固件解碼後常含有二進制文件和文本文件,在二進制文件或者文本文件進行關鍵字搜索的時候根據魔數進行文件關鍵字匹配就ok了。
import magic
import re
import os
def user_search_kw(ff, keyword, bin_search):
'''
:param ff: 含路徑的文件名
:param keyword: 搜索關鍵詞
:param bin_search: 是否進行二進制搜索
:return:
'''
try:
with open (ff, 'r') as keyword_search:
text = keyword_search.read()
hits = re.findall(keyword, text, re.I)
if hits:
magic_mime = magic.from_file(ff, mime=True) #文件類型和版本號
mime_kw = 'x-executable|x-sharedlib|octet-stream|x-object' ###可執行文件、鏈接庫、動態流、對象
magic_hit = re.search(mime_kw, magic_mime, re.I)
if magic_hit:
if bin_search is True:
offset_list = []
for m in re.finditer(keyword, text, re.I):
offset_list.append(m.start())
##二進制文件
print ("Non-Plain Text File, Keyword: '%s', File: %s, Offset(s) in File: " % (keyword, ff) + ", ".join('0x%x'%x for x in offset_list) + "\n")
else:
##文本文件
print ("Plain Text File, Keyword: '%s', File: %s, Keyword Hits in File: %d\n" % (keyword, ff, len(hits)))
except IOError:
pass
keyword = 'password'
bin_search = True
user_search_kw(/home/ubuntu/zgd/firmExtract/360/_360POP-P1-beta-V1.0.14.31211.bin.extracted/2848, keyword, bin_search)