Commit f6d7601fc775ce352dde1363d70257424463b095
Committed by
GitHub
GitHub
Merge pull request #378 from r3comp1le/master
added md5 to rtfobj
Showing
1 changed file
with
10 additions
and
4 deletions
oletools/rtfobj.py
| @@ -103,7 +103,7 @@ __version__ = '0.54dev1' | @@ -103,7 +103,7 @@ __version__ = '0.54dev1' | ||
| 103 | 103 | ||
| 104 | # === IMPORTS ================================================================= | 104 | # === IMPORTS ================================================================= |
| 105 | 105 | ||
| 106 | -import re, os, sys, binascii, logging, optparse | 106 | +import re, os, sys, binascii, logging, optparse, hashlib |
| 107 | import os.path | 107 | import os.path |
| 108 | from time import time | 108 | from time import time |
| 109 | 109 | ||
| @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser): | @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser): | ||
| 678 | rtfobj.hexdata = hexdata | 678 | rtfobj.hexdata = hexdata |
| 679 | object_data = binascii.unhexlify(hexdata) | 679 | object_data = binascii.unhexlify(hexdata) |
| 680 | rtfobj.rawdata = object_data | 680 | rtfobj.rawdata = object_data |
| 681 | + rtfobj.rawdata_md5 = hashlib.md5(object_data).hexdigest() | ||
| 681 | # TODO: check if all hex data is extracted properly | 682 | # TODO: check if all hex data is extracted properly |
| 682 | 683 | ||
| 683 | obj = oleobj.OleObject() | 684 | obj = oleobj.OleObject() |
| @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser): | @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser): | ||
| 687 | rtfobj.class_name = obj.class_name | 688 | rtfobj.class_name = obj.class_name |
| 688 | rtfobj.oledata_size = obj.data_size | 689 | rtfobj.oledata_size = obj.data_size |
| 689 | rtfobj.oledata = obj.data | 690 | rtfobj.oledata = obj.data |
| 691 | + rtfobj.oledata_md5 = hashlib.md5(obj.data).hexdigest() | ||
| 690 | rtfobj.is_ole = True | 692 | rtfobj.is_ole = True |
| 691 | if obj.class_name.lower() == b'package': | 693 | if obj.class_name.lower() == b'package': |
| 692 | opkg = oleobj.OleNativeStream(bindata=obj.data, | 694 | opkg = oleobj.OleNativeStream(bindata=obj.data, |
| @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser): | @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser): | ||
| 695 | rtfobj.src_path = opkg.src_path | 697 | rtfobj.src_path = opkg.src_path |
| 696 | rtfobj.temp_path = opkg.temp_path | 698 | rtfobj.temp_path = opkg.temp_path |
| 697 | rtfobj.olepkgdata = opkg.data | 699 | rtfobj.olepkgdata = opkg.data |
| 700 | + rtfobj.olepkgdata_md5 = hashlib.md5(opkg.data).hexdigest() | ||
| 698 | rtfobj.is_package = True | 701 | rtfobj.is_package = True |
| 699 | else: | 702 | else: |
| 700 | if olefile.isOleFile(obj.data): | 703 | if olefile.isOleFile(obj.data): |
| @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 878 | ole_column += '\nFilename: %r' % rtfobj.filename | 881 | ole_column += '\nFilename: %r' % rtfobj.filename |
| 879 | ole_column += '\nSource path: %r' % rtfobj.src_path | 882 | ole_column += '\nSource path: %r' % rtfobj.src_path |
| 880 | ole_column += '\nTemp path = %r' % rtfobj.temp_path | 883 | ole_column += '\nTemp path = %r' % rtfobj.temp_path |
| 884 | + ole_column += '\nMD5 = %r' % rtfobj.olepkgdata_md5 | ||
| 881 | ole_color = 'yellow' | 885 | ole_color = 'yellow' |
| 882 | # check if the file extension is executable: | 886 | # check if the file extension is executable: |
| 883 | 887 | ||
| @@ -892,8 +896,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -892,8 +896,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 892 | if re_executable_extensions.match(temp_ext) or re_executable_extensions.match(file_ext): | 896 | if re_executable_extensions.match(temp_ext) or re_executable_extensions.match(file_ext): |
| 893 | ole_color = 'red' | 897 | ole_color = 'red' |
| 894 | ole_column += '\nEXECUTABLE FILE' | 898 | ole_column += '\nEXECUTABLE FILE' |
| 895 | - # else: | ||
| 896 | - # pkg_column = 'Not an OLE Package' | 899 | + else: |
| 900 | + ole_column += '\nMD5 = %r' % rtfobj.oledata_md5 | ||
| 897 | if rtfobj.clsid is not None: | 901 | if rtfobj.clsid is not None: |
| 898 | ole_column += '\nCLSID: %s' % rtfobj.clsid | 902 | ole_column += '\nCLSID: %s' % rtfobj.clsid |
| 899 | ole_column += '\n%s' % rtfobj.clsid_desc | 903 | ole_column += '\n%s' % rtfobj.clsid_desc |
| @@ -942,6 +946,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -942,6 +946,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 942 | else: | 946 | else: |
| 943 | fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start) | 947 | fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start) |
| 944 | print(' saving to file %s' % fname) | 948 | print(' saving to file %s' % fname) |
| 949 | + print(' md5 %s' % rtfobj.olepkgdata_md5) | ||
| 945 | open(fname, 'wb').write(rtfobj.olepkgdata) | 950 | open(fname, 'wb').write(rtfobj.olepkgdata) |
| 946 | # When format_id=TYPE_LINKED, oledata_size=None | 951 | # When format_id=TYPE_LINKED, oledata_size=None |
| 947 | elif rtfobj.is_ole and rtfobj.oledata_size is not None: | 952 | elif rtfobj.is_ole and rtfobj.oledata_size is not None: |
| @@ -959,11 +964,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -959,11 +964,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 959 | ext = 'bin' | 964 | ext = 'bin' |
| 960 | fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext) | 965 | fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext) |
| 961 | print(' saving to file %s' % fname) | 966 | print(' saving to file %s' % fname) |
| 967 | + print(' md5 %s' % rtfobj.oledata_md5) | ||
| 962 | open(fname, 'wb').write(rtfobj.oledata) | 968 | open(fname, 'wb').write(rtfobj.oledata) |
| 963 | else: | 969 | else: |
| 964 | print('Saving raw data in object #%d:' % i) | 970 | print('Saving raw data in object #%d:' % i) |
| 965 | fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start) | 971 | fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start) |
| 966 | print(' saving object to file %s' % fname) | 972 | print(' saving object to file %s' % fname) |
| 973 | + print(' md5 %s' % rtfobj.rawdata_md5) | ||
| 967 | open(fname, 'wb').write(rtfobj.rawdata) | 974 | open(fname, 'wb').write(rtfobj.rawdata) |
| 968 | 975 | ||
| 969 | 976 | ||
| @@ -1047,4 +1054,3 @@ if __name__ == '__main__': | @@ -1047,4 +1054,3 @@ if __name__ == '__main__': | ||
| 1047 | main() | 1054 | main() |
| 1048 | 1055 | ||
| 1049 | # This code was developed while listening to The Mary Onettes "Lost" | 1056 | # This code was developed while listening to The Mary Onettes "Lost" |
| 1050 | - |