python/main.py

@@ -8,10 +8,7 @@ signatures = [
     matcher.Zip,
     matcher.Ambarella,
     matcher.SquashFS,
-    matcher.RomFS,
+    matcher.FlattenDeviceTree
-    matcher.CromFS,
-    matcher.FlattenDeviceTree,
-    matcher.ELF,
 ]
 
 def detect(args):
@@ -28,7 +25,6 @@ def detect(args):
         print("detected", filetype.name)
         for m in filetype.matches:
             print(">", m)
-            filetype.view(m)
 
     return matches
 

python/matcher/__init__.py

@@ -11,8 +11,3 @@ from .flatten_device_tree import FlattenDeviceTree
 # file system formats
 from .squashfs import SquashFS
 from .ubifs import UbiFS
-from .romfs import RomFS
-from .cromfs import CromFS
-
-# common executable formats
-from .elf import ELF

python/matcher/cromfs.py

@@ -1,111 +0,0 @@
-import os
-import io
-
-from .matcher import SignatureMatcher, Match
-
-class CromFS(SignatureMatcher):
-    """
-    CromFS a readonly file system
-    little-endian
-    https://github.com/deadsy/nuttx/blob/master/tools/gencromfs.c
-    this should be more correct?
-    https://gitea.hedron.io/pixy2040/nuttx/src/branch/master/tools/gencromfs.c
-
-    this CromFS might be a little bit different from the CROMFS here
-    https://bisqwit.iki.fi/src/cromfs-format.txt
-    this ^ has the signature CROMFS03 and probably CROMFS02 for v2
-    this ^ is big-endian
-    """
-    def __init__(self, file):
-        self.name = "CromFS"
-        self.signature = b'CROM'
-        super().__init__(file)
-
-    def is_valid(self):
-        for match in self.search():
-            start = match
-            header = io.BytesIO(self.file[start:start+20])
-            magic = header.read(4)
-            nnodes = header.read(2)
-            nblocks = header.read(2)
-            root = header.read(4)
-            fsize = header.read(4)
-            bsize = header.read(4)
-
-            as_num = lambda x: int.from_bytes(x, 'little')
-            nnodes = as_num(nnodes)
-            nblocks = as_num(nblocks)
-            root = as_num(root)
-            fsize = as_num(fsize)
-            bsize = as_num(bsize)
-            if root != 20:
-                continue
-            data = {
-                'nnodes': nnodes,
-                'nblocks': nblocks,
-                'root': root,
-                'bsize': bsize,
-            }
-            self.matches += [Match(start, fsize, data)]
-
-        return len(self.matches) != 0
-
-    def view(self, match):
-        as_num = lambda x: int.from_bytes(x, 'little')
-
-        root = match.data['root']
-        bsize = match.data['bsize']
-        nblocks = match.data['nblocks']
-        nnodes = match.data['nnodes']
-
-        region = io.BytesIO(self.file[match.offset : match.offset + match.length])
-        region.seek(root, os.SEEK_SET)
-
-        def read_str_at(buffer, at=None, recover=False):
-            if at == 0 or at is None:
-                return ''
-            s = b''
-            old = buffer.tell()
-            if at:
-                buffer.seek(at, os.SEEK_SET)
-            while True:
-                c = buffer.read(1)
-                if c == b'\x00':
-                    break
-                s += c
-            if recover:
-                buffer.seek(old, os.SEEK_SET)
-            return s.decode()
-
-        def read_nodes(buffer, current):
-            mode = as_num(buffer.read(2))
-            buffer.read(2)
-            name_offset = as_num(buffer.read(4))
-            size = as_num(buffer.read(4))
-            peer = as_num(buffer.read(4))
-            extra = as_num(buffer.read(4))
-            name = read_str_at(buffer, at=name_offset, recover=True)
-            is_dir = lambda mode: mode & (4 << 12) != 0
-            is_reg = lambda mode: mode & (8 << 12) != 0
-            is_link = lambda mode: mode & (10 << 12) != 0
-
-            path = current + '/' + name
-            print(path)
-
-            if is_link(mode):
-                pass
-            if is_dir(mode):
-                # traverse the directory children
-                buffer.seek(extra, os.SEEK_SET)
-                read_nodes(buffer, current + '/' + name)
-            if is_reg(mode):
-                for block in range(extra):
-                    # decrypt each block
-                    pass
-
-            # traverse its peer
-            if peer != 0:
-                buffer.seek(peer, os.SEEK_SET)
-                read_nodes(buffer, current)
-
-        read_nodes(region, '')

python/matcher/elf.py

@@ -1,17 +0,0 @@
-import io
-
-from .matcher import SignatureMatcher, Match
-
-class ELF(SignatureMatcher):
-    def __init__(self, file):
-        self.name = "ELF"
-        self.signature = b'\x7f\x45\x4c\x46\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00'
-        super().__init__(file)
-
-    def is_valid(self):
-        for match in self.search():
-            # walk back for the firmware section header
-            start = match
-            self.matches += [Match(start, 0)]
-
-        return len(self.matches) != 0

python/matcher/flatten_device_tree.py

@@ -1,23 +1,7 @@
-import os
 import io
-
-from pyfdt.pyfdt import FdtBlobParse
-
 from .matcher import SignatureMatcher, Match
 
 class FlattenDeviceTree(SignatureMatcher):
-    """
-    https://devicetree-specification.readthedocs.io/en/stable/flattened-format.html
-
-    header
-    -> space
-    -> memory reservation block
-    -> space
-    -> structure block
-    -> space
-    -> strings block
-    -> space
-    """
     def __init__(self, file):
         self.name = "Flatten Device Tree"
         self.signature = b'\xd0\x0d\xfe\xed'
@@ -25,9 +9,6 @@ class FlattenDeviceTree(SignatureMatcher):
 
     def is_valid(self):
         for match in self.search():
-            """
-            All the header fields ... stored in big-endian format
-            """
             start = match
             header = io.BytesIO(self.file[start:start+4*10])
             magic = header.read(4)
@@ -41,32 +22,7 @@ class FlattenDeviceTree(SignatureMatcher):
             size_dt_strings = header.read(4)
             size_dt_struct = header.read(4)
 
-            as_num = lambda f: int.from_bytes(f, 'big')
+            totalsize = int.from_bytes(totalsize, 'little')
-            totalsize = as_num(totalsize)
+            self.matches += [Match(start, totalsize)]
-            data = {
-                'off_dt_struct': as_num(off_dt_struct),
-                'off_dt_strings': as_num(off_dt_strings),
-                'off_mem_rsvmap': as_num(off_mem_rsvmap),
-                'version': as_num(version),
-                'last_comp_version': as_num(last_comp_version),
-                'boot_cpuid_phys': as_num(boot_cpuid_phys),
-                'size_dt_strings': as_num(size_dt_strings),
-                'size_dt_struct': as_num(size_dt_struct),
-            }
-            self.matches += [Match(start, totalsize, data)]
 
         return len(self.matches) != 0
-
-    def view(self, match):
-        as_num = lambda n: int.from_bytes(n, 'big')
-        data = match.data
-        region = io.BytesIO(self.file[match.offset : match.offset + match.length])
-
-        dtb = FdtBlobParse(region)
-        s = dtb.to_fdt()
-
-        for name, node in s.rootnode.walk():
-            print(name)
-            if "kernel" in name:
-                if len(list(filter(lambda f: f in name, ["arch", "os", "description"]))) != 0:
-                    print("> ", node)

python/matcher/matcher.py

@@ -26,6 +26,3 @@ class SignatureMatcher:
 
     def is_valid(self):
         return False
-
-    def view(self, match):
-        pass

python/matcher/romfs.py

@@ -1,39 +0,0 @@
-import io
-
-from PyRomfsImage import *
-
-from .matcher import SignatureMatcher, Match
-
-class RomFS(SignatureMatcher):
-    """
-    RomFS a readonly file system
-    big-endian
-    https://www.kernel.org/doc/Documentation/filesystems/romfs.txt
-    """
-    def __init__(self, file):
-        self.name = "RomFS"
-        self.signature = b'-rom1fs-'
-        super().__init__(file)
-
-    def is_valid(self):
-        for match in self.search():
-            start = match
-            header = io.BytesIO(self.file[start:start+14])
-            magic = header.read(8)
-            fullsize = header.read(4)
-            checksum = header.read(4)
-            fullsize = int.from_bytes(fullsize, 'big')
-            self.matches += [Match(start, fullsize)]
-
-        return len(self.matches) != 0
-
-    def view(self, match):
-
-        start = match.offset
-        length = match.length
-        raw = io.BytesIO(self.file[start:start+length])
-        rom = Romfs(raw)
-        root = rom.getRoot()
-        print(root.name)
-        for ch in root.children:
-            print(ch.name)

python/matcher/zip.py

@@ -29,11 +29,9 @@ class Zip(SignatureMatcher):
             file_name_length = header.read(2)
             extra_field_length = header.read(2)
 
-            as_num = lambda x: int.form_bytes(x, 'little')
+            file_name_length = int.from_bytes(file_name_length, 'little')
-
+            extra_field_length = int.from_bytes(extra_field_length, 'little')
-            file_name_length = as_num(file_name_length)
+            compressed_size = int.from_bytes(compressed_size, 'little')
-            extra_field_length = as_num(extra_field_length)
-            compressed_size = as_num(compressed_size)
 
             header_size = 4*4 + 2*7
             data = {