dash/fudger
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

release

Browse Source
This commit is contained in:
root
2015-05-30 11:39:19 +02:00
commit 3fbfa3e9e1
10 changed files with 1093 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
README Executable file
View File

@@ -0,0 +1,52 @@
Disclaimer:
===========
None :)
Intro:
======
This code is for automated analysis of files you may find around the internet. Primarily it was coded for the investigation of firmwares of devices. But you can use it generally for pattern recognition.
Currently it supports by 80plugins, this means by 80 different patterns that may match on a current file. There are still some interesting, exotic or important plugins missing. However i hope it may help you out on some point. If you got interesting patterns please let me know, and i'am happy to add them.
How to use the tool:
====================
List all plugins:
%python fudge.py -l
Searching for just one patterntype:
%python fudge.py -f /bin/ls -o test/ -p ELF
Searching for a class of patterns:
%python fudge.py -f /bin/ls -o test/ -P FS
Searching through all patterns and extract findings:
%python fudge.py -f /bin/ls -o test/ -x
Searching through all patterns, extract findings and generate report with the tool file:
%python fudge.py -f /bin/ls -o test/ -x -r
Bugs:
=====
- slow on big files
- suffix recognition isn't working
Todo:
=====
- verbose mode not implemented
- add logfile function
- complete rewrite
Outro:
======
That's it guys'n'girls. I hope you can use it for some good. For any further questions on the code you can contact me via email

188
fudge.py Executable file
View File

@@ -0,0 +1,188 @@
#!/usr/bin/env python2
#
# by dash@hack4.org in 2008
############################
from lib.FUDGEanalyse import *
from lib.FUDGEheader import *
import getopt,sys,os
#maybe put that later somewhere else
extractit=0
fileReport=0
def fudge_banner():
inst2=ANALYSE()
print "[+] FirmareFudger %s by dash@hack4.org" % inst2.version
print "[+] tool for firmware analyses written in August 2008"
print "[+] "
inst2=[]
def fudge_usage():
inst2=ANALYSE()
print "[+] FirmareFudger %s by dash@hack4.org" % inst2.version
print "[+] tool for firmware analyses written in August 2008"
print "[+] "
print "[+]\t-f <inputfile>"
print "[+]\t-o <outdir>"
print "[+]\t-n <outputfilename>"
print "[+]\t-x extract found files"
print "[+]\t-P <FS/EXEC/PACKERS/DOCS/BOOT/ASM/PICTURES/DEVICES/ROUTERS>"
print "[+]\t-p <name the plugin format, example: CRAMFS>"
print "[+]\t-r do an investigation on extracted files with file"
print "[+]\t-l list all available plugins"
print "[+]\t-v verbose mode on"
print "[+]\t-V Version"
print "[+]"
print "[+] Example:"
print "[+] python %s -f input.img -o outdir -n outname -x" % sys.argv[0]
print ""
inst2=[]
def generateFilereport(instance):
if fileReport==1:
print "[+] Generating file Report"
instance.generateReport()
else:
print "[-] Don't enabled file Report mode"
def extractdata(instance, extractit):
instance.extractcount()
if extractit==1:
print "[+] Extracting found files"
instance.extractfile()
else:
print "[-] Don't enabled extraction mode"
instance.closefile()
try:
opts, args = getopt.getopt(sys.argv[1:], "n:o:P:p:lvf:xVr")
#let's check if we got some arguments, dont we?!
if len(opts)==0:
fudge_usage()
sys.exit(1)
except getopt.GetoptError, err:
fudge_usage()
print "[!] %s" % str(err)
sys.exit(1)
for option, arg in opts:
if option == "-f":
file=arg
inst2=ANALYSE()
inst2.file=file
elif option == "-o":
inst2.dir=arg
inst2.create_dir()
elif option == "-n":
inst2.outname=arg
elif option == "-r":
fileReport=1
elif option == "-p":
lonelyplugin=arg
inst2.lonelyplugin=lonelyplugin
elif option == "-P":
plugin=arg
inst2.plugin=plugin
elif option == "-l":
fudge_banner()
inst2=ANALYSE()
inst2.showplugins()
inst2=[]
sys.exit(1)
elif option == "-v":
print "verbose"
elif option == "-V":
fudge_banner()
sys.exit(0)
elif option == "-x":
extractit=1
else:
print "unknown option"
fudge_usage()
sys.exit(1)
#print the banner :D
fudge_banner()
inst2.openfile()
inst2.printargs()
#check for named plugin(VAX is currently 2)
true=0
if inst2.lonelyplugin!=None:
lonely=inst2.lonelyplugin
for type in range(len(TYPES)):
for plugin in range(len(TYPES[type])):
inst2.type=TYPES[type][plugin][3]
compare=inst2.type.split(" ")
compare=compare[0]
compare.strip(" ")
# print "-%s-" % lonely
# print "-%s-" % compare
if lonely==compare:
true=1
print "[+] Checking for %s" % inst2.type
inst2.fd.seek(0,0)
inst2.search=TYPES[type][plugin][1]
inst2.checkheader()
extractdata(inst2,extractit)
generateFilereport(inst2)
if true!=1:
print "[-] Sorry couldn't find %s " % inst2.lonelyplugin
sys.exit(0)
if inst2.plugin!=None:
KIND=inst2.plugin
if KIND=="FS":
type=0
elif KIND=="EXEC":
type=1
elif KIND=="PACKERS":
type=2
elif KIND=="DOCS":
type=3
elif KIND=="BOOT":
type=4
elif KIND=="ASM":
type=5
elif KIND=="PICTURES":
type=6
elif KIND=="DEVICES":
type=7
elif KIND=="ROUTERS":
type=8
else:
print "[-] Unkown plugin class %s !" % inst2.plugin
sys.exit(1)
#only check for the asked TYPE
print "[+] Testing only for %s plugins" % (KIND)
for plugin in range(len(TYPES[type])):
inst2.type=TYPES[type][plugin][3]
print "[+] Checking for %s" % inst2.type
inst2.fd.seek(0,0)
inst2.search=TYPES[type][plugin][1]
inst2.checkheader()
else:
#check for all TYPES
for type in range(len(TYPES)):
for plugin in range(len(TYPES[type])):
inst2.type=TYPES[type][plugin][3]
print "[+] Checking for %s" % inst2.type
inst2.fd.seek(0,0)
inst2.search=TYPES[type][plugin][1]
inst2.checkheader()
extractdata(inst2,extractit)
generateFilereport(inst2)

21
lib/CHANGELOG Executable file
View File

@@ -0,0 +1,21 @@
Tue Mar 10 16:03:24 CET 2009
============================
- added plugin support (choose between categories)
- added report mode with file
Tue Mar 10 00:47:18 CET 2009
============================
- added jffs/jffs2 support
- added pluginlist
- added little corrections
- added version output
long long before(last year august)
==================================
- initial PoC
- addition of a lot of patterns
- extract mode

253
lib/FUDGEanalyse.py Executable file
View File

@@ -0,0 +1,253 @@
import FUDGEheader
import os,sys,time,struct,binascii
def dbgprint():
print "nothing"
class ANALYSE(object):
def __init__(self):
""" file - the file to analyse
stat - os.stat results of self.file
type - the current type of pattern test
plugin - choosen pluginclass to test for
lonelyplugin - choosen lonely plugin for test
fd - the filedescriptor of open and close
search - the search string/bytes
string - for convert2hex
data - the binary data field, where the bytes are filled in
offset - the offset delivered back for writing to self.cut
extract - number of the found files in file
cut - dict for offsets for the extractfile method
dir - output directory for putting files
outname - name of the output files part
reportfile - name of the status report
files - list with paths of extracte files
"""
self.file=None
self.stat=None
self.type=None
self.plugin=None
self.lonelyplugin=None
self.reportfile=None
self.files=[]
self.fd=None
self.search=None
self.string=""
self.data=[]
self.offset=0
self.extract=0
self.cut={}
self.set_offset=0
self.set_string=0
self.debug=0
self.dir=""
self.outname="Extract"
self.length=0
self.version="0.3"
def privileges(self):
if self.stat.st_uid != os.getuid():
print "[!] Attention file owner is %d" % self.stat.st_uid
def printargs(self):
size=self.stat.st_size
Kilo=1024.0
Mega=1048576.0
print "[+] Fudger Version %s - Fileinformation" % self.version
print "[+] Filename %s" % self.file
if size<=Mega:
sizeK=size/Kilo
print "[+] Size %.2fK - %dB" % (sizeK,size)
elif size>=Mega:
sizeM=size/Mega
sizeK=size/Kilo
print "[+] Size %.2fM - %.2fK - %dB" % (sizeM,sizeK,size)
else:
print "[+] Size %d" % size
print "[+] User %d" % self.stat.st_uid
print "[+] Group %d" % self.stat.st_gid
#print "[+] Search for %s" % self.search
def openfile(self):
self.stat=os.stat(self.file)
print "[+] Open %s" % (self.file)
self.fd=open(self.file,"r")
def closefile(self):
print "[+] Close %s" % self.file
self.fd.close()
def create_dir(self):
try:
print "[+] Creating directory %s" % (self.dir)
os.mkdir(self.dir)
return(0)
except OSError, e:
print "[-] Error %d %s" % (e.args[0], e.args[1])
return(1)
def convert2array(self):
for byte in range(len(self.string)):
print "\'%c\'," % self.string[byte],
def checkheader(self):
self.data=[]
offset=0
# print "[+] Checking for FS Type Headers"
try:
for byte in self.fd.read(self.stat.st_size):
# print "[+] Bytes in %s" % self.stat.st_size
self.data.append(byte)
#print "[+] data %s" % self.data
#print "in for loop"
if len(self.data) == len(self.search):
#print "set o =0"
o=0
#print "[+] Datalen is %d" % len(self.data)
for i in range(len(self.data)):
if self.data[i]==self.search[i]:
# print self.data[i]
# print self.search[i]
o+=1
# i+=1
if o==len(self.search):
offlen=offset-len(self.data)+1
print "[+] FOUND at Offset %d to %d" % (offlen,offset)
# print "FIELD " + str(self.data)
self.cut[self.extract]=offlen
# print "%s" % str(self.cut)
# print "%d" % self.cut[self.extract]
o=0
self.data.pop(0)
self.extract+=1
else:
# print "Nope"
# print self.data
self.data.pop(0)
o=0
#print "set i=0"
i=0
offset+=1
except KeyboardInterrupt:
print "\n[!] KeyboardInterrupt at check %s" % self.type
sys.exit(1)
def extractcount(self):
print "[+] Found %d possible types" % (self.extract)
def seekinto(self):
allbytes=""
self.fd=open(self.file,"r")
self.fd.seek(0,0)
self.fd.seek(self.set_offset,0)
for byte in self.fd.read(self.length):
byte=binascii.hexlify(byte)
allbytes=allbytes + "\\x"+byte
print "%s" % allbytes,
def manglefile(self):
mangle_file=open(self.file,"r")
for part in range(self.extract):
mangle_file.seek(0,0)
mangle_file.seek(self.cut[part],0)
readbytes=mangle_file.read(8)
print "readed %s " % readbytes
mangle_file.close()
mangle_file=open(self.file,"r+")
mangle_file.seek(0,0)
mangle_file.seek(self.cut[part],0)
mangle_file.write(self.set_string)
mangle_file.close()
def extractfile(self):
""" its working just need some cleanups, and small fixes """
exo_file=open(self.file,"r")
for part in range(self.extract):
# dbgprint "part %d" % part
exo_file.seek(0,0)
exo_file.seek(self.cut[part],0)
suffix=self.type
suffix=suffix.split(" ")
suffix=suffix[0]
FILENAME=self.dir+"/"+self.outname+"-"+str(self.extract)+"-"+str(self.cut[part])+"." + suffix
print "[+] FILENAME: %s" % FILENAME
exw_file=open(FILENAME,"w")
TOWRITE=(self.stat.st_size)-self.cut[part]
for byte in exo_file.read(TOWRITE):
#for byte in exo_file.read(self.stat.st_size):
exw_file.write(byte)
exw_file.close()
#complicated
# print "written %d" % self.cut[self.extract]
exo_file.close()
#lets add it to files if reportfile shall be written
# if self.reportfile!=None:
self.files.append(FILENAME)
def generateReport(self):
print "[+] Found %d extracted files" % len(self.files)
print
print "file Report"
print "="*11
for extracted in self.files:
#print "[+] %s " % extracted
os.spawnl(os.P_WAIT,"/usr/bin/file","file",extracted)
def showplugins(self):
""" ok this method is not part of the CLASS ANALYSE
maybe i change this later"""
i=0
print "[+] Plugins:"
for type in range(len(FUDGEheader.TYPES)):
if type==0:
stringtype="FS"
elif type==1:
stringtype="EXEC"
elif type==2:
stringtype="PACKERS"
elif type==3:
stringtype="DOCS"
elif type==4:
stringtype="BOOT"
elif type==5:
stringtype="ASM"
elif type==6:
stringtype="PICTURES"
elif type==7:
stringtype="DEVICES"
elif type==8:
stringtype="ROUTER"
print "%s:" % stringtype
for plugin in range(len(FUDGEheader.TYPES[type])):
print "\t\t- %s" % FUDGEheader.TYPES[type][plugin][3]
i+=1
print "\n[+] Found %d plugins." % i
print "[+] Done"

BIN
lib/FUDGEanalyse.pyc Normal file
View File

Binary file not shown.

575
lib/FUDGEheader.py Executable file
View File

@@ -0,0 +1,575 @@
#complete list
TYPES = 0x00
#categories
FS = 0x00
EXEC = 0x01
PACKERS = 0x02
DOCS = 0x03
BOOT = 0x04
ASM = 0x05
PICTURES = 0x06
DEVICES = 0x07
ROUTERS = 0x08
CRYPTO = 0x09
#Filesystem Type Definitions
MSDOS = 0x00
CRAMFS1 = 0x01
CRAMFS2 = 0x02 #difference is another searchstring
ROM1FS = 0x03
SQUASHFS1 = 0x04 #difference is another searchstring
SQUASHFS2 = 0x05
FAT32 = 0x06
CDUNIX = 0x07
ADF = 0x08
SGI = 0x09
SGIXFS = 0x0a
ST40 = 0x0b
CBM = 0x0c
WINIMAGE = 0x0d
COB = 0x0e
UFS1 = 0x0f
QEMU1 = 0x10
JFFSL = 0x11
JFFSB = 0x12
JFFS2L = 0x13
JFFS2B = 0x14
#Executeable File Definitions
ELF = 0x00
BFLT = 0x01
PE = 0x02
MSDOSCOM = 0x03
DOSCOM = 0x04
SPSSPORTABLE = 0x05
SPSSSYSTEM = 0x06
PPCPEF = 0x07
#Packing Specific definitions
ZIP1 = 0x00
ZIP2 = 0x01
BZIP = 0x02
GZIP = 0x03
ACE = 0x04
TAR = 0x05
TRX1 = 0x06
TRX2 = 0x07
LZMA = 0x08
UPX = 0x09
GNUTAR = 0x0A
CRUSH = 0x0B
HLSQZ = 0x0B
SQWEZ = 0x0C
HPAK = 0x0D
LZOP = 0x0E
MDCD = 0x0F
MSCOMPRESS = 0x10
INSTALLSHIELD = 0x11
PAQ = 0x12
JARARJ = 0x13
STUFFIT = 0x14
VAX3 = 0x15
VAX5 = 0x16
ARCHIVE = 0x17
ARCHIVEFILE = 0x18
HRB = 0x19
RISCOS = 0x1a
HAP = 0x1b
LIM = 0x1c
FREEZE = 0x1d
ZOO = 0x1e
RAR = 0x1f
EET = 0x20
RZIP = 0x21
SQSH = 0x22
ISC = 0x23
NWFILE = 0x24
DSIGDCC = 0x25
ARJ = 0x26
#Document Fileformats
PDF = 0x00
DOC = 0x01
RTF = 0x02
#Bootloader Definitions
UBOOT = 0x00
#Assembler object codes
AVR = 0x00
#Image Files(pictures etc.)
GIMPXCF = 0x00
#Devices Specific Firmware characteristics
LTRX1 = 0x00
LTRX2 = 0x01
WGR614BOOT = 0x02
WGR614 = 0x03
#Router Specific Firmware characteristics specifications
#Crypto stuff, certificates, keys, typical indications of crypto
SSHDSA = 0x00 #-----BEGIN DSA PRIVATE KEY----- -----END DSA PRIVATE KEY-----
SSHRSA = 0x02 #-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
SSHPUB = 0x03 # ssh-dss
CACERT = 0x04 #-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
CERTREQ = 0x05 #-----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST-----
PGPMSG = 0x10 #-----BEGIN PGP MESSAGE----- -----END PGP MESSAGE-----
#Header definitions
HEADER1 = 0x01 #start header
HEADER2 = 0x02 #stop trailer/header
DESC = 0x03 #teh description
TOOLS = 0x04 #tools of trade to work with that kind of files
SUFFIX = 0x05 #the ending of the file, some tools want to have a proper ending, gzip for instance
CHANCE = 0x06 #chance calculator, if at least "chance" bytes are correct print out possibility...
#Filesystem Specifications
#
#still much too add
###########################################
TYPES = { FS: { \
MSDOS:{ \
HEADER1: ('M','Z','H','H'),\
HEADER2: None,\
DESC: "MSDOS - Filesystem",\
CHANCE: 2},
CRAMFS1:{ \
HEADER1: ('\x45','\x3d','\xcd','\x28'),\
HEADER2: None,\
DESC: "CRAMFS - Compressed ROMFS",\
CHANCE: 2},
CRAMFS2:{ \
HEADER1: ('C','o','m','p','r','e','s','s','e','d','\x20','R','O','M','F','S'),\
HEADER2: None,\
DESC: "CRAMFS2 - Compressed ROMFS",\
CHANCE: 8},
ROM1FS:{ \
HEADER1: ('-','r','o','m','1','f','s'),\
HEADER2: None,\
DESC: "ROM1FS - ROM FILE SYSTEM",\
CHANCE: 3},
SQUASHFS1:{ \
HEADER1: ('h','s','q','s'),\
HEADER2: None,\
DESC: "SQUASHFS - Big Endian",\
CHANCE: 2},
SQUASHFS2:{ \
HEADER1: ('s','q','s','h'),\
HEADER2: None,\
DESC: "SQUASHFS - Little Endian",\
CHANCE: 2},
FAT32:{ \
HEADER1: ('\x46','\x41','\x54','\x33','\x32'),\
HEADER2: None,\
DESC: "FAT32 - Filessystem",\
CHANCE: 2},
CDUNIX:{ \
HEADER1: ('\x01','\x43','\x44','\x30','\x30','\x31','\x01'),\
HEADER2: None,\
DESC: "CDUNIX - Filessystem",\
CHANCE: 2},
ADF:{ \
HEADER1: ('D','O','S','\x00'),\
HEADER2: None,\
DESC: "ADF - Amiga Filessystem",\
CHANCE: 2},
SGI:{ \
HEADER1: ('\x0B','\xE5','\xA9','\x41'),\
HEADER2: None,\
DESC: "SGI - SGI disk label (volume header)",\
CHANCE: 2},
SGIXFS:{ \
HEADER1: ('\x58','\x46','\x53','\x42'),\
HEADER2: None,\
DESC: "SGI XFS - filesystem data",\
CHANCE: 2},
ST40:{ \
HEADER1: ('\x13','\xa9','\xf1','\x7e'),\
HEADER2: None,\
DESC: "ST40 - component image format",\
CHANCE: 2},
CBM:{ \
HEADER1: ('C','B','M'),\
HEADER2: None,\
DESC: "Power 64 - C64 Emulator Snapshot",\
CHANCE: 2},
WINIMAGE:{ \
HEADER1: ('W','I','N','I','M','A','G','E'),\
HEADER2: None,\
DESC: "WinImage - WinImage Archive data",\
CHANCE: 2},
COB:{ \
HEADER1: ('C','o','B','1'),\
HEADER2: None,\
DESC: "CoB1 - lantronix html/webserver filesystem",\
CHANCE: 2},
UFS1:{ \
HEADER1: ('\x00','\x01','\x19','\x54'),\
HEADER2: None,\
DESC: "UFS1 - Unix Fast File system [v1] (little-endian)",\
CHANCE: 2},
QEMU1:{ \
HEADER1: ('\x51','\x46','\x49','\xfb'),\
HEADER2: None,\
DESC: "QEMU1 - Qemu Image, Format: Qcow",\
CHANCE: 2},
JFFSL:{ \
HEADER1: ('\x31','\x39','\x38','\x34'),\
HEADER2: None,\
DESC: "JFFS - version 1, little endian",\
TOOLS: "mtd-tools, mkfs.jffs etc.",\
CHANCE: 2},
JFFSB:{ \
HEADER1: ('\x34','\x38','\x39','\x31'),\
HEADER2: None,\
DESC: "JFFS - version 1, big endian",\
TOOLS: "mtd-tools, mkfs.jffs etc.",\
CHANCE: 2},
JFFS2L:{ \
HEADER1: ('\x85','\x19','\x03','\x20'),\
HEADER2: None,\
DESC: "JFFS - version 2, little endian",\
TOOLS: "mtd-tools, mkfs.jffs etc.",\
CHANCE: 2},
JFFS2B:{ \
HEADER1: ('\x19','\x85','\x20','\x03'),\
HEADER2: None,\
DESC: "JFFS - version 2, big endian",\
TOOLS: "mtd-tools, mkfs.jffs etc.",\
CHANCE: 2}
},
EXEC: {
ELF:{ \
HEADER1: ('\x7f','E','L','F'),\
HEADER2: None,\
DESC: "ELF - File Format",\
CHANCE: 2},
BFLT:{ \
HEADER1: ('b','F','L','T'),\
HEADER2: None,\
DESC: "bFLT - File Format",\
CHANCE: 2},
PE:{ \
HEADER1: ('P','E','\x00','\x00'),\
HEADER2: None,\
DESC: "PE - File Format",\
CHANCE: 2},
MSDOSCOM:{ \
HEADER1: ('\xfc','\x57','\xf3','\xa5','\xc3'),\
HEADER2: None,\
DESC: "COM executable for MS-DOS",\
CHANCE: 2},
DOSCOM:{ \
HEADER1: ('\xfc','\x57','\xf3','\xa4','\xc3'),\
HEADER2: None,\
DESC: "COM executable for DOS",\
CHANCE: 2},
SPSSPORTABLE:{ \
HEADER1: ('\xc1','\xe2','\xc3','\xc9'),\
HEADER2: None,\
DESC: "SPSS Portable File",\
CHANCE: 2},
SPSSSYSTEM:{ \
HEADER1: ('$','F','L','2'),\
HEADER2: None,\
DESC: "SPSS System File",\
CHANCE: 2},
PPCPEF:{ \
HEADER1: ('J','o','y','!','p','e','f','f','p','w','p','c'),\
HEADER2: None,\
DESC: "header for PowerPC PEF executable",\
CHANCE: 2}
},
PACKERS: {
ZIP1:{ \
HEADER1: ('\x50','\x4b','\x03','\x04'),\
HEADER2: None,\
DESC: "ZIP1 - Phil Katz ",\
CHANCE: 2},
ZIP2:{ \
HEADER1: ('\x50','\x4b','\x01','\x02'),\
HEADER2: None,\
DESC: "ZIP2 - Phil Katz ",\
CHANCE: 2},
BZIP:{ \
HEADER1: ('\x42','\x5a','\x68'),\
HEADER2: None,\
DESC: "BZIP - a block-sorting file compressor",\
CHANCE: 2},
GZIP:{ \
HEADER1: ('\x1f','\x8b'),\
HEADER2: None,\
DESC: "GZIP - Lempel-Ziv coding (LZ77)",\
CHANCE: 2},
ACE:{ \
HEADER1: ('*','*','A','C','E','*','*'),\
HEADER2: None,\
DESC: "ACE - e-merge GmbH - winace.com",\
CHANCE: 2},
TAR:{ \
HEADER1: ('\x00','u','s','t','a','r','\x00'),\
HEADER2: None,\
DESC: "TAR - tape archiver",\
CHANCE: 2},
TRX1:{ \
HEADER1: ('\x30','\x52','\x44','\x48'),\
HEADER2: None,\
DESC: "TRX1 - ",\
CHANCE: 2},
TRX2:{ \
HEADER1: ('H','D','R','0'),\
HEADER2: ('0','R','D','H'),\
DESC: "TRX2 - ",\
CHANCE: 2},
LZMA:{ \
HEADER1: ('\x5d','\x00','\x00','\x80'),\
HEADER2: None,\
DESC: "LZMA - Lempel-Ziv-Markov chain-Algorithm",\
CHANCE: 2},
UPX:{ \
HEADER1: ('U','P','X','!'),\
HEADER2: None,\
DESC: "UPX - Ultimate Packer for eXecuteables",\
CHANCE: 2},
GNUTAR:{ \
HEADER1: ('u','s','t','a','r','\x20','\x20','\x00'),\
HEADER2: None,\
DESC: "GNUTAR - tar == teer + tape archiver",\
CHANCE: 2},
CRUSH:{ \
HEADER1: ('C', 'R', 'U', 'S', 'H'),\
HEADER2: None,\
DESC: "CRUSH - Crush archive data",\
CHANCE: 2},
HLSQZ:{ \
HEADER1: ('H', 'L', 'S', 'Q', 'Z'),\
HEADER2: None,\
DESC: "HLSQZ - Squeeze It archive data",\
CHANCE: 2},
SQWEZ:{ \
HEADER1: ('S', 'Q', 'W', 'E', 'Z'),\
HEADER2: None,\
DESC: "SQWEZ - archive data",\
CHANCE: 2},
HPAK:{ \
HEADER1: ('H', 'P', 'A', 'K'),\
HEADER2: None,\
DESC: "HPAK - archive data",\
CHANCE: 2},
LZOP:{ \
HEADER1: ('\x89','\x4c','\x5a','\x4f','\x00','\x0d','\x0a','\x1a','\x0a'),\
HEADER2: None,\
DESC: "LZOP - lzop comrpressed data",\
CHANCE: 2},
MDCD:{ \
HEADER1: ('M', 'D', 'm', 'd'),\
HEADER2: None,\
DESC: "MDCD - archive data",\
CHANCE: 2},
MSCOMPRESS:{ \
HEADER1: ('\x88','\xf0','\x27'),\
HEADER2: None,\
DESC: "MS Compress archive data",\
CHANCE: 2},
INSTALLSHIELD:{ \
HEADER1: ('\x13','\x5d','\x65','\x8c'),\
HEADER2: None,\
DESC: "InstallShield - Z archive Data",\
CHANCE: 2},
PAQ:{ \
HEADER1: ('\xaa','\x40','\x5f','\x77','\x1f','\xe5','\x82','\x0d'),\
HEADER2: None,\
DESC: "PAQ - archive data",\
CHANCE: 2},
JARARJ:{ \
HEADER1: ('\x1a','J','a','r','\x1b'),\
HEADER2: None,\
DESC: "JAR (ARJ Software, Inc.) archive data",\
CHANCE: 2},
STUFFIT:{ \
HEADER1: ('S','t','u','f','f','I','t'),\
HEADER2: None,\
DESC: "StuffIt Archive",\
CHANCE: 2},
VAX3:{ \
HEADER1: ('\x65','\xff','\x00','\x00'),\
HEADER2: None,\
DESC: "VAX 3.0 archive",\
CHANCE: 2},
VAX5:{ \
HEADER1: ('\x3c','\x61','\x72','\x3e'),\
HEADER2: None,\
DESC: "VAX 5.0 archive",\
CHANCE: 2},
ARCHIVE:{ \
HEADER1: ('=','<','a','r','>'),\
HEADER2: None,\
DESC: "archive",\
CHANCE: 2},
ARCHIVEFILE:{ \
HEADER1: ('21','3c','61','72'),\
HEADER2: None,\
DESC: "archive file",\
CHANCE: 2},
HRB:{ \
HEADER1: ('\xc0','H','R','B'),\
HEADER2: None,\
DESC: "Harbour HRB file",\
CHANCE: 2},
RISCOS:{ \
HEADER1: ('A','r','c','h','i','v','e'),\
HEADER2: None,\
DESC: "RISC OS archive (ArcFS format)",\
CHANCE: 2},
HAP:{ \
HEADER1: ('\x91','\x33','H','F'),\
HEADER2: None,\
DESC: "HAP archive data",\
CHANCE: 2},
LIM:{ \
HEADER1: ('L','I','M','\x1a'),\
HEADER2: None,\
DESC: "LIM archive data",\
CHANCE: 2},
FREEZE:{ \
HEADER1: ('\x1f','\x9f','\x4a','\x10','\x0a'),\
HEADER2: None,\
DESC: "Freeze archive data",\
CHANCE: 2},
ZOO:{ \
HEADER1: ('\xfd','\xc4','\xa7','\xdc'),\
HEADER2: None,\
DESC: "Zoo archive data",\
CHANCE: 2},
RAR:{ \
HEADER1: ('R','a','r','!'),\
HEADER2: None,\
DESC: "RAR archive data",\
CHANCE: 2},
EET:{ \
HEADER1: ('\x1e','\xe7','\xff','\x00'),\
HEADER2: None,\
DESC: "EET archive",\
CHANCE: 2},
RZIP:{ \
HEADER1: ('R','Z','I','P'),\
HEADER2: None,\
DESC: "rzip compressed data",\
CHANCE: 2},
SQSH:{ \
HEADER1: ('S','Q','S','H'),\
HEADER2: None,\
DESC: "squished archive data (Acorn RISCOS)",\
CHANCE: 2},
ISC:{ \
HEADER1: ('I','S','c','('),\
HEADER2: None,\
DESC: "InstallShield CAB",\
CHANCE: 2},
NWFILE:{ \
HEADER1: ('P','a','c','k','e','d','\\',' ','F','i','l','e','\\'),\
HEADER2: None,\
DESC: "Personal NetWare Packed File",\
CHANCE: 2},
DSIGDCC:{ \
HEADER1: ('D','S','I','G','D','C','C'),\
HEADER2: None,\
DESC: "CrossePAC archive data",\
CHANCE: 2},
ARJ:{ \
HEADER1: ('\x60','\xea'),\
HEADER2: None,\
DESC: "ARJ",\
CHANCE: 2}
},
DOCS: { \
PDF:{ \
HEADER1: ('\x25','\x50','\x44','\x46','\x2e'),\
HEADER2: None,\
DESC: "PDF - Portable Document Format",\
CHANCE: 2},
DOC:{ \
HEADER1: ('\xd0','\xcf','\x11','\xe0','\xa1','\xb1','\x1a','\xe1'),\
HEADER2: None,\
DESC: "DOC - Microsoft Document Format",\
CHANCE: 2},
RTF:{ \
HEADER1: ('{','\\','\\','r','t','f'),\
HEADER2: None,\
DESC: "RTF - Rich Text Format data",\
CHANCE: 2}
},
BOOT: { \
UBOOT:{ \
HEADER1: ('\x27','\x05','\x19','\x56'),\
HEADER2: None,\
DESC: "UBOOT - PPCBoot Image - maybe bootloader",\
CHANCE: 2}
},
ASM: { \
AVR:{ \
HEADER1: ('a','v','a','o','b','j'),\
HEADER2: None,\
DESC: "AVR assembler object code",\
CHANCE: 2}
},
PICTURES: { \
GIMPXCF:{ \
HEADER1: ('g','i','m','p','\\',' ','x','c','f'),\
HEADER2: None,\
DESC: "GIMP XCF image data",\
CHANCE: 2}
},
DEVICES: { \
LTRX1:{ \
HEADER1: ('D','S','T','-','L','T','R','X'),\
HEADER2: None,\
DESC: "LTRX1 - Lantronics Firmware Part detected",\
CHANCE: 2},
LTRX2:{ \
HEADER1: ('L','T','R','X'),\
HEADER2: None,\
DESC: "LTRX2 - Lantronics Firmware Part detected",\
CHANCE: 2},
WGR614BOOT:{ \
HEADER1: ('*','#','$','^'),\
HEADER2: None,\
DESC: "NETGEAR WGR614v9 Bootware - unknown bootloader maybe",\
CHANCE: 2},
WGR614:{ \
HEADER1: ('@','U','1','2','H','0','9','4','T'),\
HEADER2: None,\
DESC: "NETGEAR WGR614v9 Firmware",\
CHANCE: 2}
}
}

BIN
lib/FUDGEheader.pyc Normal file
View File

Binary file not shown.

BIN
lib/MANGLEheader.pyc Executable file
View File

Binary file not shown.

4
lib/__init__.py Executable file
View File

@@ -0,0 +1,4 @@
"""
Fudge init library
"""

BIN
lib/__init__.pyc Normal file
View File

Binary file not shown.