Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-30 01:11:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

GT-2926 remove special case matching for zlib headers in DMG filesystem

Browse Source 
(#583).

Some pre-mac appstore DMGs contained zlib compressed payloads.  The
naive check for zlib enabled the DMG file system to catch those cases,
at the expense of false positives for other zlib content.

This commit stops the DMG file system from claiming zlib formatted
files.

Also fix unreleased filehandle in DmgDecryptorStream
This commit is contained in:
dev747368
2019-06-13 18:11:39 -04:00
parent 8dfffdd5db
commit b6c8c6be2b
2 changed files with 30 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/ios/dmg/DmgClientFileSystemFactory.java
-4
View File
@@ -21,7 +21,6 @@ import java.io.IOException;
import generic.jar.ResourceFile; import generic.jar.ResourceFile;
import ghidra.app.util.bin.ByteProvider; import ghidra.app.util.bin.ByteProvider;
import ghidra.file.formats.xar.XARUtil; import ghidra.file.formats.xar.XARUtil;
import ghidra.file.formats.zlib.ZLIB;
import ghidra.formats.gfilesystem.*; import ghidra.formats.gfilesystem.*;
import ghidra.formats.gfilesystem.factory.GFileSystemFactoryWithFile; import ghidra.formats.gfilesystem.factory.GFileSystemFactoryWithFile;
import ghidra.formats.gfilesystem.factory.GFileSystemProbeFull; import ghidra.formats.gfilesystem.factory.GFileSystemProbeFull;
@@ -56,9 +55,6 @@ public class DmgClientFileSystemFactory
if (XARUtil.isXAR(byteProvider)) { if (XARUtil.isXAR(byteProvider)) {
return false; return false;
} }
if (ZLIB.isZLIB(byteProvider)) {
return true;
}
return isEncrypted(containerFile); return isEncrypted(containerFile);
} }
Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/ios/dmg/DmgDecryptorStream.java
+18 -5
View File
@@ -15,15 +15,15 @@
*/ */
package ghidra.file.formats.ios.dmg; package ghidra.file.formats.ios.dmg;
import java.io.*;
import java.util.Arrays;
import ghidra.app.util.bin.*; import ghidra.app.util.bin.*;
import ghidra.file.crypto.*; import ghidra.file.crypto.*;
import ghidra.file.formats.ios.generic.iOS_AesCrypto; import ghidra.file.formats.ios.generic.iOS_AesCrypto;
import ghidra.file.formats.ios.generic.iOS_Sha1Crypto; import ghidra.file.formats.ios.generic.iOS_Sha1Crypto;
import ghidra.util.exception.CryptoException; import ghidra.util.exception.CryptoException;
import java.io.*;
import java.util.Arrays;
/** /**
* An {@link InputStream} that decrypts a DMG file on the fly. * An {@link InputStream} that decrypts a DMG file on the fly.
* <p> * <p>
@@ -76,8 +76,7 @@ public class DmgDecryptorStream extends InputStream {
public DmgDecryptorStream(String containerName, String dmgName, ByteProvider provider) public DmgDecryptorStream(String containerName, String dmgName, ByteProvider provider)
throws IOException { throws IOException {
this.provider = provider; try {
CryptoKey cryptoKey = CryptoKeyFactory.getCryptoKey(containerName, dmgName); CryptoKey cryptoKey = CryptoKeyFactory.getCryptoKey(containerName, dmgName);
if (cryptoKey.key.length != 36) { if (cryptoKey.key.length != 36) {
throw new CryptoException("Invalid key length."); throw new CryptoException("Invalid key length.");
@@ -88,6 +87,20 @@ public class DmgDecryptorStream extends InputStream {
aes_key = Arrays.copyOfRange(cryptoKey.key, 0, 16); aes_key = Arrays.copyOfRange(cryptoKey.key, 0, 16);
sha1_key = Arrays.copyOfRange(cryptoKey.key, 16, 16 + 20); sha1_key = Arrays.copyOfRange(cryptoKey.key, 16, 16 + 20);
}
catch (IOException e) {
// Release the provider before this exception finishes since the #close() method can't
// be called later to release it.
try {
provider.close();
}
catch (IOException ioe) {
// ignore
}
throw e;
}
this.provider = provider;
sha1 = new iOS_Sha1Crypto(sha1_key); sha1 = new iOS_Sha1Crypto(sha1_key);