Skip to content

Commit

Permalink
fixup! first shot at pattern auto-identification
Browse files Browse the repository at this point in the history
  • Loading branch information
@qkaiser
qkaiser committed Dec 24, 2023
1 parent dc20f52 commit d0aa389
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 29 deletions.
0 ...d.unaligned.cpio-newc_extract/0-1.unknown → ...d.unaligned.cpio-newc_extract/0-1.padding
View file
File renamed without changes.
0 ...llated.headpad.bzip2_extract/0-17.unknown → ...llated.headpad.bzip2_extract/0-17.padding
View file
File renamed without changes.
0 ...t/initramfs_extract/366109-366113.unknown → ...t/initramfs_extract/366109-366113.padding
View file
File renamed without changes.
0 ...t/initramfs_extract/366109-366113.unknown → ...t/initramfs_extract/366109-366113.padding
View file
File renamed without changes.
0 ...uncated.fat12_extract/28160-32768.unknown → ...uncated.fat12_extract/28160-32768.padding
View file
File renamed without changes.
0 ...uncated.fat16_extract/28160-32768.unknown → ...uncated.fat16_extract/28160-32768.padding
View file
File renamed without changes.
0 ...ated.fat32_extract/551424-2097152.unknown → ...ated.fat32_extract/551424-2097152.padding
View file
File renamed without changes.
41 changes: 21 additions & 20 deletions unblob/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,27 @@ def as_report(self, entropy: Optional[EntropyReport]) -> UnknownChunkReport:
)


@attr.define(repr=False)
class PaddingChunk(Chunk):
r"""Gaps between valid chunks or otherwise unknown chunks.
Important for manual analysis, and analytical certanity: for example
entropy, other chunks inside it, metadata, etc.
These are not extracted, just logged for information purposes and further analysis,
like most common bytes (like \x00 and \xFF), ASCII strings, high entropy, etc.
"""

def as_report(self, entropy: Optional[EntropyReport]) -> PaddingChunkReport:
return PaddingChunkReport(
chunk_id=self.id,
start_offset=self.start_offset,
end_offset=self.end_offset,
size=self.size,
entropy=entropy,
)


@attrs.define
class MultiFile(Blob):
name: str = attr.field(kw_only=True)
Expand All @@ -171,26 +192,6 @@ def as_report(self, extraction_reports: List[Report]) -> MultiFileReport:
ReportType = TypeVar("ReportType", bound=Report)


@attr.define(repr=False)
class PaddingChunk(Chunk):
r"""Gaps between valid chunks or otherwise unknown chunks.
Important for manual analysis, and analytical certanity: for example
entropy, other chunks inside it, metadata, etc.
These are not extracted, just logged for information purposes and further analysis,
like most common bytes (like \x00 and \xFF), ASCII strings, high entropy, etc.
"""

def as_report(self) -> PaddingChunkReport:
return PaddingChunkReport(
chunk_id=self.id,
start_offset=self.start_offset,
end_offset=self.end_offset,
size=self.size,
)


@attr.define
class TaskResult:
task: Task
Expand Down
19 changes: 10 additions & 9 deletions unblob/report.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,16 @@ class UnknownChunkReport(Report):
entropy: Optional[EntropyReport]


@final
@attr.define(kw_only=True, frozen=True)
class PaddingChunkReport(Report):
chunk_id: str
start_offset: int
end_offset: int
size: int
entropy: Optional[EntropyReport]


@final
@attr.define(kw_only=True, frozen=True)
class MultiFileReport(Report):
Expand Down Expand Up @@ -300,12 +310,3 @@ class SpecialFileExtractionProblem(ExtractionProblem):

def log_with(self, logger):
logger.warning(self.log_msg, path=self.path, mode=self.mode, device=self.device)


@final
@attr.define(kw_only=True)
class PaddingChunkReport(Report):
chunk_id: str
start_offset: int
end_offset: int
size: int

0 comments on commit d0aa389

Please sign in to comment.