[python] support cromfs extraction

- add ELF
- add basic ROMFS
- small fixs

python/main.py

@@ -2,13 +2,18 @@ import argparse
 import os
 import io
 
+from pathlib import Path
+
 import matcher
 
 signatures = [
     matcher.Zip,
     matcher.Ambarella,
     matcher.SquashFS,
-    matcher.FlattenDeviceTree
+    matcher.RomFS,
+    matcher.CromFS,
+    matcher.FlattenDeviceTree,
+    matcher.ELF,
 ]
 
 def detect(args):
@@ -25,13 +30,22 @@ def detect(args):
         print("detected", filetype.name)
         for m in filetype.matches:
             print(">", m)
-            filetype.view(m)
+            filetype.view(m, None)
 
     return matches
 
 
 def extract(args):
-    pass
+    file = Path(args.file)
+    folder = file.parent / (file.name + "_extracted")
+    folder.mkdir(exist_ok=True)
+
+    matches = detect(args)
+    for filetype in matches:
+        print("detected", filetype.name)
+        for m in filetype.matches:
+            print(">", m)
+            filetype.view(m, folder)
 
 def main():
     parser = argparse.ArgumentParser(description='Program for detecting or extracting data.')
@@ -65,19 +79,8 @@ def main():
 
     if args.command == 'detect':
         detect(args)
-        # if args.isa:
-        #     # Perform ISA detection on the file
-        #     print('Performing ISA detection on:', args.file)
-        # else:
-        #     parser.print_help()
     elif args.command == 'extract':
         extract(args)
-        # if args.dry:
-        #     # Perform a dry run without extracting
-        #     print('Dry run extraction from:', args.file)
-        # else:
-        #     # Extract data from the file
-        #     print('Extracting data from:', args.file)
     else:
         parser.print_help()
 

python/matcher/__init__.py

@@ -11,3 +11,8 @@ from .flatten_device_tree import FlattenDeviceTree
 # file system formats
 from .squashfs import SquashFS
 from .ubifs import UbiFS
+from .romfs import RomFS
+from .cromfs import CromFS
+
+# common executable formats
+from .elf import ELF

python/matcher/cromfs.py

@@ -1,6 +1,10 @@
 import os
 import io
 
+from pathlib import Path
+
+import lzf
+
 from .matcher import SignatureMatcher, Match
 
 class CromFS(SignatureMatcher):
@@ -50,7 +54,19 @@ class CromFS(SignatureMatcher):
 
         return len(self.matches) != 0
 
-    def view(self, match):
+    def view(self, match, root_folder):
+        def extract(path, is_folder):
+            if root_folder is None:
+                return
+            p = root_folder / ('_' + hex(match.offset))
+            p.mkdir(exist_ok=True)
+            p = p / path
+            if is_folder:
+                p.mkdir(exist_ok=True)
+            else:
+                p.touch(exist_ok=True)
+                return open(p, 'wb')
+
         as_num = lambda x: int.from_bytes(x, 'little')
 
         root = match.data['root']
@@ -77,6 +93,31 @@ class CromFS(SignatureMatcher):
                 buffer.seek(old, os.SEEK_SET)
             return s.decode()
 
+        def read_file_contents(buffer, at=None, recover=False, file=None, total_size=0):
+            old = buffer.tell()
+            if at:
+                buffer.seek(at, os.SEEK_SET)
+
+            file_contents = b''
+            while total_size > 0:
+                magic = buffer.read(2)
+                typ = as_num(buffer.read(1))
+                if typ == 0:
+                    len = as_num(buffer.read(1)) << 8 | as_num(buffer.read(1))
+                    uncompress = buffer.read(len)
+                    file_contents += uncompress
+                    total_size -= len
+                if typ == 1:
+                    clen = as_num(buffer.read(1)) << 8 | as_num(buffer.read(1))
+                    ulen = as_num(buffer.read(1)) << 8 | as_num(buffer.read(1))
+                    compressed = buffer.read(clen)
+                    file_contents += lzf.decompress(compressed, ulen)
+                    total_size -= ulen
+            if file:
+                file.write(file_contents)
+            if recover:
+                buffer.seek(old, os.SEEK_SET)
+
         def read_nodes(buffer, current):
             mode = as_num(buffer.read(2))
             buffer.read(2)
@@ -89,23 +130,24 @@ class CromFS(SignatureMatcher):
             is_reg = lambda mode: mode & (8 << 12) != 0
             is_link = lambda mode: mode & (10 << 12) != 0
 
-            path = current + '/' + name
-            print(path)
+            path = current / name
 
             if is_link(mode):
                 pass
             if is_dir(mode):
+                extract(path, True)
                 # traverse the directory children
                 buffer.seek(extra, os.SEEK_SET)
-                read_nodes(buffer, current + '/' + name)
-            if is_reg(mode):
-                for block in range(extra):
-                    # decrypt each block
-                    pass
+                read_nodes(buffer, path)
+            if is_reg(mode) and name != '.' and name != '..':
+                f = extract(path, False)
+                read_file_contents(buffer, at=extra, recover=True, total_size=size, file=f)
+                if f:
+                    f.close()
 
             # traverse its peer
             if peer != 0:
                 buffer.seek(peer, os.SEEK_SET)
                 read_nodes(buffer, current)
 
-        read_nodes(region, '')
+        read_nodes(region, Path(''))

python/matcher/elf.py

@@ -0,0 +1,17 @@
+import io
+
+from .matcher import SignatureMatcher, Match
+
+class ELF(SignatureMatcher):
+    def __init__(self, file):
+        self.name = "ELF"
+        self.signature = b'\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00'
+        super().__init__(file)
+
+    def is_valid(self):
+        for match in self.search():
+            # walk back for the firmware section header
+            start = match
+            self.matches += [Match(start, 0)]
+
+        return len(self.matches) != 0

python/matcher/matcher.py

@@ -27,5 +27,5 @@ class SignatureMatcher:
     def is_valid(self):
         return False
 
-    def view(self, match):
+    def view(self, match, root_folder=None):
         pass

python/matcher/romfs.py

@@ -0,0 +1,38 @@
+import io
+
+from PyRomfsImage import *
+
+from .matcher import SignatureMatcher, Match
+
+class RomFS(SignatureMatcher):
+    """
+    RomFS a readonly file system
+    big-endian
+    https://www.kernel.org/doc/Documentation/filesystems/romfs.txt
+    """
+    def __init__(self, file):
+        self.name = "RomFS"
+        self.signature = b'-rom1fs-'
+        super().__init__(file)
+
+    def is_valid(self):
+        for match in self.search():
+            start = match
+            header = io.BytesIO(self.file[start:start+14])
+            magic = header.read(8)
+            fullsize = header.read(4)
+            checksum = header.read(4)
+            fullsize = int.from_bytes(fullsize, 'big')
+            self.matches += [Match(start, fullsize)]
+
+        return len(self.matches) != 0
+
+    def view(self, match, root_folder):
+        start = match.offset
+        length = match.length
+        raw = io.BytesIO(self.file[start:start+length])
+        rom = Romfs(raw)
+        root = rom.getRoot()
+        print(root.name)
+        for ch in root.children:
+            print(ch.name)

python/matcher/zip.py

@@ -29,9 +29,11 @@ class Zip(SignatureMatcher):
             file_name_length = header.read(2)
             extra_field_length = header.read(2)
 
-            file_name_length = int.from_bytes(file_name_length, 'little')
-            extra_field_length = int.from_bytes(extra_field_length, 'little')
-            compressed_size = int.from_bytes(compressed_size, 'little')
+            as_num = lambda x: int.from_bytes(x, 'little')
+
+            file_name_length = as_num(file_name_length)
+            extra_field_length = as_num(extra_field_length)
+            compressed_size = as_num(compressed_size)
 
             header_size = 4*4 + 2*7
             data = {