search

fox-it / dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
GNU Affero General Public License v3.0
38 stars 42 forks source link

Add support for reading Fortinet firmware files #652

Closed yunzheng closed 3 months ago

yunzheng commented 3 months ago

This adds transparant decompression and deobfuscation of Fortinet firmware files via the FortiFirmwareContainer and FortiFirmwareFile classes.

The filename has to end with -FORTINET.out for it to be detected as a Fortinet firmware file.

Example usage:

$ target-shell FGT_VM64-v7.4.3.F-build2573-FORTINET.out
$ target-fs FGT_2000E-v5-build1673-FORTINET.out ls /migadmin

Or to decompress and deobfuscate a firmware file to stdout:

$ python3 -m dissect.target.containers.fortifw <FIRMWARE FILE> | xxd

Closes #655

codecov-commenter commented 3 months ago

Codecov Report

Attention: Patch coverage is 85.50725% with 20 lines in your changes are missing coverage. Please review.

Project coverage is 74.83%. Comparing base (12a4e46) to head (cd0d196). Report is 1 commits behind head on main.

:exclamation: Current head cd0d196 differs from pull request most recent head 42f3971. Consider uploading reports for the commit 42f3971 to get more accurate results

Files Patch % Lines
dissect/target/containers/fortifw.py 85.40% 20 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #652 +/- ## ========================================== - Coverage 74.84% 74.83% -0.01% ========================================== Files 288 288 Lines 23932 24038 +106 ========================================== + Hits 17912 17990 +78 - Misses 6020 6048 +28 ``` | [Flag](https://app.codecov.io/gh/fox-it/dissect.target/pull/652/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=fox-it) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/fox-it/dissect.target/pull/652/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=fox-it) | `74.83% <85.50%> (-0.01%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=fox-it#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.