Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added simple boot sector analyzer #6

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

added simple boot sector analyzer #6

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fb18180
added simple boot sector analyzer
rkgk04 Nov 22, 2017
a1b5476
minor corrections
rkgk04 Nov 29, 2017
e8823d1
fixed tab lengths
rkgk04 Nov 29, 2017
a0a3d9d
some code fixes
rkgk04 Nov 29, 2017
b525ba9
fetch updates
rkgk04 Nov 29, 2017
4a84189
more changes
rkgk04 Nov 29, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions fishy/ntfs/ntfs_boot.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
"""
interface for ntfs boot sector
"""
import os
import hashlib

class NTFSMeta:
""" class to analyze and scan boot sector of ntfs systems.
"""
def __init__(self, stream):
""" init: open ntfs image
file: saves file name
"""
self.stream = stream
if os.path.isfile(self.stream):
print("ok")
# test.is_ntfs() TODO is this needed?
else:
print("file does not exist.")

def is_altered(self):
""" is_altered:
compare boot sector with the backup boot sector (via hash values)
true: the sector was altered
false: the sector was not altered
"""
offset = 512 # sector size TODO needs to be determined dynamically
try:
# open file
file = open(self.stream, "rb")
data = file.read(offset)
# create hash value for boot sector
hash_boot = hashlib.sha256()
hash_boot.update(data)
# determine file size
statinfo = os.stat(self.stream)
# skip to last partition (backup boot sector)
file.seek(statinfo.st_size - offset)
backup = file.read(offset)
# create hash value for backup boot sector
hash_back = hashlib.sha256()
hash_back.update(backup)
# compare hash values
if hash_boot.hexdigest() == hash_back.hexdigest():
# nothing to do here
print("boot sector was not compromised.")
return False
else:
# compromised, further action required
print("boot sector was compromised.")
return True
except IOError:
return 0
finally:
file.close()

def scan_boot_sector(self):
""" scan_boot_sector: scans the boot sector for hidden data
"""
with open(self.stream, "rb") as file:
offset = 512
# file.seek(0) jump to start of file needed?
pos = file.tell()
current_pos = 0
last = os.stat(self.stream).st_size - offset
while current_pos < offset:
# switch cursor between current position at boot & backup sector
file.seek(pos + current_pos)
boot_c = file.read(1)
file.seek(last + current_pos)
back_c = file.read(1)
if not boot_c:
print("End of file")
break
if boot_c != back_c:
# do something
print(boot_c)
current_pos = current_pos + 1
file.seek(pos)
file.close()