dump_ekb
This python code parses a binary .EKB file. No decryption is done, though.
#!/usr/bin/python # # This file is part of FreeMD. # # FreeMD is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # FreeMD is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA import struct import sys import binascii def bin(a): s='' t={0:'0000',1:'0001',2:'0010',3:'0011', 4:'0100',5:'0101',6:'0110',7:'0111', 8:'1000',9:'1001',10:'1010',11:'1011', 12:'1100',13:'1101',14:'1110',15:'1111'} for c in a[0:]: s+=t[ord(c) >> 4] s+=t[ord(c) & 0xf] return s filename = sys.argv[1] data = open(filename, 'rb').read() start = 0 fields = struct.unpack ('>II', data[start:start+8]) ekbid, reserved = fields start += 8 unknown3 = data[start:start+24] start += 24 fields = struct.unpack ('>III', data[start:start+12]) taglen, keydatalen, siglen = fields start += 12 tag = data[start:start+taglen] start += taglen keydata = data[start:start+keydatalen] start += keydatalen sig = data[start:start+siglen] start += siglen # Signatures sigstart = 0 fields = struct.unpack('>IBxxx', sig[sigstart:sigstart+8]); tagsiglen, sigcount = fields sigstart += 8 sigs = [] for signum in range(0, sigcount): fields = struct.unpack ('>BxH', sig[sigstart:sigstart+4]) sigtype,sigdatalen = fields sigstart += 4 sigdata = sig[sigstart:sigstart + sigdatalen] sigstart += sigdatalen sigs.append( [sigtype, sigdata] ) # Interpretation: tags = bin (tag) # The bitfield is an array of triplets with the following meaning: # Bit 0: Does the current node have a key in DATA? # Bit 1: Does the left child not exist? # Bit 2: Does the right child not exist? # Note that the bit 0 of the root node is always set, but the key # never exists. This is an exception to the rule. # Active nodes nodes = [ "K" ] # Parent of active node with key. parents = [ "KR" ] # This is the result. keyinfo = [] # Index into tags. tagidx = 0 # Bit 0 in the root has different meaning. seenroot = False while len(nodes) != 0: newnodes = [] newparents = [] for j in range (0, len(nodes)): newparent = parents[j] # Bit 0: Key included. if seenroot == True: if tags[tagidx] == '1': keyinfo.append ("Enc(" + nodes[j] + "," + parents[j] + ")") newparent = nodes[j] seenroot = True tagidx += 1 # Bit 1: No left child. if tags[tagidx] == '0': # Use this for graphviz # print nodes[j] + " -> " + nodes[j] + "0" newnodes.append (nodes[j] + "0") newparents.append (newparent) tagidx += 1 # Bit 2: No right child. if tags[tagidx] == '0': # Use this for graphviz # print nodes[j] + " -> " + nodes[j] + "1" newnodes.append (nodes[j] + "1") newparents.append (newparent) tagidx += 1 nodes = newnodes parents = newparents print "EKB ", filename print "EKB ID: ", hex (ekbid) print "Reserved: ", hex (reserved) print "Unknown 3: ", binascii.hexlify (unknown3) print "Tag Length: ", hex (taglen) print "Data Length: ", hex (keydatalen) print "Sig Length: ", hex (siglen) print "Tags: ", binascii.hexlify (tag) print "Data: ", binascii.hexlify (keydata[0:16]), keyinfo[0] for i in range (16, keydatalen, 16): print " ", binascii.hexlify (keydata[i:i+16]), keyinfo[i/16] print "Significant Tag Length: ", hex(tagsiglen) for sig in sigs: sigtype, sigdata = sig print "Sig ID: ", hex (sigtype) print "Sig Len: ", hex (len(sigdata)) print "Sig: ", binascii.hexlify (sigdata[0:16]) for i in range (16, len(sigdata), 16): print " ", binascii.hexlify (sigdata[i:i+16])
dump_ekb.txt · Last modified: 2010/03/13 22:44 by megadiscman