From 389abee8425d728d29fd96094f746829815dbdbc Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Tue, 14 Feb 2023 22:01:52 +0100 Subject: [PATCH 1/5] csv export of p59, p60 and p70 --- modules/P59_binwalk_extractor.sh | 5 +++++ modules/P60_firmware_bin_extractor.sh | 9 +++++++++ modules/P70_unblob.sh | 9 +++++++++ 3 files changed, 23 insertions(+) diff --git a/modules/P59_binwalk_extractor.sh b/modules/P59_binwalk_extractor.sh index a72b826d4..aa2491f3d 100755 --- a/modules/P59_binwalk_extractor.sh +++ b/modules/P59_binwalk_extractor.sh @@ -64,6 +64,11 @@ P59_binwalk_extractor() { # now it should be fine to also set the FIRMWARE_PATH ot the FIRMWARE_PATH_CP export FIRMWARE_PATH="$FIRMWARE_PATH_CP" + + write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" + done fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT" diff --git a/modules/P60_firmware_bin_extractor.sh b/modules/P60_firmware_bin_extractor.sh index 029fd2db4..5645244ef 100755 --- a/modules/P60_firmware_bin_extractor.sh +++ b/modules/P60_firmware_bin_extractor.sh @@ -50,6 +50,10 @@ P60_firmware_bin_extractor() { print_ln + # FIRMWARE_PATH_CP is typically /log/firmware - shellcheck is probably confused here + # shellcheck disable=SC2153 + detect_root_dir_helper "$FIRMWARE_PATH_CP" + FILES_EXT=$(find "$FIRMWARE_PATH_CP" -xdev -type f | wc -l ) UNIQUE_FILES=$(find "$FIRMWARE_PATH_CP" "${EXCL_FIND[@]}" -xdev -type f -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3 | wc -l ) DIRS_EXT=$(find "$FIRMWARE_PATH_CP" -xdev -type d | wc -l ) @@ -67,6 +71,11 @@ P60_firmware_bin_extractor() { # now it should be fine to also set the FIRMWARE_PATH ot the FIRMWARE_PATH_CP export FIRMWARE_PATH="$FIRMWARE_PATH_CP" + + write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" + done fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT" diff --git a/modules/P70_unblob.sh b/modules/P70_unblob.sh index d1f10f287..7c4084450 100755 --- a/modules/P70_unblob.sh +++ b/modules/P70_unblob.sh @@ -83,6 +83,10 @@ P70_unblob() { print_ln if [[ -d "$OUTPUT_DIR_UNBLOB" ]]; then + # FIRMWARE_PATH_CP is typically /log/firmware - shellcheck is probably confused here + # shellcheck disable=SC2153 + detect_root_dir_helper "$OUTPUT_DIR_UNBLOB" + FILES_EXT_UB=$(find "$OUTPUT_DIR_UNBLOB" -xdev -type f | wc -l ) UNIQUE_FILES_UB=$(find "$OUTPUT_DIR_UNBLOB" "${EXCL_FIND[@]}" -xdev -type f -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3 | wc -l ) DIRS_EXT_UB=$(find "$OUTPUT_DIR_UNBLOB" -xdev -type d | wc -l ) @@ -114,6 +118,11 @@ P70_unblob() { tree -sh "$OUTPUT_DIR_UNBLOB" | tee -a "$LOG_FILE" fi print_ln + + write_csv_log "FILES Unblob" "UNIQUE FILES Unblob" "directories Unblob" "Binaries Unblob" "LINUX_PATH_COUNTER Unblob" "Root PATH detected Unblob" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT_UB" "$UNIQUE_FILES_UB" "$DIRS_EXT_UB" "$BINS_UB" "$LINUX_PATH_COUNTER" "$R_PATH" + done fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT_UB" From babccdd1a47db4857537cdd2192b08c34f11aec6 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Tue, 14 Feb 2023 22:06:44 +0100 Subject: [PATCH 2/5] p70 - no root path detection --- helpers/helpers_emba_prepare.sh | 3 +-- modules/P70_unblob.sh | 10 ++-------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/helpers/helpers_emba_prepare.sh b/helpers/helpers_emba_prepare.sh index 865f473c7..1c06a82a4 100755 --- a/helpers/helpers_emba_prepare.sh +++ b/helpers/helpers_emba_prepare.sh @@ -483,8 +483,7 @@ detect_root_dir_helper() { SEARCH_PATH="${1:-}" print_output "[*] Root directory auto detection for $ORANGE$SEARCH_PATH$NC (could take some time)\\n" - ROOT_PATH=() - export ROOT_PATH + export ROOT_PATH=() local R_PATH local MECHANISM="" diff --git a/modules/P70_unblob.sh b/modules/P70_unblob.sh index 7c4084450..3dd76335a 100755 --- a/modules/P70_unblob.sh +++ b/modules/P70_unblob.sh @@ -83,10 +83,6 @@ P70_unblob() { print_ln if [[ -d "$OUTPUT_DIR_UNBLOB" ]]; then - # FIRMWARE_PATH_CP is typically /log/firmware - shellcheck is probably confused here - # shellcheck disable=SC2153 - detect_root_dir_helper "$OUTPUT_DIR_UNBLOB" - FILES_EXT_UB=$(find "$OUTPUT_DIR_UNBLOB" -xdev -type f | wc -l ) UNIQUE_FILES_UB=$(find "$OUTPUT_DIR_UNBLOB" "${EXCL_FIND[@]}" -xdev -type f -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3 | wc -l ) DIRS_EXT_UB=$(find "$OUTPUT_DIR_UNBLOB" -xdev -type d | wc -l ) @@ -119,10 +115,8 @@ P70_unblob() { fi print_ln - write_csv_log "FILES Unblob" "UNIQUE FILES Unblob" "directories Unblob" "Binaries Unblob" "LINUX_PATH_COUNTER Unblob" "Root PATH detected Unblob" - for R_PATH in "${ROOT_PATH[@]}"; do - write_csv_log "$FILES_EXT_UB" "$UNIQUE_FILES_UB" "$DIRS_EXT_UB" "$BINS_UB" "$LINUX_PATH_COUNTER" "$R_PATH" - done + write_csv_log "FILES Unblob" "UNIQUE FILES Unblob" "directories Unblob" "Binaries Unblob" "LINUX_PATH_COUNTER Unblob" + write_csv_log "$FILES_EXT_UB" "$UNIQUE_FILES_UB" "$DIRS_EXT_UB" "$BINS_UB" "$LINUX_PATH_COUNTER" fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT_UB" From c7b6cfa98db9b6f6bc7a89b49641dfe9dde603d9 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Tue, 14 Feb 2023 22:08:15 +0100 Subject: [PATCH 3/5] p70 - variable names --- modules/P70_unblob.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/P70_unblob.sh b/modules/P70_unblob.sh index 3dd76335a..2ac55e538 100755 --- a/modules/P70_unblob.sh +++ b/modules/P70_unblob.sh @@ -116,7 +116,7 @@ P70_unblob() { print_ln write_csv_log "FILES Unblob" "UNIQUE FILES Unblob" "directories Unblob" "Binaries Unblob" "LINUX_PATH_COUNTER Unblob" - write_csv_log "$FILES_EXT_UB" "$UNIQUE_FILES_UB" "$DIRS_EXT_UB" "$BINS_UB" "$LINUX_PATH_COUNTER" + write_csv_log "$FILES_EXT_UB" "$UNIQUE_FILES_UB" "$DIRS_EXT_UB" "$BINS_UB" "$LINUX_PATH_COUNTER_UNBLOB" fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT_UB" From cf8fd15b504abe68c9e8595efa461bc409eca473 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Tue, 14 Feb 2023 22:12:16 +0100 Subject: [PATCH 4/5] not needed --- modules/P60_firmware_bin_extractor.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/P60_firmware_bin_extractor.sh b/modules/P60_firmware_bin_extractor.sh index 5645244ef..eedaa5e52 100755 --- a/modules/P60_firmware_bin_extractor.sh +++ b/modules/P60_firmware_bin_extractor.sh @@ -50,10 +50,6 @@ P60_firmware_bin_extractor() { print_ln - # FIRMWARE_PATH_CP is typically /log/firmware - shellcheck is probably confused here - # shellcheck disable=SC2153 - detect_root_dir_helper "$FIRMWARE_PATH_CP" - FILES_EXT=$(find "$FIRMWARE_PATH_CP" -xdev -type f | wc -l ) UNIQUE_FILES=$(find "$FIRMWARE_PATH_CP" "${EXCL_FIND[@]}" -xdev -type f -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\ -f3 | wc -l ) DIRS_EXT=$(find "$FIRMWARE_PATH_CP" -xdev -type d | wc -l ) From 65aaa9fde25fadba566741ddc7bf373103d2f469 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Wed, 15 Feb 2023 08:55:41 +0100 Subject: [PATCH 5/5] improve csv, include p99 --- modules/P59_binwalk_extractor.sh | 10 ++++++---- modules/P60_firmware_bin_extractor.sh | 10 ++++++---- modules/P99_prepare_analyzer.sh | 7 +++++++ 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/modules/P59_binwalk_extractor.sh b/modules/P59_binwalk_extractor.sh index aa2491f3d..23777b776 100755 --- a/modules/P59_binwalk_extractor.sh +++ b/modules/P59_binwalk_extractor.sh @@ -65,10 +65,12 @@ P59_binwalk_extractor() { # now it should be fine to also set the FIRMWARE_PATH ot the FIRMWARE_PATH_CP export FIRMWARE_PATH="$FIRMWARE_PATH_CP" - write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" - for R_PATH in "${ROOT_PATH[@]}"; do - write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" - done + if [[ "${#ROOT_PATH[@]}" -gt 0 ]] ; then + write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" + done + fi fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT" diff --git a/modules/P60_firmware_bin_extractor.sh b/modules/P60_firmware_bin_extractor.sh index eedaa5e52..420a08d96 100755 --- a/modules/P60_firmware_bin_extractor.sh +++ b/modules/P60_firmware_bin_extractor.sh @@ -68,10 +68,12 @@ P60_firmware_bin_extractor() { # now it should be fine to also set the FIRMWARE_PATH ot the FIRMWARE_PATH_CP export FIRMWARE_PATH="$FIRMWARE_PATH_CP" - write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" - for R_PATH in "${ROOT_PATH[@]}"; do - write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" - done + if [[ "${#ROOT_PATH[@]}" -gt 0 ]] ; then + write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" + done + fi fi module_end_log "${FUNCNAME[0]}" "$FILES_EXT" diff --git a/modules/P99_prepare_analyzer.sh b/modules/P99_prepare_analyzer.sh index c9b57708a..2f21f743d 100755 --- a/modules/P99_prepare_analyzer.sh +++ b/modules/P99_prepare_analyzer.sh @@ -66,6 +66,13 @@ P99_prepare_analyzer() { print_output "[*] RTOS system detected" fi + if [[ "${#ROOT_PATH[@]}" -gt 0 ]] ; then + write_csv_log "FILES" "UNIQUE_FILES" "DIRS" "Binaries" "LINUX_PATH_COUNTER" "Root PATH detected" "architecture" "endianess" + for R_PATH in "${ROOT_PATH[@]}"; do + write_csv_log "$FILES_EXT" "$UNIQUE_FILES" "$DIRS_EXT" "$BINS" "$LINUX_PATH_COUNTER" "$R_PATH" "$ARCH" "$D_END" + done + fi + local NEG_LOG=1 module_end_log "${FUNCNAME[0]}" "$NEG_LOG" }