Browse code
sigtool: adding support for decoding cdb sigs
Mickey Sola authored on 2016/01/07 04:57:48Showing 1 changed files
| ... | ... |
@@ -2679,6 +2679,132 @@ static int decodesigmod(const char *sigmod) |
| 2679 | 2679 |
return 0; |
| 2680 | 2680 |
} |
| 2681 | 2681 |
|
| 2682 |
+static int decodecdb(const char **tokens) |
|
| 2683 |
+{
|
|
| 2684 |
+ |
|
| 2685 |
+ char *pt = NULL; |
|
| 2686 |
+ int sz = 0; |
|
| 2687 |
+ char *range[2]; |
|
| 2688 |
+ |
|
| 2689 |
+ if (!tokens) |
|
| 2690 |
+ return -1; |
|
| 2691 |
+ |
|
| 2692 |
+ mprintf("VIRUS NAME: %s\n", tokens[0]);
|
|
| 2693 |
+ mprintf("CONTAINER TYPE: %s\n", (strcmp(tokens[1], "*") ? tokens[1] : "ANY"));
|
|
| 2694 |
+ mprintf("CONTAINER SIZE: ");
|
|
| 2695 |
+ if (!cli_isnumber(tokens[2])) {
|
|
| 2696 |
+ if (!strcmp(tokens[2], "*")) {
|
|
| 2697 |
+ mprintf("ANY\n");
|
|
| 2698 |
+ |
|
| 2699 |
+ } else if (strchr(tokens[2], '-')) {
|
|
| 2700 |
+ sz = cli_strtokenize(tokens[2], '-', 2 + 1, (const char **) range); |
|
| 2701 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) {
|
|
| 2702 |
+ mprintf("!decodesig: Invalid container size range\n");
|
|
| 2703 |
+ return -1; |
|
| 2704 |
+ } |
|
| 2705 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]);
|
|
| 2706 |
+ |
|
| 2707 |
+ } else {
|
|
| 2708 |
+ mprintf("!decodesig: Invalid container size\n");
|
|
| 2709 |
+ return -1; |
|
| 2710 |
+ } |
|
| 2711 |
+ } else {
|
|
| 2712 |
+ mprintf("%s\n", tokens[2]);
|
|
| 2713 |
+ } |
|
| 2714 |
+ mprintf("FILENAME REGEX: %s\n", tokens[3]);
|
|
| 2715 |
+ mprintf("COMPRESSED FILESIZE: ");
|
|
| 2716 |
+ if (!cli_isnumber(tokens[4])) {
|
|
| 2717 |
+ if (!strcmp(tokens[4], "*")) {
|
|
| 2718 |
+ mprintf("ANY\n");
|
|
| 2719 |
+ |
|
| 2720 |
+ } else if (strchr(tokens[4], '-')) {
|
|
| 2721 |
+ sz = cli_strtokenize(tokens[4], '-', 2 + 1, (const char **) range); |
|
| 2722 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) {
|
|
| 2723 |
+ mprintf("!decodesig: Invalid container size range\n");
|
|
| 2724 |
+ return -1; |
|
| 2725 |
+ } |
|
| 2726 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]);
|
|
| 2727 |
+ |
|
| 2728 |
+ } else {
|
|
| 2729 |
+ mprintf("!decodesig: Invalid compressed filesize\n");
|
|
| 2730 |
+ return -1; |
|
| 2731 |
+ } |
|
| 2732 |
+ } else {
|
|
| 2733 |
+ mprintf("%s\n", tokens[4]);
|
|
| 2734 |
+ } |
|
| 2735 |
+ mprintf("UNCOMPRESSED FILESIZE: ");
|
|
| 2736 |
+ if (!cli_isnumber(tokens[5])) {
|
|
| 2737 |
+ if (!strcmp(tokens[5], "*")) {
|
|
| 2738 |
+ mprintf("ANY\n");
|
|
| 2739 |
+ |
|
| 2740 |
+ } else if (strchr(tokens[5], '-')) {
|
|
| 2741 |
+ sz = cli_strtokenize(tokens[5], '-', 2 + 1, (const char **) range); |
|
| 2742 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) {
|
|
| 2743 |
+ mprintf("!decodesig: Invalid container size range\n");
|
|
| 2744 |
+ return -1; |
|
| 2745 |
+ } |
|
| 2746 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]);
|
|
| 2747 |
+ |
|
| 2748 |
+ } else {
|
|
| 2749 |
+ mprintf("!decodesig: Invalid uncompressed filesize\n");
|
|
| 2750 |
+ return -1; |
|
| 2751 |
+ } |
|
| 2752 |
+ } else {
|
|
| 2753 |
+ mprintf("%s\n", tokens[5]);
|
|
| 2754 |
+ } |
|
| 2755 |
+ |
|
| 2756 |
+ mprintf("ENCRYPTION: ");
|
|
| 2757 |
+ if (!cli_isnumber(tokens[6])) {
|
|
| 2758 |
+ if (!strcmp(tokens[6], "*")) {
|
|
| 2759 |
+ mprintf("IGNORED\n");
|
|
| 2760 |
+ } else {
|
|
| 2761 |
+ mprintf("!decodesig: Invalid encryption flag\n");
|
|
| 2762 |
+ return -1; |
|
| 2763 |
+ } |
|
| 2764 |
+ } else {
|
|
| 2765 |
+ mprintf("%s\n", (atoi(tokens[6]) ? "YES" : "NO"));
|
|
| 2766 |
+ } |
|
| 2767 |
+ |
|
| 2768 |
+ mprintf("FILE POSITION: ");
|
|
| 2769 |
+ if (!cli_isnumber(tokens[7])) {
|
|
| 2770 |
+ if (!strcmp(tokens[7], "*")) {
|
|
| 2771 |
+ mprintf("ANY\n");
|
|
| 2772 |
+ |
|
| 2773 |
+ } else if (strchr(tokens[7], '-')) {
|
|
| 2774 |
+ sz = cli_strtokenize(tokens[7], '-', 2 + 1, (const char **) range); |
|
| 2775 |
+ if(sz != 2 || !cli_isnumber(range[0]) || !cli_isnumber(range[1])) {
|
|
| 2776 |
+ mprintf("!decodesig: Invalid container size range\n");
|
|
| 2777 |
+ return -1; |
|
| 2778 |
+ } |
|
| 2779 |
+ mprintf("WITHIN RANGE %s to %s\n", range[0], range[1]);
|
|
| 2780 |
+ |
|
| 2781 |
+ } else {
|
|
| 2782 |
+ mprintf("!decodesig: Invalid file position\n");
|
|
| 2783 |
+ return -1; |
|
| 2784 |
+ } |
|
| 2785 |
+ } else {
|
|
| 2786 |
+ mprintf("%s\n", tokens[7]);
|
|
| 2787 |
+ } |
|
| 2788 |
+ |
|
| 2789 |
+ if (!strcmp(tokens[1], "CL_TYPE_ZIP") || !strcmp(tokens[1], "CL_TYPE_RAR")) {
|
|
| 2790 |
+ if (!strcmp(tokens[8], "*")) {
|
|
| 2791 |
+ mprintf("CRC SUM: ANY\n");
|
|
| 2792 |
+ } else {
|
|
| 2793 |
+ |
|
| 2794 |
+ errno = 0; |
|
| 2795 |
+ sz = (int) strtol(tokens[8], NULL, 16); |
|
| 2796 |
+ if (!sz && errno) {
|
|
| 2797 |
+ mprintf("!decodesig: Invalid cyclic redundancy check sum\n");
|
|
| 2798 |
+ return -1; |
|
| 2799 |
+ } else {
|
|
| 2800 |
+ mprintf("CRC SUM: %d\n", sz);
|
|
| 2801 |
+ } |
|
| 2802 |
+ } |
|
| 2803 |
+ } |
|
| 2804 |
+ |
|
| 2805 |
+ return 0; |
|
| 2806 |
+} |
|
| 2807 |
+ |
|
| 2682 | 2808 |
static int decodesig(char *sig, int fd) |
| 2683 | 2809 |
{
|
| 2684 | 2810 |
char *pt; |
| ... | ... |
@@ -2754,7 +2880,12 @@ static int decodesig(char *sig, int fd) |
| 2754 | 2754 |
} |
| 2755 | 2755 |
} |
| 2756 | 2756 |
} else if(strchr(sig, ':')) { /* ndb */
|
| 2757 |
- tokens_count = cli_strtokenize(sig, ':', 6 + 1, (const char **) tokens); |
|
| 2757 |
+ tokens_count = cli_strtokenize(sig, ':', 12 + 1, (const char **) tokens); |
|
| 2758 |
+ |
|
| 2759 |
+ if (tokens_count > 9 && tokens_count < 13) { /* cdb*/
|
|
| 2760 |
+ return decodecdb((const char **) tokens); |
|
| 2761 |
+ } |
|
| 2762 |
+ |
|
| 2758 | 2763 |
if(tokens_count < 4 || tokens_count > 6) {
|
| 2759 | 2764 |
mprintf("!decodesig: Invalid or not supported signature format\n");
|
| 2760 | 2765 |
mprintf("TOKENS COUNT: %u\n", tokens_count);
|