separate extractor functions

Rubusch · Dec 19, 2021 · c94a0a0 · c94a0a0
1 parent 0a778e6
commit c94a0a0
Show file tree

Hide file tree

Showing 5 changed files with 168 additions and 96 deletions.
diff --git a/modules/P10_vmdk_extractor.sh b/modules/P10_vmdk_extractor.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-# emba - EMBEDDED LINUX ANALYZER
+# EMBA - EMBEDDED LINUX ANALYZER
 #
 # Copyright 2020-2021 Siemens Energy AG
 # Copyright 2020-2021 Siemens AG
 #
-# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
 # See LICENSE file for usage of this software.
 #
-# emba is licensed under GPLv3
+# EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
 
@@ -19,37 +19,52 @@ export PRE_THREAD_ENA=0
 
 P10_vmdk_extractor() {
   module_log_init "${FUNCNAME[0]}"
-  # This module is currently in an unworking PoC state. You can enable it via changing the following to -eq 0
-  # otherwise this module gets skipped
   NEG_LOG=0
   if [[ "$VMDK_DETECTED" -eq 1 ]]; then
     module_title "VMDK extractor"
-    print_output "[*] Connect to device $ORANGE$FIRMWARE_PATH$NC"
-    mkdir -p "$TMP_DIR"/vmdk_mount
-    for MOUNT_DEV in /dev/sda{1..5}; do
-      DEV_NAME=$(basename "$MOUNT_DEV")
-      print_output "[*] Trying to mount $ORANGE$MOUNT_DEV$NC to $ORANGE$TMP_DIR/vmdk_mount$NC directory"
-      # if troubles ahead with vmdk mount, remove the error redirection
-      guestmount -a "$FIRMWARE_PATH" -m "$MOUNT_DEV" --ro "$TMP_DIR"/vmdk_mount 2>/dev/null
-      if mount | grep -q vmdk_mount; then
-        print_output "[*] Copying $ORANGE$MOUNT_DEV$NC to firmware directory $LOG_DIR/firmware/vmdk_extractor/"
-        mkdir -p "$LOG_DIR"/firmware/vmdk_extractor/"$DEV_NAME"/
-        cp -pri "$TMP_DIR"/vmdk_mount/* "$LOG_DIR"/firmware/vmdk_extractor/"$DEV_NAME"/
-        umount "$TMP_DIR"/vmdk_mount
-      fi
-    done
-    VMDK_FILES=$(find "$LOG_DIR"/firmware/vmdk_extractor -type f | wc -l)
-    VMDK_DIRS=$(find "$LOG_DIR"/firmware/vmdk_extractor -type d | wc -l)
-
-    if [[ "$VMDK_FILES" -gt 0 ]]; then
-      print_output ""
-      print_output "[*] Extracted $ORANGE$VMDK_FILES$NC files and $ORANGE$VMDK_DIRS$NC directories from the firmware image."
-      write_csv_log "Extractor" "files" "directories" "firmware dir"
-      write_csv_log "VMDK extractor" "$VMDK_FILES" "$VMDK_DIRS" "$LOG_DIR/firmware/vmdk_extractor/"
-    fi
+    EXTRACTION_DIR="$LOG_DIR"/firmware/vmdk_extractor/
+
+    vmdk_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
+
     export FIRMWARE_PATH="$LOG_DIR"/firmware/
-    rm -r "$TMP_DIR"/vmdk_mount
     NEG_LOG=1
   fi
   module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
 }
+
+vmdk_extractor() {
+  local VMDK_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  local MOUNT_DEV
+  local DEV_NAME
+  local VMDK_FILES
+  local VMDK_DIRS
+  local TMP_VMDK_MNT="$TMP_DIR/vmdk_mount_$RANDOM"
+
+  print_output "[*] Connect to device $ORANGE$VMDK_PATH_$NC"
+  mkdir -p "$TMP_VMDK_MNT"
+
+  for MOUNT_DEV in /dev/sda{1..5}; do
+    DEV_NAME=$(basename "$MOUNT_DEV")
+    print_output "[*] Trying to mount $ORANGE$MOUNT_DEV$NC to $ORANGE$TMP_VMDK_MNT$NC directory"
+    # if troubles ahead with vmdk mount, remove the error redirection
+    guestmount -a "$VMDK_PATH_" -m "$MOUNT_DEV" --ro "$TMP_VMDK_MNT" 2>/dev/null
+    if mount | grep -q vmdk_mount; then
+      print_output "[*] Copying $ORANGE$MOUNT_DEV$NC to firmware directory $EXTRACTION_DIR_"
+      mkdir -p "$EXTRACTION_DIR"/"$DEV_NAME"/
+      cp -pri "$TMP_VMDK_MNT"/* "$EXTRACTION_DIR_"/"$DEV_NAME"/
+      umount "$TMP_VMDK_MNT"
+    fi
+  done
+
+  VMDK_FILES=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+  VMDK_DIRS=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+
+  if [[ "$VMDK_FILES" -gt 0 ]]; then
+    print_output ""
+    print_output "[*] Extracted $ORANGE$VMDK_FILES$NC files and $ORANGE$VMDK_DIRS$NC directories from the firmware image."
+    write_csv_log "Extractor" "files" "directories" "firmware dir"
+    write_csv_log "VMDK extractor" "$VMDK_FILES" "$VMDK_DIRS" "$EXTRACTION_DIR_"
+  fi
+  rm -r "$TMP_VMDK_MNT"
+}
diff --git a/modules/P11_dlink_SHRS_enc_extract.sh b/modules/P11_dlink_SHRS_enc_extract.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
-# emba - EMBEDDED LINUX ANALYZER
+# EMBA - EMBEDDED LINUX ANALYZER
 #
 # Copyright 2020-2021 Siemens Energy AG
 # Copyright 2020-2021 Siemens AG
 #
-# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
 # See LICENSE file for usage of this software.
 #
-# emba is licensed under GPLv3
+# EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
 
@@ -23,20 +23,31 @@ P11_dlink_SHRS_enc_extract() {
 
   if [[ "$DLINK_ENC_DETECTED" -ne 0 ]]; then
     module_title "DLink encrypted firmware extractor"
-    hexdump -C "$FIRMWARE_PATH" | head | tee -a "$LOG_FILE"
+    EXTRACTION_FILE="$LOG_DIR"/firmware/firmware_dlink_dec.bin
+
     if [[ "$DLINK_ENC_DETECTED" -eq 1 ]]; then
-      dd if="$FIRMWARE_PATH" skip=1756 iflag=skip_bytes|openssl aes-128-cbc -d -p -nopad -nosalt -K "c05fbf1936c99429ce2a0781f08d6ad8" -iv "67c6697351ff4aec29cdbaabf2fbe346" --nosalt -in /dev/stdin -out "$LOG_DIR"/firmware/firmware_dlink_dec.bin 2>&1 | tee -a "$LOG_FILE"
+      dlink_SHRS_enc_extractor "$FIRMWARE_PATH" "$EXTRACTION_FILE"
     elif [[ "$DLINK_ENC_DETECTED" -eq 2 ]]; then
       print_output "[-] Decryption of this file is currently not supported"
     fi
 
-    if [[ -f "$LOG_DIR"/firmware/firmware_dlink_dec.bin ]]; then
-      print_output "[+] Decrypted D-Link firmware file to $ORANGE$LOG_DIR/firmware/firmware_dlink_dec.bin$NC"
-      export FIRMWARE_PATH="$LOG_DIR"/firmware/firmware_dlink_dec.bin
-    else
-      print_output "[-] Decryption of D-Link firmware file failed"
-    fi
     NEG_LOG=1
   fi
   module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
 }
+
+dlink_SHRS_enc_extractor() {
+  local DLINK_ENC_PATH_="$1"
+  local EXTRACTION_FILE_="$2"
+
+  hexdump -C "$DLINK_ENC_PATH_" | head | tee -a "$LOG_FILE"
+
+  dd if="$DLINK_ENC_PATH_" skip=1756 iflag=skip_bytes|openssl aes-128-cbc -d -p -nopad -nosalt -K "c05fbf1936c99429ce2a0781f08d6ad8" -iv "67c6697351ff4aec29cdbaabf2fbe346" --nosalt -in /dev/stdin -out "$EXTRACTION_FILE_" 2>&1 | tee -a "$LOG_FILE"
+
+  if [[ -f "$EXTRACTION_FILE_" ]]; then
+    print_output "[+] Decrypted D-Link firmware file to $ORANGE$EXTRACTION_FILE_$NC"
+    export FIRMWARE_PATH="$EXTRACTION_FILE_"
+  else
+    print_output "[-] Decryption of D-Link firmware file failed"
+  fi
+}
diff --git a/modules/P12_avm_freetz_ng_extract.sh b/modules/P12_avm_freetz_ng_extract.sh
@@ -24,24 +24,37 @@ P12_avm_freetz_ng_extract() {
   if [[ "$AVM_DETECTED" -eq 1 ]]; then
     module_title "AVM freetz-ng firmware extractor"
 
-    "$EXT_DIR"/freetz-ng/fwmod -u -d "$LOG_DIR"/firmware/freetz_ng_extractor "$FIRMWARE_PATH" | tee -a "$LOG_FILE"
-
-    FRITZ_FILES=$(find "$LOG_DIR"/firmware/freetz_ng_extractor -type f | wc -l)
-    FRITZ_DIRS=$(find "$LOG_DIR"/firmware/freetz_ng_extractor -type d | wc -l)
-    FRITZ_VERSION=$(grep "detected firmware version:" "$LOG_FILE" | cut -d ":" -f2-)
-    if [[ -n "$FRITZ_VERSION" ]]; then
-      FRITZ_VERSION="NA"
-    fi
-
-    if [[ "$FRITZ_FILES" -gt 0 ]]; then
-      print_output ""
-      print_output "[*] Extracted $ORANGE$FRITZ_FILES$NC files and $ORANGE$FRITZ_DIRS$NC directories from the firmware image."
-      write_csv_log "Extractor" "files" "directories" "firmware directory" "detected firmware version"
-      write_csv_log "Freetz-NG" "$FRITZ_FILES" "$FRITZ_DIRS" "$LOG_DIR/firmware/freetz_ng_extractor" "$FRITZ_VERSION"
-      export DEEP_EXTRACTOR=1
-    fi
+    EXTRACTION_DIR="$LOG_DIR"/firmware/freetz_ng_extractor
+
+    avm_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
 
     NEG_LOG=1
   fi
   module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
 }
+
+avm_extractor() {
+  local AVM_FW_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  local FRITZ_FILES
+  local FRITZ_DIRS
+  local FRITZ_VERSION
+
+  "$EXT_DIR"/freetz-ng/fwmod -u -d "$EXTRACTION_DIR_" "$AVM_FW_PATH_" | tee -a "$LOG_FILE"
+
+  FRITZ_FILES=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+  FRITZ_DIRS=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+
+  FRITZ_VERSION=$(grep "detected firmware version:" "$LOG_FILE" | cut -d ":" -f2-)
+  if [[ -n "$FRITZ_VERSION" ]]; then
+    FRITZ_VERSION="NA"
+  fi
+
+  if [[ "$FRITZ_FILES" -gt 0 ]]; then
+    print_output ""
+    print_output "[*] Extracted $ORANGE$FRITZ_FILES$NC files and $ORANGE$FRITZ_DIRS$NC directories from the firmware image."
+    write_csv_log "Extractor" "files" "directories" "firmware directory" "detected firmware version"
+    write_csv_log "Freetz-NG" "$FRITZ_FILES" "$FRITZ_DIRS" "$EXTRACTION_DIR_" "$FRITZ_VERSION"
+    export DEEP_EXTRACTOR=1
+  fi
+}
diff --git a/modules/P14_ext2_mounter.sh b/modules/P14_ext2_mounter.sh
@@ -23,27 +23,43 @@ P14_ext2_mounter() {
   if [[ "$EXT_IMAGE" -eq 1 ]]; then
     module_title "EXT filesystem extractor"
     print_output "[*] Connect to device $ORANGE$FIRMWARE_PATH$NC"
-    mkdir -p "$TMP_DIR"/ext_mount
-    print_output "[*] Trying to mount $ORANGE$FIRMWARE_PATH$NC to $ORANGE$TMP_DIR/ext_mount$NC directory"
-    mount "$FIRMWARE_PATH" "$TMP_DIR"/ext_mount
-    if mount | grep -q ext_mount; then
-      print_output "[*] Copying $ORANGE$TMP_DIR/ext_mount$NC to firmware tmp directory ($TMP_DIR/ext_mount)"
-      mkdir -p "$LOG_DIR"/firmware/ext_mount_filesystem/
-      cp -pri "$TMP_DIR"/ext_mount/* "$LOG_DIR"/firmware/ext_mount_filesystem/
-      print_output ""
-      print_output "[*] Using the following firmware directory ($ORANGE$LOG_DIR/firmware/ext_mount_filesystem$NC) as base directory:"
-      #shellcheck disable=SC2012
-      ls -lh "$LOG_DIR"/firmware/ext_mount_filesystem/ | tee -a "$LOG_FILE"
-      print_output ""
-      print_output "[*] Unmounting $ORANGE$TMP_DIR/ext_mount$NC directory"
-      FILES_EXT_MOUNT=$(find "$LOG_DIR"/firmware/ext_mount_filesystem/ -type f | wc -l)
-      DIRS_EXT_MOUNT=$(find "$LOG_DIR"/firmware/ext_mount_filesystem/ -type d | wc -l)
-      print_output "[*] Extracted $ORANGE$FILES_EXT_MOUNT$NC files and $ORANGE$DIRS_EXT_MOUNT$NC directories from the firmware image."
-      umount "$TMP_DIR"/ext_mount
-    fi
+
+    EXTRACTION_DIR="$LOG_DIR"/firmware/ext_mount_filesystem/
+
+    ext2_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
+
     export FIRMWARE_PATH="$LOG_DIR"/firmware/
-    rm -r "$TMP_DIR"/ext_mount
     NEG_LOG=1
   fi
   module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
 }
+
+ext2_extractor() {
+  local EXT_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  local TMP_EXT_MOUNT="$TMP_DIR""/ext_mount_$RANDOM"
+  local FILES_EXT_MOUNT
+  local DIRS_EXT_MOUNT
+
+  mkdir -p "$TMP_EXT_MOUNT"
+  print_output "[*] Trying to mount $ORANGE$EXT_PATH_$NC to $ORANGE$TMP_EXT_MOUNT$NC directory"
+  mount "$EXT_PATH_" "$TMP_EXT_MOUNT"
+  if mount | grep -q ext_mount; then
+    print_output "[*] Copying $ORANGE$TMP_EXT_MOUNT$NC to firmware tmp directory ($EXTRACTION_DIR_)"
+    mkdir -p "$EXTRACTION_DIR_"
+    cp -pri "$TMP_EXT_MOUNT"/* "$EXTRACTION_DIR_"
+    print_output ""
+    print_output "[*] Using the following firmware directory ($ORANGE$EXTRACTION_DIR_$NC) as base directory:"
+    #shellcheck disable=SC2012
+    ls -lh "$EXTRACTION_DIR_" | tee -a "$LOG_FILE"
+    print_output ""
+    print_output "[*] Unmounting $ORANGE$TMP_EXT_MOUNT$NC directory"
+
+    FILES_EXT_MOUNT=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+    DIRS_EXT_MOUNT=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+    print_output "[*] Extracted $ORANGE$FILES_EXT_MOUNT$NC files and $ORANGE$DIRS_EXT_MOUNT$NC directories from the firmware image."
+    umount "$TMP_EXT_MOUNT"
+  fi
+  rm -r "$TMP_EXT_MOUNT"
+
+}
diff --git a/modules/P15_ubi_extractor.sh b/modules/P15_ubi_extractor.sh
@@ -22,29 +22,46 @@ P15_ubi_extractor() {
   NEG_LOG=0
   if [[ "$UBI_IMAGE" -eq 1 ]]; then
     module_title "UBI filesystem extractor"
-    mkdir -p "$LOG_DIR"/firmware/ubi_extracted
-    print_output "[*] Extracts UBI firmware image $ORANGE$FIRMWARE_PATH$NC with ${ORANGE}ubireader_extract_images$NC."
-    print_output "[*] File details: $ORANGE$(file "$FIRMWARE_PATH" | cut -d ':' -f2-)$NC"
-    ubireader_extract_images -i -v -w -o "$LOG_DIR"/firmware/ubi_extracted "$FIRMWARE_PATH" | tee -a "$LOG_FILE"
-    print_output "[*] Extracts UBI firmware image $ORANGE$FIRMWARE_PATH$NC with ${ORANGE}ubireader_extract_files$NC."
-    ubireader_extract_files -i -v -w -o "$LOG_DIR"/firmware/ubi_extracted/ "$FIRMWARE_PATH" | tee -a "$LOG_FILE"
-    UBI_1st_ROUND="$(find "$LOG_DIR"/firmware/ubi_extracted -type f -exec file {} \; | grep "UBI image")"
-    for UBI_DATA in "${UBI_1st_ROUND[@]}"; do
-      UBI_FILE=$(echo "$UBI_DATA" | cut -d: -f1)
-      UBI_INFO=$(echo "$UBI_DATA" | cut -d: -f2)
-      if [[ "$UBI_INFO" == *"UBIfs image"* ]]; then
-        sub_module_title "UBIfs deep extraction"
-        print_output "[*] Extracts UBIfs firmware image $ORANGE$FIRMWARE_PATH$NC with ${ORANGE}ubireader_extract_files$NC."
-        print_output "[*] File details: $ORANGE$(file "$UBI_FILE" | cut -d ':' -f2-)$NC"
-        ubireader_extract_files -l -i -v -o "$LOG_DIR"/firmware/ubi_extracted/UBIfs_extracted "$UBI_FILE" | tee -a "$LOG_FILE"
-      fi
-    done
-    print_output ""
-    FILES_UBI_EXT=$(find "$LOG_DIR"/firmware/ubi_extracted/ -type f | wc -l)
-    DIRS_UBI_EXT=$(find "$LOG_DIR"/firmware/ubi_extracted/ -type d | wc -l)
-    print_output "[*] Extracted $ORANGE$FILES_UBI_EXT$NC files and $ORANGE$DIRS_UBI_EXT$NC directories from the firmware image."
+    EXTRACTION_DIR="$LOG_DIR/firmware/ubi_extracted"
+    mkdir -p "$EXTRACTION_DIR"
+
+    ubi_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
+
     export FIRMWARE_PATH="$LOG_DIR"/firmware/
     NEG_LOG=1
   fi
   module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
 }
+
+ubi_extractor() {
+  local UBI_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  local UBI_FILE
+  local UBI_INFO
+  local UBI_1st_ROUND
+  local UBI_DATA
+  local FILES_UBI_EXT
+  local DIRS_UBI_EXT
+
+  print_output "[*] Extracts UBI firmware image $ORANGE$UBI_PATH_$NC with ${ORANGE}ubireader_extract_images$NC."
+  print_output "[*] File details: $ORANGE$(file "$UBI_PATH_" | cut -d ':' -f2-)$NC"
+  ubireader_extract_images -i -v -w -o "$EXTRACTION_DIR_" "$UBI_PATH_" | tee -a "$LOG_FILE"
+  print_output "[*] Extracts UBI firmware image $ORANGE$UBI_PATH_$NC with ${ORANGE}ubireader_extract_files$NC."
+  ubireader_extract_files -i -v -w -o "$EXTRACTION_DIR_" "$UBI_PATH_" | tee -a "$LOG_FILE"
+  UBI_1st_ROUND="$(find "$EXTRACTION_DIR_" -type f -exec file {} \; | grep "UBI image")"
+  for UBI_DATA in "${UBI_1st_ROUND[@]}"; do
+    UBI_FILE=$(echo "$UBI_DATA" | cut -d: -f1)
+    UBI_INFO=$(echo "$UBI_DATA" | cut -d: -f2)
+    if [[ "$UBI_INFO" == *"UBIfs image"* ]]; then
+      sub_module_title "UBIfs deep extraction"
+      print_output "[*] Extracts UBIfs firmware image $ORANGE$UBI_PATH_$NC with ${ORANGE}ubireader_extract_files$NC."
+      print_output "[*] File details: $ORANGE$(file "$UBI_FILE" | cut -d ':' -f2-)$NC"
+      ubireader_extract_files -l -i -v -o "$EXTRACTION_DIR_"/UBIfs_extracted "$UBI_FILE" | tee -a "$LOG_FILE"
+    fi
+  done
+
+  print_output ""
+  FILES_UBI_EXT=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+  DIRS_UBI_EXT=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+  print_output "[*] Extracted $ORANGE$FILES_UBI_EXT$NC files and $ORANGE$DIRS_UBI_EXT$NC directories from the firmware image."
+}