.iter()
.map(|x| format!("{:02x}", x))
.collect::<Vec<String>>()
.concat())
}) })
}) })
}) })
.collect::<Vec<String>>(); .collect::<Vec<&[u8]>>();
Ok(subject_key_ids) Ok(subject_key_ids)
} }
@ -107,7 +104,7 @@ fn main() -> Result<(), Box<dyn Error>> {
codedata codedata
}; };
let mut sig = { let signature_blob = {
let mut file = Cursor::new(codedata); let mut file = Cursor::new(codedata);
let magic = file.read_u32::<BigEndian>()?; let magic = file.read_u32::<BigEndian>()?;
@ -140,11 +137,14 @@ fn main() -> Result<(), Box<dyn Error>> {
.ok_or("Cannot parse signature")? .ok_or("Cannot parse signature")?
}; };
// let mut sigfile = File::create("signature.p7b")?; let apple_root_ca = [43, 208, 105, 71, 148, 118, 9, 254, 244, 107, 141, 46, 64, 166, 247, 71, 77, 127, 8, 94];
// sigfile.write_all(&sig)?;
let subject_key_ids = parse_pkcs7_signed_data(&sig)?; let subject_key_ids = collect_subject_key_ids(&signature_blob)?;
println!("{:?}", subject_key_ids); subject_key_ids
.iter()
.for_each(|key_id| {
println!("{:?}", &key_id);
});
Ok(()) Ok(())
} }