Commit 2f90ec8e24d33d3e358cfa1a3dfb4e09f698fd58
1 parent
55483626
added md5 to rtfobj
Showing
1 changed file
with
10 additions
and
4 deletions
oletools/rtfobj.py
| @@ -103,7 +103,7 @@ __version__ = '0.54dev1' | @@ -103,7 +103,7 @@ __version__ = '0.54dev1' | ||
| 103 | 103 | ||
| 104 | # === IMPORTS ================================================================= | 104 | # === IMPORTS ================================================================= |
| 105 | 105 | ||
| 106 | -import re, os, sys, binascii, logging, optparse | 106 | +import re, os, sys, binascii, logging, optparse, hashlib |
| 107 | import os.path | 107 | import os.path |
| 108 | from time import time | 108 | from time import time |
| 109 | 109 | ||
| @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser): | @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser): | ||
| 678 | rtfobj.hexdata = hexdata | 678 | rtfobj.hexdata = hexdata |
| 679 | object_data = binascii.unhexlify(hexdata) | 679 | object_data = binascii.unhexlify(hexdata) |
| 680 | rtfobj.rawdata = object_data | 680 | rtfobj.rawdata = object_data |
| 681 | + rtfobj.rawdata_md5 = hashlib.md5(object_data).hexdigest() | ||
| 681 | # TODO: check if all hex data is extracted properly | 682 | # TODO: check if all hex data is extracted properly |
| 682 | 683 | ||
| 683 | obj = oleobj.OleObject() | 684 | obj = oleobj.OleObject() |
| @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser): | @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser): | ||
| 687 | rtfobj.class_name = obj.class_name | 688 | rtfobj.class_name = obj.class_name |
| 688 | rtfobj.oledata_size = obj.data_size | 689 | rtfobj.oledata_size = obj.data_size |
| 689 | rtfobj.oledata = obj.data | 690 | rtfobj.oledata = obj.data |
| 691 | + rtfobj.oledata_md5 = hashlib.md5(obj.data).hexdigest() | ||
| 690 | rtfobj.is_ole = True | 692 | rtfobj.is_ole = True |
| 691 | if obj.class_name.lower() == b'package': | 693 | if obj.class_name.lower() == b'package': |
| 692 | opkg = oleobj.OleNativeStream(bindata=obj.data, | 694 | opkg = oleobj.OleNativeStream(bindata=obj.data, |
| @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser): | @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser): | ||
| 695 | rtfobj.src_path = opkg.src_path | 697 | rtfobj.src_path = opkg.src_path |
| 696 | rtfobj.temp_path = opkg.temp_path | 698 | rtfobj.temp_path = opkg.temp_path |
| 697 | rtfobj.olepkgdata = opkg.data | 699 | rtfobj.olepkgdata = opkg.data |
| 700 | + rtfobj.olepkgdata_md5 = hashlib.md5(opkg.data).hexdigest() | ||
| 698 | rtfobj.is_package = True | 701 | rtfobj.is_package = True |
| 699 | else: | 702 | else: |
| 700 | if olefile.isOleFile(obj.data): | 703 | if olefile.isOleFile(obj.data): |
| @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 878 | ole_column += '\nFilename: %r' % rtfobj.filename | 881 | ole_column += '\nFilename: %r' % rtfobj.filename |
| 879 | ole_column += '\nSource path: %r' % rtfobj.src_path | 882 | ole_column += '\nSource path: %r' % rtfobj.src_path |
| 880 | ole_column += '\nTemp path = %r' % rtfobj.temp_path | 883 | ole_column += '\nTemp path = %r' % rtfobj.temp_path |
| 884 | + ole_column += '\nMD5 = %r' % rtfobj.olepkgdata_md5 | ||
| 881 | ole_color = 'yellow' | 885 | ole_color = 'yellow' |
| 882 | # check if the file extension is executable: | 886 | # check if the file extension is executable: |
| 883 | _, ext = os.path.splitext(rtfobj.filename) | 887 | _, ext = os.path.splitext(rtfobj.filename) |
| @@ -885,8 +889,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -885,8 +889,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 885 | if re_executable_extensions.match(ext): | 889 | if re_executable_extensions.match(ext): |
| 886 | ole_color = 'red' | 890 | ole_color = 'red' |
| 887 | ole_column += '\nEXECUTABLE FILE' | 891 | ole_column += '\nEXECUTABLE FILE' |
| 888 | - # else: | ||
| 889 | - # pkg_column = 'Not an OLE Package' | 892 | + else: |
| 893 | + ole_column += '\nMD5 = %r' % rtfobj.oledata_md5 | ||
| 890 | if rtfobj.clsid is not None: | 894 | if rtfobj.clsid is not None: |
| 891 | ole_column += '\nCLSID: %s' % rtfobj.clsid | 895 | ole_column += '\nCLSID: %s' % rtfobj.clsid |
| 892 | ole_column += '\n%s' % rtfobj.clsid_desc | 896 | ole_column += '\n%s' % rtfobj.clsid_desc |
| @@ -930,6 +934,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -930,6 +934,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 930 | else: | 934 | else: |
| 931 | fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start) | 935 | fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start) |
| 932 | print(' saving to file %s' % fname) | 936 | print(' saving to file %s' % fname) |
| 937 | + print(' md5 %s' % rtfobj.olepkgdata_md5) | ||
| 933 | open(fname, 'wb').write(rtfobj.olepkgdata) | 938 | open(fname, 'wb').write(rtfobj.olepkgdata) |
| 934 | # When format_id=TYPE_LINKED, oledata_size=None | 939 | # When format_id=TYPE_LINKED, oledata_size=None |
| 935 | elif rtfobj.is_ole and rtfobj.oledata_size is not None: | 940 | elif rtfobj.is_ole and rtfobj.oledata_size is not None: |
| @@ -947,11 +952,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -947,11 +952,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 947 | ext = 'bin' | 952 | ext = 'bin' |
| 948 | fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext) | 953 | fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext) |
| 949 | print(' saving to file %s' % fname) | 954 | print(' saving to file %s' % fname) |
| 955 | + print(' md5 %s' % rtfobj.oledata_md5) | ||
| 950 | open(fname, 'wb').write(rtfobj.oledata) | 956 | open(fname, 'wb').write(rtfobj.oledata) |
| 951 | else: | 957 | else: |
| 952 | print('Saving raw data in object #%d:' % i) | 958 | print('Saving raw data in object #%d:' % i) |
| 953 | fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start) | 959 | fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start) |
| 954 | print(' saving object to file %s' % fname) | 960 | print(' saving object to file %s' % fname) |
| 961 | + print(' md5 %s' % rtfobj.rawdata_md5) | ||
| 955 | open(fname, 'wb').write(rtfobj.rawdata) | 962 | open(fname, 'wb').write(rtfobj.rawdata) |
| 956 | 963 | ||
| 957 | 964 | ||
| @@ -1035,4 +1042,3 @@ if __name__ == '__main__': | @@ -1035,4 +1042,3 @@ if __name__ == '__main__': | ||
| 1035 | main() | 1042 | main() |
| 1036 | 1043 | ||
| 1037 | # This code was developed while listening to The Mary Onettes "Lost" | 1044 | # This code was developed while listening to The Mary Onettes "Lost" |
| 1038 | - |