rvtr/TwlToolsRED
1
Fork 0
mirror of https://github.com/rvtr/TwlToolsRED.git synced 2025-10-31 06:41:18 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Usageの修正、アクセスログの改竄状況を表示する際、位置が改変されたファイルに対しては不正ツール側のログを表示し、不正ツール側のログに対応するアドレスで比較するように修正

Browse Source 
git-svn-id: file:///Users/lillianskinner/Downloads/platinum/twl/TwlToolsRED@574 7061adef-622a-194b-ae81-725974e89856
This commit is contained in:
n1481 2011-10-18 03:01:27 +00:00
parent df0322bf3d
commit ef5456c8d6
6 changed files with 47 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
build/tools/TamperDetectorForSrl/checker.cpp
View File

@ -196,7 +196,7 @@ void Checker::AnalyzeHeader( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* mH
(u32)(mHeaderBuf->arm9.romSize),
false, PRINT_LEVEL_1);
printf( "------------------\n");
printf( "ARM7 Static Module\n");
Diff( (u32)(gHeaderBuf->arm7.romAddr),
(u32)(gHeaderBuf->arm7.romSize),
@ -220,7 +220,7 @@ void Checker::AnalyzeHeader( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* mH
(u32)(mHeaderBuf->fat_size),
false, PRINT_LEVEL_1);
printf( "------------------\n");
printf( "ARM9 Overlay Table\n");
Diff( (u32)(gHeaderBuf->main_ovt_offset),
(u32)(gHeaderBuf->main_ovt_size),
@ -237,7 +237,7 @@ void Checker::AnalyzeHeader( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* mH
false, PRINT_LEVEL_1);
printf( "------------------\n");
printf( "------------------\n");
printf( "TWL Rom Header\n");
if( gHeaderBuf->platform_code & 0x03)
@ -250,7 +250,7 @@ void Checker::AnalyzeHeader( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* mH
(u32)(mHeaderBuf->ltd_arm9.romSize),
false, PRINT_LEVEL_1);
printf( "------------------\n");
printf( "ARM7 Ltd Static Module\n");
Diff( (u32)(gHeaderBuf->ltd_arm7.romAddr),
(u32)(gHeaderBuf->ltd_arm7.romSize),
@ -387,7 +387,7 @@ void Checker::AnalyzeHeader( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* mH
tmpAreaEntry->bottom = (u32)((u32)(mHeaderBuf->sub_ovt_offset) + mHeaderBuf->sub_ovt_size);
mEntry->addAreaEntry( tmpAreaEntry);
if( gHeaderBuf->platform_code & 0x03)
{
// genuine 領域を登録
@ -553,7 +553,7 @@ void Checker::AnalyzeOverlay( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* m
nowgfp = ftell( gfp);
nowmfp = ftell( mfp);
// ARM9 Overlay
printf( "------- ARM9 Overlay -------\n");
g_ovt_entries = (gHeaderBuf->main_ovt_size) / sizeof(ROM_OVT);
@ -572,7 +572,7 @@ void Checker::AnalyzeOverlay( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* m
fseek( mfp, ((u32)(mHeaderBuf->fat_offset) + (sizeof(ROM_FAT) * m_ovtBuf.file_id)), SEEK_SET);
fread( &g_fatBuf, sizeof(ROM_FAT), 1, gfp);
fread( &m_fatBuf, sizeof(ROM_FAT), 1, mfp);
printf( "- overlay:%d, file_id:0x%lx\n", i, g_ovtBuf.file_id);
Diff( (u32)(g_fatBuf.top), ((u32)(g_fatBuf.bottom) - (u32)(g_fatBuf.top)),
(u32)(m_fatBuf.top), ((u32)(m_fatBuf.bottom) - (u32)(m_fatBuf.top)),
@ -615,7 +615,7 @@ void Checker::AnalyzeOverlay( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* m
fseek( mfp, ((u32)(mHeaderBuf->fat_offset) + (sizeof(ROM_FAT) * m_ovtBuf.file_id)), SEEK_SET);
fread( &g_fatBuf, sizeof(ROM_FAT), 1, gfp);
fread( &m_fatBuf, sizeof(ROM_FAT), 1, mfp);
printf( "- overlay:%d, file_id:0x%lx\n", i, g_ovtBuf.file_id);
Diff( (u32)(g_fatBuf.top), ((u32)(g_fatBuf.bottom) - (u32)(g_fatBuf.top)),
(u32)(m_fatBuf.top), ((u32)(m_fatBuf.bottom) - (u32)(m_fatBuf.top)),
@ -638,7 +638,7 @@ void Checker::AnalyzeOverlay( RomHeader* gHeaderBuf, Entry* gEntry, RomHeader* m
tmpAreaEntry->bottom = (u32)(m_fatBuf.bottom);
mEntry->addAreaEntry( tmpAreaEntry);
}
// ファイルポインタを戻す
fseek( gfp, nowgfp, SEEK_SET);
fseek( mfp, nowmfp, SEEK_SET);
@ -953,11 +953,14 @@ u32 Checker::GetOctValue( char* hex_char)
}
char logBuf[0x46];
void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp, CARDRomHashContext *context)
void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* entry, FILE* lfp, CARDRomHashContext *context)
{
int i = 0;
u8 d1, d2, dm1, dm2;
u32 log_start_adr, log_end_adr;
u32 m_log_start_adr, m_log_end_adr;
MyFileEntry* gFileEntry;
MyFileEntry* mFileEntry;
while( fread( logBuf, 6, 1, lfp))
{
@ -972,7 +975,7 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp,
(GetOctValue(&logBuf[0x4]) * 0x100000) +
(GetOctValue(&logBuf[0x3]) * 0x1000000) +
(GetOctValue(&logBuf[0x2]) * 0x10000000));
log_end_adr = (GetOctValue(&logBuf[0x14]) +
(GetOctValue(&logBuf[0x13]) * 0x10) +
(GetOctValue(&logBuf[0x12]) * 0x100) +
@ -982,18 +985,35 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp,
(GetOctValue(&logBuf[0x0E]) * 0x1000000) +
(GetOctValue(&logBuf[0x0D]) * 0x10000000));
printf( "%d 0x%lx - 0x%lx", i, log_start_adr, log_end_adr);
if( entry->FindFileLocation( log_start_adr, log_end_adr))
{ // TODO:genuine側の対応アドレスはgenuineファイルエントリの先頭から計算し直す
gFileEntry = entry->FindFileLocation( log_start_adr, log_end_adr);
if( gFileEntry)
{ // 当該ファイルのアクセスログをマジコン側に変換(ファイルの位置が改竄されている場合のため)
mFileEntry = mEntry->FindFileEntry( gFileEntry->full_path_name);
m_log_start_adr = (log_start_adr - gFileEntry->top) + mFileEntry->top;
m_log_end_adr = (log_end_adr - gFileEntry->top) + mFileEntry->top;
// アクセスログが異なる場合はそれを明示
if( (log_start_adr != m_log_start_adr)||(log_end_adr != m_log_end_adr))
{
printf( " -> (0x%lx - 0x%lx)", m_log_start_adr, m_log_end_adr);
}
// ファイル名とファイルとしての改竄有無を表示
if( gFileEntry->modified)
{
printf( " %s(*)", gFileEntry->full_path_name);
}else{
printf( " %s", gFileEntry->full_path_name);
}
// 当該アクセスログにおける改竄の有無を表示
if( Diff( log_start_adr, (log_end_adr - log_start_adr),
log_start_adr, (log_end_adr - log_start_adr),
m_log_start_adr, (m_log_end_adr - m_log_start_adr),
true, PRINT_LEVEL_0))
{
printf( "[data]");
}else{
printf( "[data(*)]");
}
if( gHeaderBuf->platform_code & 0x03)
{
GetDigestResult( context, log_start_adr, log_end_adr, &d1, &d2);
@ -1013,7 +1033,7 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp,
else
{
if( d2) { printf( "[d2(*):OK]");} else { printf( "[d2(*):NG]");};
}
}
}
// 領域名も表示
entry->FindAreaLocation( log_start_adr, log_end_adr);
@ -1029,7 +1049,7 @@ void Checker::FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp,
printf( "[data]");
}else{
printf( "[data(*)]");
}
}
}
printf( "\n");
}

8
build/tools/TamperDetectorForSrl/checker.h
View File

@ -40,13 +40,13 @@ class Checker
public:
void Initialize( FILE* myGfp, FILE* myMfp, void* myGbuf, void* myMbuf, u32 size);
/* ヘッダを読むだけ */
bool LoadHeader( void* gHeaderBuf, void* mHeaderBuf);
/* ROMの特定領域に差がないかどうか調べる */
bool Diff( u32 g_offset, u32 g_size, u32 m_offset, u32 m_size, bool isDataOnly, PrintLevel print_enable);
void Finalize( void);
/* ROMヘッダの各領域を管理リストに登録する */
@ -71,8 +71,8 @@ class Checker
u32 GetOctValue( char* hex_char);
void FindAccessLogFile( RomHeader* gHeaderBuf, Entry* entry, FILE* lfp, CARDRomHashContext *context);
void FindAccessLogFile( RomHeader* gHeaderBuf, Entry* mEntry, Entry* entry, FILE* lfp, CARDRomHashContext *context);
};
#endif

4
build/tools/TamperDetectorForSrl/entry.cpp
View File

@ -207,9 +207,9 @@ MyFileEntry* Entry::FindFileLocation( u32 start_adr, u32 end_adr)
retEntry = currentEntry;
if( currentEntry->modified)
{ // 改竄されているファイルの識別表示
printf( " %s(*),", currentEntry->full_path_name);
// printf( " %s(*),", currentEntry->full_path_name);
}else{
printf( " %s,", currentEntry->full_path_name);
// printf( " %s,", currentEntry->full_path_name);
}
}
currentEntry = (MyFileEntry*)(currentEntry->next);

2
build/tools/TamperDetectorForSrl/main.cpp
View File

@ -139,7 +139,7 @@ int main (int argc, char *argv[])
lfp = fopen( log_fname, "r");
printf( "\n\n\nACCESS LOG\n");
checker.FindAccessLogFile( &gHeaderBuf, &gEntry, lfp, &context);
checker.FindAccessLogFile( &gHeaderBuf, &mEntry, &gEntry, lfp, &context);
printf( "------------------\n");
}

5
build/tools/TamperDetectorForSrl/searcharg.cpp
View File

@ -27,8 +27,7 @@ char* log_fname = NULL;
void SA_Usage( void)
{
fprintf( stderr, "Analyzing Tool\n");
fprintf( stderr, "Usage: makelst [-o output-file] [--g genuine-srl-file] [--m magicon-srl-file]\n\n");
fprintf( stderr, "Usage: makelst [-o output-file] [--g genuine-srl-file] [--l access-log-file]\n\n");
fprintf( stderr, "Usage: tamperdetector [-o output-file] [--g genuine-srl-file] [--m magicon-srl-file] [--l access-log-file]\n\n");
exit( 1);
}
@ -47,7 +46,7 @@ void SA_searchopt( int argc, char* argv[])
if( argc <= 1) {
SA_Usage();
}
while( (n = getopt_long( argc, argv, "do:h", &optionInfo[0], NULL))
!= -1)
{

BIN
build/tools/TamperDetectorForSrl/tamperdetector.exe
View File

Binary file not shown.