xenv.c

analyse Sigma XENV data blocks

// by petter wahlman, badeip@binary-art.net
// requires libssl-dev
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <ctype.h>
#include <string.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>

#include <openssl/sha.h>

typedef struct {
  unsigned int size;
  unsigned char hash[20];
  unsigned char data[0];
} xenv_header_t;


void print_sha1(unsigned char *sha1)
{
   int i;
   
   for (i = 0; i < SHA_DIGEST_LENGTH; i++)
      printf("%.2x ", sha1[i]);
   putchar('\n');

}

void get_xenv_header_type(unsigned char c, unsigned char *rec_type)
{
   switch(c){
      case 'a':
         sprintf(rec_type, "%5s", "all");
         break;
      case 'l':
         sprintf(rec_type, "%5s", "lnx");
         break;
      case 'w':
         sprintf(rec_type, "%5s", "win");
         break;
      case 'x':
         sprintf(rec_type, "%5s", "xos");
         break;
      case 'y':
         sprintf(rec_type, "%5s", "yam");
         break;
      case 'z':
         sprintf(rec_type, "%5s", "zboot");
         break;
      default:
         sprintf(rec_type, "%5c", c);
         break;
   }
}

void print_xenv_records(xenv_header_t *xenv)
{
   int i, idx;
   char *ptr = NULL;
   
   i = idx = 0;
   printf("\nidx: offset      type key                  value\n"
          "-----------------------------------------------------\n");

   while((xenv->size -sizeof(xenv_header_t)) > i) {
      unsigned char rec_type[12];
      unsigned char *key, *val;
      int rec_size;
      int val_len;
      int offset = i;

      rec_size = xenv->data[++offset];
      key = &xenv->data[++offset];
      val = &xenv->data[++offset + strlen(key)];
      val_len = rec_size - strlen(key);
      
      if (!isascii(key[0]) || (!strlen(key)) || (val_len < 1))
         break;

      get_xenv_header_type(key[0], rec_type);
      if ((isprint(*(char *)&val[0]) && isprint(*(char *)&val[1])))
         printf("%3d: 0x%08x %s.%-20s %s\n", idx, i + strlen(key), rec_type, &key[2], val);
      else
         printf("%3d: 0x%08x %s.%-20s 0x%08x\n", idx, i + strlen(key), rec_type, &key[2], *(unsigned int *)val);

      i += rec_size;
      idx++;
   }
}

static void flip_sha1(unsigned char *md)
{
   int i;
   unsigned char c;

   for (i = 0; i < (SHA_DIGEST_LENGTH >> 1); i++) {
      c = md[i];
      md[i] = md[SHA_DIGEST_LENGTH -1 -i];
      md[SHA_DIGEST_LENGTH -1 -i] = c;
   }
}

int main(int argc, char **argv)
{
   int fd;
   int nr, nw;
   char *buf;
   struct stat st;
   xenv_header_t *xenv;
   unsigned char md[SHA_DIGEST_LENGTH];
   char *target = "/dev/mtd0";
   SHA_CTX c;

   if (argc > 1)
      target = argv[1];

   fd = open(target, O_RDONLY);
   if (-1 == fd) {
      perror(target);
      return 1;
   }

   fstat(fd, &st);
   buf = malloc(st.st_size);
   nr = read(fd, buf, st.st_size);
   if (nr != st.st_size) {
      fprintf(stderr, "failed to read %s\n", target);
      close(fd);
      return 1;
   }

   xenv = (xenv_header_t *)buf;

   SHA1_Init(&c);
   SHA1_Update(&c, buf + sizeof(xenv_header_t), (unsigned long)xenv->size - sizeof(xenv_header_t));
   SHA1_Final(md, &c);

   flip_sha1(md);
   printf("org. sha1: "); print_sha1(xenv->hash);
   printf("calc sha1: "); print_sha1(md);
   print_xenv_records(xenv);

   free(buf);
   close(fd);
   return 0;
}