|
|
近几年各种ctf赛事频发,让人应接不暇!
其中有一类型题目叫做“隐写术”,
“隐写术”中的一种题目类型是将两种或两种以上格式的文件“拼接”在一起
让参赛者寻找隐藏在正常文件里的其他文件,并找到flag。
该类题目解题思路虽然简单,但是有个问题就是得记住常见的“文件头”,
又或假如题目是不常见的文件头呢?
宝贵的大脑怎么能拿来记这种毫无意义的东西呢?
于是,写了这个“文件类型”识别脚本,自动识别隐藏文件并“提取”出来。
该脚本基于“字典”模式设计,依赖默认的字典格式文件,方便新格式(后缀)的增加和误报率过高格式的删除。
字典格式为:extension :: description :: hexdump(后缀 :: 描述 :: hex文件头)
支持“#”注释 ,hexdump可使用空格间隔(便于肉眼识别)
默认字典如下:
更多格式hexdump请到http://file-extension.net/seeker/搜索,或者自行添加
识别效果如下:
核心源码如下:
- #coding=utf-8
-
- '''
- WhatFormat.py
- '''
-
- import os
- import sys
- import binascii
-
- #dict = r'C:\MyTools\whatFormat.dic'
- dict = 'whatFormat.dic'
-
- def usage():
- data = '''
- [+] This script help you to find outthe real format of the file or hide data from the file!
- [+] the result file save at 'output' dir, go and search it!
- [+] [url=http://hi.baidu.com/l34rn]http://hi.baidu.com/l34rn[/url]
- [+] cnh4ckff [at] gmail.com
-
- [+] usage: %s <target file>
- '''% sys.argv[0].split('\\')[-1]
- print data
-
- def loadDict(dict):
- dictList = []
- with open(dict,'r') as lines:
- for line in lines:
- if line.strip() != '':
- if not line.startswith('#'):
- ext,des,hexDump = line.split('::')
- dictList.append([ext,des,hexDump])
- return dictList
-
- def loadFile(file):
- size = os.path.getsize(file)
- print '''
- [+] File: %s
- [+] Size: %s [Kb]
- '''%(file,str(size/1024))
- with open(file,'rb') as f:
- data = f.read()
- hexData = binascii.hexlify(data)
- return hexData
-
- def checkFormat(hexData,dictList):
- resList = []
- for dict in dictList:
- starup = 0
- hexDump = ''
- for hexDumpTmp in dict[2].strip():
- hexDumpTmp = hexDumpTmp.strip()
- if hexDumpTmp != '':
- hexDump += hexDumpTmp.lower()
- while True:
- code = hexData.find(hexDump,starup)
- if code != -1:
- starup = code+1
- resList.append([dict[0].strip(),dict[1].strip(),code])
- else:
- break
- return resList
-
- def output(resList,hexData):
- i = 0
- for res in resList:
- i += 1
- num = str(i)
- ext = res[0]
- des = res[1]
- startup = int(res[2])
- fileName = num+'.'+ext
- data = binascii.unhexlify(hexData[startup:])
- saveFile(fileName,data)
- print '''
- [+] Number: %s
- [+] Extension: %s
- [+] Description: %s
- [+] Startup: %s
- [+] Saveas: %s
- '''%(num ,ext,des,startup,fileName)
-
- def saveFile(fileName,data):
- if not os.path.exists('output'):
- os.mkdir('output')
- with open('output/'+fileName,'wb') as f:
- f.write(data)
-
- def main():
- if len(sys.argv) < 2:
- usage()
- exit()
- file = sys.argv[1]
- hexData = loadFile(file)
- dictList = loadDict(dict)
- resList = checkFormat(hexData, dictList)
- output(resList,hexData)
-
-
- if __name__ == '__main__':
- try:
- main()
- except Exception,e:
- print '[+] ',e
源码及字典、测试文件打包:
|
|
|小黑屋|手机版|中国白客联盟-BUC
( 赣ICP备15007148号-6 ) 
窥视卡
雷达卡
发表于 2014-10-18 20:00:20
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡