From adc14c7cd836d843d96ebbc74c6a4584305330ab Mon Sep 17 00:00:00 2001 From: n1481 Date: Wed, 30 May 2012 09:04:07 +0000 Subject: [PATCH] =?UTF-8?q?=E3=82=A2=E3=82=AF=E3=82=BB=E3=82=B9=E3=83=AD?= =?UTF-8?q?=E3=82=B0=E8=A7=A3=E6=9E=90=E6=A9=9F=E8=83=BD=E3=82=92=E8=BF=BD?= =?UTF-8?q?=E5=8A=A0=E3=80=81=20=E6=AD=A3=E8=A6=8F=E5=93=81=E3=81=A7?= =?UTF-8?q?=E5=AD=98=E5=9C=A8=E3=81=97=E3=81=A6=E3=81=84=E3=82=8B=E3=82=A8?= =?UTF-8?q?=E3=83=B3=E3=83=88=E3=83=AA=E3=81=8C=E3=83=9E=E3=82=B8=E3=82=B3?= =?UTF-8?q?=E3=83=B3=E5=81=B4=E3=81=AB=E7=84=A1=E3=81=84=E5=A0=B4=E5=90=88?= =?UTF-8?q?=E3=81=AB=E3=82=A2=E3=83=9C=E3=83=BC=E3=83=88=E3=81=97=E3=81=A6?= =?UTF-8?q?=E3=81=84=E3=81=9F=E3=81=AE=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: file:///Users/lillianskinner/Downloads/platinum/twl/TwlToolsRED@581 7061adef-622a-194b-ae81-725974e89856 --- build/tools/TamperDetectorForSrl/checker.cpp | 124 ++++++++++++++++++- build/tools/TamperDetectorForSrl/checker.h | 5 +- build/tools/TamperDetectorForSrl/main.cpp | 25 +++- 3 files changed, 147 insertions(+), 7 deletions(-) diff --git a/build/tools/TamperDetectorForSrl/checker.cpp b/build/tools/TamperDetectorForSrl/checker.cpp index c56a0f8..42eb58c 100644 --- a/build/tools/TamperDetectorForSrl/checker.cpp +++ b/build/tools/TamperDetectorForSrl/checker.cpp @@ -754,6 +754,10 @@ bool Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FIL { break; } + if( entryInfo.entry_name_length == 0) + { + continue; + } fread( entryNames, entryInfo.entry_name_length, 1, fp); entryNames[entryInfo.entry_name_length] = '\0'; if( entryInfo.entry_type == 0) // ファイル @@ -771,6 +775,7 @@ bool Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FIL entry->InitializeEntry( fileEntry); fileEntry->self_id = entry_id; fileEntry->parent_id = parent_id; + entry->SetName( fileEntry, entryNames, entryInfo.entry_name_length); entry->addFileEntry( fileEntry); @@ -989,7 +994,7 @@ u32 Checker::GetOctValue( char* hex_char) } char logBuf[0x46]; -void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* entry, FILE* lfp, CARDRomHashContext *context) +void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, Entry* mEntry, FILE* lfp, CARDRomHashContext *context) { int i = 0; DiffLevel diffLevel; @@ -1027,25 +1032,42 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* en { fread( logBuf, 1, 1, lfp); } - + gFileEntry = entry->FindFileLocation( log_start_adr, log_end_adr); if( gFileEntry) { // 当該ファイルのアクセスログをマジコン側に変換(ファイルの位置が改竄されている場合のため) mFileEntry = mEntry->FindFileEntry( gFileEntry->full_path_name); - m_log_start_adr = (log_start_adr - gFileEntry->top) + mFileEntry->top; - m_log_end_adr = (log_end_adr - gFileEntry->top) + mFileEntry->top; + if( mFileEntry) + { // マジコン側に存在している場合 + m_log_start_adr = (log_start_adr - gFileEntry->top) + mFileEntry->top; + m_log_end_adr = (log_end_adr - gFileEntry->top) + mFileEntry->top; + } + else + { // マジコン側に存在していない場合 + m_log_start_adr = log_start_adr; + m_log_end_adr = log_end_adr; + } + // アクセスログが異なる場合はそれを明示 if( (log_start_adr != m_log_start_adr)||(log_end_adr != m_log_end_adr)) { printf( " -> (0x%lx - 0x%lx)", m_log_start_adr, m_log_end_adr); } - // ファイル名とファイルとしての改竄有無を表示 + // マジコン側に存在していなければその旨を表示 + if( !mFileEntry) + { + printf( " マジコン側には存在していない,"); + } + else + { + // 存在していれば、ファイル名とファイルとしての改竄有無を表示 if( gFileEntry->modified) { printf( " %s(*),", gFileEntry->full_path_name); }else{ printf( " %s,", gFileEntry->full_path_name); } + } // 当該アクセスログにおける改竄の有無を表示 Diff( &diffLevel, log_start_adr, (log_end_adr - log_start_adr), @@ -1138,6 +1160,98 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* en }; } +void Checker::AnalyzeAccessLog( RomHeader* gHeaderBuf, Entry* entry, Entry* mEntry, FILE* lfp) +{ + int i = 0; + DiffLevel diffLevel; + u32 log_start_adr, log_end_adr; + u32 total = 0; + MyFileEntry* gFileEntry; + + while( fread( logBuf, 6, 1, lfp)) + { + if( memcmp( logBuf, "Read: ", 4) == 0) + { + fread( logBuf, 0x25, 1, lfp); + log_start_adr = (GetOctValue(&logBuf[0x9]) + + (GetOctValue(&logBuf[0x8]) * 0x10) + + (GetOctValue(&logBuf[0x7]) * 0x100) + + (GetOctValue(&logBuf[0x6]) * 0x1000) + + (GetOctValue(&logBuf[0x5]) * 0x10000) + + (GetOctValue(&logBuf[0x4]) * 0x100000) + + (GetOctValue(&logBuf[0x3]) * 0x1000000) + + (GetOctValue(&logBuf[0x2]) * 0x10000000)); + + log_end_adr = (GetOctValue(&logBuf[0x14]) + + (GetOctValue(&logBuf[0x13]) * 0x10) + + (GetOctValue(&logBuf[0x12]) * 0x100) + + (GetOctValue(&logBuf[0x11]) * 0x1000) + + (GetOctValue(&logBuf[0x10]) * 0x10000) + + (GetOctValue(&logBuf[0x0F]) * 0x100000) + + (GetOctValue(&logBuf[0x0E]) * 0x1000000) + + (GetOctValue(&logBuf[0x0D]) * 0x10000000)); + + total += log_end_adr - log_start_adr; + printf( "%d, 0x%lx, 0x%lx, %ld", i, log_start_adr, log_end_adr, log_end_adr - log_start_adr); + + if( (log_end_adr - log_start_adr)>= 1000000) + { + fread( logBuf, 1, 1, lfp); + } +/* + gFileEntry = entry->FindFileLocation( log_start_adr, log_end_adr); + if( gFileEntry) + { + // 領域名も表示 + entry->FindAreaLocation( log_start_adr, log_end_adr); + } + else*/ + { // ファイルが該当しなかったら領域名の表示と内容比較 +// entry->FindAreaLocation( log_start_adr, log_end_adr); + // TODO:genuine側の対応アドレスはgenuineファイルエントリの先頭から計算し直す +/* Diff( &diffLevel, + log_start_adr, (log_end_adr - log_start_adr), + log_start_adr, (log_end_adr - log_start_adr), + true, PRINT_LEVEL_0); + if( diffLevel & DIFF_OUT_OF_RANGE) + { + printf( "[out of range]"); + } + else if( diffLevel & DIFF_DATA_MODIFIED) + { + printf( "[data(*)]"); + } + else if( diffLevel & DIFF_DATA_FILLED) + { + printf( "[data(f)]"); + } + else + { + printf( "[data]"); + }*/ + } + printf( "\n"); + } + else if( memcmp( logBuf, "<>\n"); + fread( logBuf, 12, 1, lfp); + } + else if( memcmp( logBuf, "<>\n"); + fread( logBuf, 12, 1, lfp); + } + else + { + printf( "<>\n"); + fread( logBuf, 12, 1, lfp); + } + i++; + }; + printf( "total, %ld\n", total); +} + void Checker::Finalize( void) { } diff --git a/build/tools/TamperDetectorForSrl/checker.h b/build/tools/TamperDetectorForSrl/checker.h index 6d830cb..2047f62 100644 --- a/build/tools/TamperDetectorForSrl/checker.h +++ b/build/tools/TamperDetectorForSrl/checker.h @@ -78,9 +78,12 @@ class Checker void ExportGenuineBmpFiles( Entry* gEntry, PrintLevel print_enable); + /* 起動時アクセスログを解析する */ + void AnalyzeAccessLog( RomHeader* gHeaderBuf, Entry* entry, Entry* mEntry, FILE* lfp); + u32 GetOctValue( char* hex_char); - void FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* entry, FILE* lfp, CARDRomHashContext *context); + void FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, Entry* mEntry, FILE* lfp, CARDRomHashContext *context); }; diff --git a/build/tools/TamperDetectorForSrl/main.cpp b/build/tools/TamperDetectorForSrl/main.cpp index 5c5778b..5df1400 100644 --- a/build/tools/TamperDetectorForSrl/main.cpp +++ b/build/tools/TamperDetectorForSrl/main.cpp @@ -139,15 +139,38 @@ int main (int argc, char *argv[]) lfp = fopen( log_fname, "r"); printf( "\n\n\nACCESS LOG\n"); - checker.FindAccessLogFile( &gHeaderBuf, &mEntry, &gEntry, lfp, &context); + checker.FindAccessLogFile( &gHeaderBuf, &gEntry, &mEntry, lfp, &context); printf( "------------------\n"); fclose( lfp); } + checker.Finalize(); fclose( gfp); fclose( mfp); } + // マジコン名なし かつ Outputファイルあり + if( ((!magicon_fname) && output_fname) && log_fname) + { + FILE* gfp; + FILE* lfp; + Checker checker; + + gfp = fopen( genuine_fname, "r"); + lfp = fopen( log_fname, "r"); + + checker.Initialize( gfp, NULL, gBuf, NULL, BUFFER_SIZE); + + checker.LoadHeader( &gHeaderBuf, NULL); + + checker.AnalyzeAccessLog( &gHeaderBuf, &gEntry, (Entry*)NULL, lfp); + + checker.Finalize(); + + fclose( lfp); + fclose( gfp); + } + return 0; }