Action unknown: copypageplugin__copy
dump_ekb
This python code parses a binary .EKB file. No decryption is done, though.
#!/usr/bin/python
#
# This file is part of FreeMD.
#
# FreeMD is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# FreeMD is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
import struct
import sys
import binascii
def bin(a):
s=''
t={0:'0000',1:'0001',2:'0010',3:'0011',
4:'0100',5:'0101',6:'0110',7:'0111',
8:'1000',9:'1001',10:'1010',11:'1011',
12:'1100',13:'1101',14:'1110',15:'1111'}
for c in a[0:]:
s+=t[ord(c) >> 4]
s+=t[ord(c) & 0xf]
return s
filename = sys.argv[1]
data = open(filename, 'rb').read()
start = 0
fields = struct.unpack ('>II', data[start:start+8])
ekbid, reserved = fields
start += 8
unknown3 = data[start:start+24]
start += 24
fields = struct.unpack ('>III', data[start:start+12])
taglen, keydatalen, siglen = fields
start += 12
tag = data[start:start+taglen]
start += taglen
keydata = data[start:start+keydatalen]
start += keydatalen
sig = data[start:start+siglen]
start += siglen
# Signatures
sigstart = 0
fields = struct.unpack('>IBxxx', sig[sigstart:sigstart+8]);
tagsiglen, sigcount = fields
sigstart += 8
sigs = []
for signum in range(0, sigcount):
fields = struct.unpack ('>BxH', sig[sigstart:sigstart+4])
sigtype,sigdatalen = fields
sigstart += 4
sigdata = sig[sigstart:sigstart + sigdatalen]
sigstart += sigdatalen
sigs.append( [sigtype, sigdata] )
# Interpretation:
tags = bin (tag)
# The bitfield is an array of triplets with the following meaning:
# Bit 0: Does the current node have a key in DATA?
# Bit 1: Does the left child not exist?
# Bit 2: Does the right child not exist?
# Note that the bit 0 of the root node is always set, but the key
# never exists. This is an exception to the rule.
# Active nodes
nodes = [ "K" ]
# Parent of active node with key.
parents = [ "KR" ]
# This is the result.
keyinfo = []
# Index into tags.
tagidx = 0
# Bit 0 in the root has different meaning.
seenroot = False
while len(nodes) != 0:
newnodes = []
newparents = []
for j in range (0, len(nodes)):
newparent = parents[j]
# Bit 0: Key included.
if seenroot == True:
if tags[tagidx] == '1':
keyinfo.append ("Enc(" + nodes[j] + "," + parents[j] + ")")
newparent = nodes[j]
seenroot = True
tagidx += 1
# Bit 1: No left child.
if tags[tagidx] == '0':
# Use this for graphviz
# print nodes[j] + " -> " + nodes[j] + "0"
newnodes.append (nodes[j] + "0")
newparents.append (newparent)
tagidx += 1
# Bit 2: No right child.
if tags[tagidx] == '0':
# Use this for graphviz
# print nodes[j] + " -> " + nodes[j] + "1"
newnodes.append (nodes[j] + "1")
newparents.append (newparent)
tagidx += 1
nodes = newnodes
parents = newparents
print "EKB ", filename
print "EKB ID: ", hex (ekbid)
print "Reserved: ", hex (reserved)
print "Unknown 3: ", binascii.hexlify (unknown3)
print "Tag Length: ", hex (taglen)
print "Data Length: ", hex (keydatalen)
print "Sig Length: ", hex (siglen)
print "Tags: ", binascii.hexlify (tag)
print "Data: ", binascii.hexlify (keydata[0:16]), keyinfo[0]
for i in range (16, keydatalen, 16):
print " ", binascii.hexlify (keydata[i:i+16]), keyinfo[i/16]
print "Significant Tag Length: ", hex(tagsiglen)
for sig in sigs:
sigtype, sigdata = sig
print "Sig ID: ", hex (sigtype)
print "Sig Len: ", hex (len(sigdata))
print "Sig: ", binascii.hexlify (sigdata[0:16])
for i in range (16, len(sigdata), 16):
print " ", binascii.hexlify (sigdata[i:i+16])
dump_ekb.txt · Last modified: 2010/03/13 22:44 by megadiscman