-
Notifications
You must be signed in to change notification settings - Fork 0
/
mbr_parser.py
113 lines (85 loc) · 2.73 KB
/
mbr_parser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/python3
import binascii
import socket
import argparse
def b(x):
return x * 2
def convert_to_hex(file_path):
with open(file_path, "rb") as f:
content = f.read()
return binascii.hexlify(content)
def have_boot_signature(content) -> bool:
return hex_content[-b(2) :].decode() == "55aa"
def remove_unless_bytes(contet):
return hex_content[b(446) : -b(2)]
def it_is_bootable(content):
return content[: b(1)].decode() == "80"
def have_n_bytes(content, n):
return len(content) == b(n)
def get_partition(clean_content):
partition = []
for i in range(4):
init = i * b(16)
end = init + b(16)
partition.append(clean_content[init:end])
return partition
def have_info(partition):
# Use a função
return set(partition) != {48}
def big_endian_to_little_endian(content, n):
return socket.ntohl(int(content[b(n) : b(n + 4)].decode(), 16))
def file_system(partition):
files_dict = {
"00": "empty",
"01": "FAT12",
"04": "FAT16",
"07": "NTFS",
"83": "Linux",
"a8": "MACOSX",
"fb": "VMWARE_FILE_SYSTEM",
"fc": "VMWARE_SWAP",
}
return files_dict.get(partition[b(4) : b(5)].decode(), "Unknown")
def calculate_size(partition):
return big_endian_to_little_endian(partition, 12) * 512
argparse = argparse.ArgumentParser()
argparse.add_argument("-f", "--file", help="file to be parsed")
args = argparse.parse_args()
hex_content = convert_to_hex(args.file)
if not have_boot_signature(hex_content) or not have_n_bytes(hex_content, 512):
print("Invalid MBR")
exit(1)
clean_content = remove_unless_bytes(hex_content)
partitions = get_partition(clean_content)
for i in range(4):
if have_info(partitions[i]):
print(f"partition {i+1}")
print(
" ".join(
partitions[i].decode()[j : j + 2]
for j in range(0, len(partitions[i].decode()), 2)
)
)
print(" is bootable [1byte]:", it_is_bootable(partitions[i]))
print(" file system [5byte]:", file_system(partitions[i]))
print(
" start sector [9-12byte]:",
big_endian_to_little_endian(partitions[i], 8),
)
print(
" size in [13-16byte]: {:.4f} KB".format(
calculate_size(partitions[i]) / 1024
)
)
print(
" size in [13-16byte]: {:.4f} MB".format(
calculate_size(partitions[i]) / 1024 / 1024
)
)
print(
" size in [13-16byte]: {:.4f} GB".format(
calculate_size(partitions[i]) / 1024 / 1024 / 1024
)
)
else:
print(f"partition {i+1} is empty")