Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added logfs signature #775

Merged
merged 1 commit into from
Nov 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/magic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1031,6 +1031,17 @@ pub fn patterns() -> Vec<signatures::common::Signature> {
description: signatures::pkcs_der::DESCRIPTION.to_string(),
extractor: None,
},
// LogFS
signatures::common::Signature {
name: "logfs".to_string(),
short: false,
magic_offset: 0,
always_display: false,
magic: signatures::logfs::logfs_magic(),
parser: signatures::logfs::logfs_parser,
description: signatures::logfs::DESCRIPTION.to_string(),
extractor: None,
},
];

binary_signatures
Expand Down
1 change: 1 addition & 0 deletions src/signatures.rs
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ pub mod jboot;
pub mod jffs2;
pub mod jpeg;
pub mod linux;
pub mod logfs;
pub mod luks;
pub mod lz4;
pub mod lzfse;
Expand Down
35 changes: 35 additions & 0 deletions src/signatures/logfs.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
use crate::signatures::common::{SignatureError, SignatureResult, CONFIDENCE_MEDIUM};
use crate::structures::logfs::{parse_logfs_super_block, LOGFS_MAGIC_OFFSET};

/// Human readable description
pub const DESCRIPTION: &str = "LogFS file system";

/// LogFS magic bytes
pub fn logfs_magic() -> Vec<Vec<u8>> {
vec![b"\x7A\x3A\x8E\x5C\xB9\xD5\xBF\x67".to_vec()]
}

/// Validates the LogFS super block
pub fn logfs_parser(file_data: &[u8], offset: usize) -> Result<SignatureResult, SignatureError> {
// Successful return value
let mut result = SignatureResult {
description: DESCRIPTION.to_string(),
confidence: CONFIDENCE_MEDIUM,
..Default::default()
};

if offset >= LOGFS_MAGIC_OFFSET {
result.offset = offset - LOGFS_MAGIC_OFFSET;

if let Some(logfs_sb_data) = file_data.get(result.offset..) {
if let Ok(logfs_super_block) = parse_logfs_super_block(logfs_sb_data) {
result.size = logfs_super_block.total_size;
result.description =
format!("{}, total size: {} bytes", result.description, result.size);
return Ok(result);
}
}
}

Err(SignatureError)
}
1 change: 1 addition & 0 deletions src/structures.rs
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ pub mod iso9660;
pub mod jboot;
pub mod jffs2;
pub mod linux;
pub mod logfs;
pub mod luks;
pub mod lz4;
pub mod lzfse;
Expand Down
50 changes: 50 additions & 0 deletions src/structures/logfs.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
use crate::structures::common::{self, StructureError};

/// Offset of the LogFS magic bytes from the start of the file system
pub const LOGFS_MAGIC_OFFSET: usize = 0x18;

/// Struct to store LogFS info
#[derive(Debug, Default, Clone)]
pub struct LogFSSuperBlock {
pub total_size: usize,
}

/// Parses a LogFS superblock
pub fn parse_logfs_super_block(logfs_data: &[u8]) -> Result<LogFSSuperBlock, StructureError> {
//const LOGFS_CRC_START: usize = LOGFS_MAGIC_OFFSET + 12;
//const LOGFS_CRC_END: usize = 256;

let logfs_sb_structure = vec![
("magic", "u64"),
("crc32", "u32"),
("ifile_levels", "u8"),
("iblock_levels", "u8"),
("data_levels", "u8"),
("segment_shift", "u8"),
("block_shift", "u8"),
("write_shift", "u8"),
("pad0", "u32"),
("pad1", "u16"),
("filesystem_size", "u64"),
("segment_size", "u32"),
("bad_seg_reserved", "u32"),
("feature_incompat", "u64"),
("feature_ro_compat", "u64"),
("feature_compat", "u64"),
("feature_flags", "u64"),
("root_reserve", "u64"),
("speed_reserve", "u64"),
];

if let Some(sb_struct_data) = logfs_data.get(LOGFS_MAGIC_OFFSET..) {
if let Ok(super_block) = common::parse(sb_struct_data, &logfs_sb_structure, "big") {
if super_block["pad0"] == 0 && super_block["pad1"] == 0 {
return Ok(LogFSSuperBlock {
total_size: super_block["filesystem_size"],
});
}
}
}

Err(StructureError)
}