dissect.target.containers.fortifw

Module Contents

Classes

FortiFirmwareFile	Fortinet firmware file, handles transparant decompression and deobfuscation of the firmware file.
FortiFirmwareContainer	Base class that acts as a file-like object wrapper around anything that can behave like a "raw disk".

Functions

find_xor_key	Find the XOR key for the firmware file by using known plaintext of zeros.
main

Attributes

log

dissect.target.containers.fortifw.log

dissect.target.containers.fortifw.find_xor_key(fh: BinaryIO) → bytes

Find the XOR key for the firmware file by using known plaintext of zeros.

File-like object fh must be seeked to the correct offset where it should decode to all zeroes (0x00).

Parameters:

fh – File-like object to read from.

Returns:

XOR key, note that the XOR key is not validated and may be incorrect.

Return type:

bytes

class dissect.target.containers.fortifw.FortiFirmwareFile(fh: BinaryIO)

Bases: dissect.util.stream.AlignedStream

Fortinet firmware file, handles transparant decompression and deobfuscation of the firmware file.

class dissect.target.containers.fortifw.FortiFirmwareContainer(fh: BinaryIO | pathlib.Path, *args, **kwargs)

Bases: dissect.target.container.Container

Base class that acts as a file-like object wrapper around anything that can behave like a “raw disk”.

Containers are anything from raw disk images and virtual disks, to evidence containers and made-up binary formats. Consumers of the Container class only need to implement seek, tell and read. Override __init__ for any opening that you may need to do, but don’t forget to initialize the super class.

Parameters:

• fh – The source file-like object of the container or a Path object to the file.

• size – The size of the container.

• vs – An optional shorthand to set the underlying volume system, usually set later.

__type__ = 'fortifw'

static detect_fh(fh: BinaryIO, original: list | BinaryIO) → bool

Detect if this Container can be used to open the file-like object fh.

The function checks whether the raw data contains any magic information that corresponds to this specific container.

Parameters:

• fh – A file-like object that we want to open a Container on.

• original – The original argument passed to detect().

Returns:

True if this Container can be used for this file-like object, False otherwise.

static detect_path(path: pathlib.Path, original: list | BinaryIO) → bool

Detect if this Container can be used to open path.

The function checks wether file inside path is formatted in such a way that this Container can be used to read it. For example, it validates against the file extension.

Parameters:

• path – A location to a file.

• original – The original argument passed to detect().

Returns:

True if this Container can be used for this path, False otherwise.

read(length: int) → bytes

Read a length of bytes from this Container.

seek(offset: int, whence: int = io.SEEK_SET) → int

Change the stream position to offset.

whence determines where to seek from:

• io.SEEK_SET (0):: absolute offset in the stream.

• io.SEEK_CUR (1):: current position in the stream.

• io.SEEK_END (2):: end of stream.

Parameters:

• offset – The offset relative to the position indicated by whence.

• whence – Where to start the seek from.

tell() → int

Returns the current seek position of the Container.

close() → None

Close the container.

Override this if you need to clean-up anything.

dissect.target.containers.fortifw.main(argv: list[str] | None = None) → None