Didier Stevens

Tuesday 10 March 2020

Update: oledump.py Version 0.0.48

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of oledump.py brings an update to plugin_biff (improved formula parsing) and fixes for Python 3.


oledump_V0_0_48.zip (https)
MD5: B869EC84DB4F10596212A2B67CF2C684
SHA256: 0E66E3EA42D5761301E0643A27D892B3C4531CCC2E4C95373ECE9B7AD7E6DAC6

Sunday 8 March 2020

Update: oledump.py Version 0.0.47

Filed under: My Software,Update — Didier Stevens @ 22:22

This new version of oledump.py brings Root Entry listing with option –storages and %CLDISDESC% extra parameter.

plugin_biff.py is updated to be faster and has new options -X and -d (pure hexadecimal dump and binary dump).

plugin_clsid.py is a new plugin.

More details in coming blog posts and ISC diary entries.


oledump_V0_0_47.zip (https)
MD5: E851ED7240C08E9E9E3EBA4A412A46A4
SHA256: F35997537D5C4596E413D08C35A83EBD55CAF587D2D9898DAA9285BC83CAF287

Saturday 7 March 2020

Contextual Grepping: Proxmark3 Key Scan Example

Filed under: My Software — Didier Stevens @ 0:00

Recently I had to extract hexadecimal numbers from a Proxmark3 hf 14a command to use with mfkey. The Proxmark3 forum has a discussion on how to do this.

Here is an example of what I need:

I started doing this manually, and later I wrote a script based on my Python text template.

This is a very specialized script, and I prefer to have more generic scripts. My “algorithm” is the following: search for lines with string AUTH-A, and then look at 2 lines before that line, and the 3 lines following that line. This can almost be done with a grep command using option context, but then the line itself and the line before that would also be selected, and I don’t need them.

My Python text template (process-text-file.py) is not only a template to start developing new scripts that reads text files, but it is also a stand-alone program, that can do grepping, for example. After some time, I realized how I could make a more generic script: add a context option to my Python text template to specify the lines to select as offsets from the grepped line.

Option –grep AUTH-A selects each line from text file forum-example.txt that contains the string AUTH-A. If I only use this option, then only lines with string AUTH-A would be the output of my command.

But because I use option –context, I can specify which lines to select relative to the “grepped” line (e.g. containing string AUTH-A).

Option “–context -2,1-3” means that I want to output the line 2 lines before the grepped line (-2) and the 3 lines following the grepped line (1-3). The grepped line itself is no part of the output. If I want that too, I would reference (0) it like this: “–context -2,0,1-3”.



Tuesday 3 March 2020

Overview of Content Published in February

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in February:

Blog posts:

YouTube videos:

Videoblog posts:

SANS ISC Diary entries:

NVISO blog posts:

« Previous Page

Blog at WordPress.com.