:py:mod:`dissect.target.containers.fortifw` =========================================== .. py:module:: dissect.target.containers.fortifw Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.containers.fortifw.FortiFirmwareFile dissect.target.containers.fortifw.FortiFirmwareContainer Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: dissect.target.containers.fortifw.find_xor_key dissect.target.containers.fortifw.main Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.containers.fortifw.log .. py:data:: log .. py:function:: find_xor_key(fh: BinaryIO) -> bytes Find the XOR key for the firmware file by using known plaintext of zeros. File-like object ``fh`` must be seeked to the correct offset where it should decode to all zeroes (0x00). :param fh: File-like object to read from. :returns: XOR key, note that the XOR key is not validated and may be incorrect. :rtype: bytes .. py:class:: FortiFirmwareFile(fh: BinaryIO) Bases: :py:obj:`dissect.util.stream.AlignedStream` Fortinet firmware file, handles transparant decompression and deobfuscation of the firmware file. .. py:attribute:: fh .. py:attribute:: trailer_offset :value: None .. py:attribute:: trailer_data :value: None .. py:attribute:: xor_key :value: None .. py:attribute:: is_gzipped :value: False .. py:class:: FortiFirmwareContainer(fh: BinaryIO | pathlib.Path, *args, **kwargs) Bases: :py:obj:`dissect.target.container.Container` Base class that acts as a file-like object wrapper around anything that can behave like a "raw disk". Containers are anything from raw disk images and virtual disks, to evidence containers and made-up binary formats. Consumers of the ``Container`` class only need to implement ``seek``, ``tell`` and ``read``. Override ``__init__`` for any opening that you may need to do, but don't forget to initialize the super class. :param fh: The source file-like object of the container or a ``Path`` object to the file. :param size: The size of the container. :param vs: An optional shorthand to set the underlying volume system, usually set later. .. py:attribute:: __type__ :value: 'fortifw' A short string identifying the type of container. .. py:attribute:: ff .. py:attribute:: fw .. py:method:: detect_fh(fh: BinaryIO, original: list | BinaryIO) -> bool :staticmethod: Detect if this ``Container`` can be used to open the file-like object ``fh``. The function checks whether the raw data contains any magic information that corresponds to this specific container. :param fh: A file-like object that we want to open a ``Container`` on. :param original: The original argument passed to ``detect()``. :returns: ``True`` if this ``Container`` can be used for this file-like object, ``False`` otherwise. .. py:method:: detect_path(path: pathlib.Path, original: list | BinaryIO) -> bool :staticmethod: Detect if this ``Container`` can be used to open ``path``. The function checks wether file inside ``path`` is formatted in such a way that this ``Container`` can be used to read it. For example, it validates against the file extension. :param path: A location to a file. :param original: The original argument passed to ``detect()``. :returns: ``True`` if this ``Container`` can be used for this path, ``False`` otherwise. .. py:method:: read(length: int) -> bytes Read a ``length`` of bytes from this ``Container``. .. py:method:: seek(offset: int, whence: int = io.SEEK_SET) -> int Change the stream position to ``offset``. ``whence`` determines where to seek from: * ``io.SEEK_SET`` (``0``):: absolute offset in the stream. * ``io.SEEK_CUR`` (``1``):: current position in the stream. * ``io.SEEK_END`` (``2``):: end of stream. :param offset: The offset relative to the position indicated by ``whence``. :param whence: Where to start the seek from. .. py:method:: tell() -> int Returns the current seek position of the ``Container``. .. py:method:: close() -> None Close the container. Override this if you need to clean-up anything. .. py:function:: main(argv: list[str] | None = None) -> None