Set of CERT-Polska/sflock patches #7
Conversation
unace-nonfree fails if no extension is set
before
```
from sflock import unpack
a = unpack("53c711d0be07be05c91b1a1e44748734ca816ac4bf91aa4b9b7a32b9b95d032f")
a.children
[]
````
now
```
>>> from sflock import unpack
>>> a = unpack("53c711d0be07be05c91b1a1e44748734ca816ac4bf91aa4b9b7a32b9b95d032f")
>>> a.children
[<sflock.abstracts.File object at 0x7f1d9f2efa10>]
```
now that doesn't break nothing
9358871aad93d7b616075c698dc753e743dd749cecaf7bb73ec3697f0afab414 test.xz
Handle .gz *and* .gzip See merge request cert/sflock!1
Lzip support See merge request cert/sflock!2
```
>>> from sflock import unpack
>>> q = unpack("sample.vhd")
>>> q.to_dict()
{'password': None, 'relaname': None, 'platform': None, 'filepath': 'sample.vhd', 'package': 'vhd', 'parentdirs': [], 'filename': 'sample.vhd', 'sha256': 'ae554ee6d9cae636f8e887b41f61743af8804d95051775a8e4a4ec9b8bd27cbe', 'duplicate': False, 'extrpath': [], 'finger': {'mime': 'application/octet-stream', 'magic': 'Microsoft Disk Image, Virtual Server or Virtual PC', 'mime_human': 'octet stream', 'magic_human': 'Microsoft Disk Image (Virtual Server or Virtual PC)'}, 'error': None, 'selected': True, 'preview': False, 'relapath': None, 'type': 'container', 'children': [{'password': None, 'relaname': 'FedEx pending delivery for you.exe', 'platform': 'windows', 'filepath': None, 'package': 'exe', 'parentdirs': [], 'filename': 'FedEx pending delivery for you.exe', 'sha256': 'f500df00ac0bac4da7df838c6bbc3a5ce330cfaa26665638701ef1412570afaf', 'duplicate': False, 'extrpath': ['FedEx pending delivery for you.exe'], 'finger': {'mime': 'application/x-dosexec', 'magic': 'PE32 executable (GUI) Intel 80386, for MS Windows', 'mime_human': 'dosexec', 'magic_human': 'PE32 executable (GUI) Intel 80386 (for MS Windows)'}, 'error': None, 'selected': False, 'preview': True, 'relapath': 'FedEx pending delivery for you.exe', 'type': 'file', 'children': [], 'size': 1520128L}], 'size': 10490880}
```
Fix ace python3 compatibility See merge request mlwr/sflock!3
Add support for udf archives See merge request mlwr/sflock!4
|
Hello @psrok1 thank you, as far as I know hatching still doing dev of sflock but internally, so i guess sflock py3 will be released with upcoming cuckoov3, im forwarding new features to Rico to keep them notificated about new features. pip package sound good, I will make it public today and ping you here about that |
|
pip package done |
|
btw @psrok1 do you have any sample for that lzip to share? i would like to add it to unittests so we can ensure that tool works properly on future upgrades, strange that i didn't catch the ace problem before |
|
@doomedraven: Thanks! ❤️
Good news!
Sure, we have some testcases from Brushaloader campaign. I see that you have MWDB account, so you can download these files from our service: |
|
amazing i will add it a bit later, so we can have more proper testing and ensure proper work of the tool, thanks again for fixes and improvements |
Hi!
First of all, thank you for your development and maintenance of this fork. We have been doing the same work for https://github.com/CERT-Polska/karton-archive-extractor project (https://github.com/CERT-Polska/sflock), but your repository looks much more up-to-date, so it would be nice to sync our changes 🙂. It would be better to keep all of these contributions in the original repository, but it looks to be completely abandoned.
Here is the set of commits that include some enhancements (mainly developed by @nazywam):
lzipsupport (3e90d2a)ace.AceFilemodule (0fd9abd).udfextension included for UDF archives (zip7.Zip7File, e1f68e9).gzextension included forzip7.GzipFile(b12f350)Currently karton-archive-extractor just embeds the sflock code directly in the package: https://github.com/CERT-Polska/karton-archive-extractor/tree/master/karton/archive_extractor/sflock. That's because there is no forked PyPi distribution that could be used as a dependency. If you decide someday to publish and distribute that fork under new name (
sflock2😃), you'll have our support 💪