Hello Readers!

This week is going to be another short one.  The script I wanted to put up this week isn’t finished yet, still working some of the kinks out of it.  So in place of it this week I put up a script I wrote when I was creating the YOP Week 11 script.

This weeks script uses the libewf library to mount an E01 or L01 image.  It’s calling ewfmount as part of the script, so you need to make sure it’s already installed on your system.

The basic test with this script was to make sure when I was using the subprocess module, I was doing it correctly.  To that end this script will allow you to mount either an E01 or L01 image on to your computer.  All you need to do is pass it the first file name in the E01/L01 segment, specify if it’s an L01 image (this one is optional), and where you want to mount it.

Again the original purpose of this script was to help me with testing.  To that end there’s not much too it, but you never know when a little bit of code like that can help someone out in the long run….

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader,

This week I wanted to shift my focus a bit into creating some type of GUI interface for one of my previous scripts.  I’ve been wanting to play around with a stand alone GUI interface as well as a web interface.  I’m doing a GUI interface this week, using Tkinter, and I’m thinking of trying a web interface next week.  I chose Tkinter only because it’s built in to Python and works on all three OS’s (Windows, OS X, and Linux).

The script I decided to put the front end on was the YOP Week 20 script, which simply parses out the header for a Windows LNK file.

To make this script work, I did a LOT of googling, but I would like to thank the Mouse vs Python blog for a post that helped get it all working.  Mike has a great blog, and he’s written a great intro book to Python.

The main challenge in writing this script was how to get the output redirected into the GUI interface.  There are a lot of tutorials and samples on how to create the part that allows you to pick and load the file to parse.  However there aren’t as many that I was able to find to talk about how to redirect output to a window.  I was also trying to avoid using OOP code, since I’m still learning how to write OOP Python code.

Until next week!

https://github.com/CdtDelta/YOP


Hello Readers!

Well this week will be another short one, I’m on vacation right now, but I did write up a new script this week….however….

This one comes with a catch.  I currently don’t have any way to test it….

You may or may not have heard recently how Lenovo up until April of this last year was injecting software on to their Windows machines.  While most manufacturers do this, the uproar here was that they were doing it in such a way, where even if you wiped the device and did a clean install, the software would show up.  You can read more in the Ars Technica article here.

Unfortunately, this isn’t the first time that Lenovo has done this.

What was different this time around, is they were taking advantage of a Windows feature called Windows Platform Binary Table.  Which is essentially gives you the ability to inject a binary into Microsoft Windows via boot firmware.  One example of where you would see something like this is on machines that have Lojack for Laptops installed.

Now for this particular item, Microsoft does supply some documentation, which can be located here (or you can do a Google search to find it).

I decided this week to write quick script to parse out the first 49 bytes of the file, the only downside like I said in the beginning is I don’t have anything to test it against.

(so if anyone does have anything to test it against I’d appreciate the feedback…I’m sure a couple of the formats are wrong)

But basically following the documentation, the script opens up the file you point to, and then parses out the first 49 bytes.  Now currently there is more to the format than that, but without anything to check against it I can’t proceed any further.  Based on the documentation I would need to add some additional logic checks, but I need to see what the output looks like first.  Hopefully I’ll be able to update this at a later date….

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader,

Unfortunately this week I’m travelling, so I had to pull out a script from my past (this will also be a short post).  It’s the vacation time of year, so it’s hard to sit down consistently and get new code written.

About a year or two ago I needed to parse through some wsFTPd logs, and I wanted a simple way to pull out the IP address of the system connecting to the server, and sort by the total amount of times it had connected.  Then as an added bonus, it could look up the IP address to resolve the name (IIRC I was looking for home router connections versus other systems).

Since this was in my “Python youth” it’s a combination of different chunks of code that I looked up.  But in the end it proved effective once I put it all together.

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

This week I’ve started to go back to my Year of Python script for week 22, and parse out some of the ESE DB Header information further.  I ended up writing two more functions that parse out the Database State Code and the Log Position.

Once again I have to credit Joachim Metz’s great work in analyzing the overall structure of this file type.  My hope is to have an overall script that will parse out these files when it’s all said and done.  But I know I have a ways to go yet (thankfully there’s still 21 weeks left in the year!).

What I decided to do this time around was to create a script that will parse these two items, instead of trying to explain where to replace lines of code from the original week 22 script.  My feeling is that starts to get confusing in keeping track of which line numbers to replace code into.  Plus if someone decides they want to use the code for other programs, it’s easier to pull the code out since it can work on it’s own.

The first function parses out the Database state, which should be self explanatory.  All I’m doing here is putting the possible state codes into an array, then we just read in the four byte value at file offset 52, and finally return the appropriate code for that value.

The second function parses out the Log Position, which is a JET_LGPOS structure that according to MSDN:

“…holds data that is internal to the logging mechanism of the database engine”

You can find out more about this structure at the MSDN link.  For now I’m just providing the values.

The to wrap it all up, we just print out the values from the functions…

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

Wow, it’s hard to believe I’ve made it to thirty weeks with this project.  Also a bit shocking that the year is getting closer to the end than to the beginning.

Unfortunately real life got in the way of things this week, so I have to reach back to a script I wrote a while ago.  However it’s a script I use on a regular basis.

Typically there are YouTube videos from conferences, etc that I like to watch on my tablet on trips, the train ride into work, etc.  I wanted to find a way to download the files off of YouTube and then just move them over to my device.  After a bit of Googling I found the pytube project on GitHub.  At the time I looked at this script, I didn’t have a lot of experience with Python, so I started with the author’s sample script.  Once I was able to get that working, I wanted to tweak it for something I could use whenever I wanted to.  Most of the sample script has everything hard coded, so you need to edit the script when the YouTube video changes.

I decided to have it prompt me for all the choices I wanted, and that way I would never need to edit the script.  With all that said the caveat with this weeks script is I’m using the pytube author’s license, versus what I normally use.

The script is pretty straightforward, when you run it, the first thing it does is ask you for the URL of the YouTube video you want to download.  This is what you get from the address bar or the share link.  Next, the script goes out and queries the URL, and pulls the name of the video.  I’m using this just to confirm that the video I want is correct.  Next, it queries the video and determines the possible video formats that you can save (codec and quality).  Finally it downloads the file.

Until next week!

https://github.com/CdtDelta/YOP


Hello Reader!

Well this week we’re going to change gears a bit and re-visit a script from Week 11.  You might remember that script was a brute force File Vault script I created to use with the libfvde project.  Now the one issue with that script is if you stop it and start it back up, it has no way of knowing which keys it used before.  One of the plans for the larger program was to include a database portion to track the keys so if we needed to stop and re-run the program, the script would already have a database of what keys had already been tried.

So for this week, I’m starting to write the code to do the database portion of the overall script.

For the “framework” of this script, I pulled in some of the code from Week 11.  The goal was that we could still generate the random File Vault decryption keys, but add them to a database, and if necessary check the database for keys that were already used.

The first new function is the check_key function.  Here we’re passing the key to check, and the database to check against.  Then we look up the key in the database, and if it exists, we return a False statement.  This is to tell the overall program that the key has already been used and to try a new key.  Now if the key doesn’t exist, we add it to the database and return True.  This tells the overall program the key has NOT been seen before, so we’ll check it against the file vault image and see if it unlocks it.  Now this script doesn’t do the file vault image check, that will be part of the larger script when it’s completed.

But for now, all this script does is add the random keys to the database.  If you re-run the script, it will check to see if the key was generated before.  So if you want a database of random file vault recovery keys, this script will generate it for you!

Until next week!

https://github.com/CdtDelta/YOP




Follow

Get every new post delivered to your Inbox.