Mattias Wadman
0b6ef2a9d8
golangci-lint: Disable revive unused-parameter and update for new default config
...
unused-parameter disabled as i prefer to see the names
new default revive config seems to not warn about capital names
2023-03-18 22:56:58 +01:00
Mattias Wadman
980ecdba82
decode: Add float 80 reader
...
Rename *d.Bits to UintBits as it return a uint
Add *d.Bits that return []byte
2023-03-10 01:15:55 +01:00
Mattias Wadman
dc4a82eeed
aiff: Add basic decoder
2023-03-09 15:16:52 +01:00
Mattias Wadman
cc52a4419d
id3v2: Decode subframes for CTOC and add struct for headers
2023-03-05 19:29:22 +01:00
Mattias Wadman
9852f56b74
tls: Add TLS 1.0, 1.1, 1.2 decode and decryption
...
What it can do:
- Decodes records and most standard messages and extensions.
- Decryptes records and reassemples application data stream if a keylog is provided
and the cipher suite is supported.
- Supports most recommended and used ciphers and a bunch of older ones.
What it can't do:
- SSL v3 maybe supported, is similar to TLS 1.0, not tested.
- Decryption and renegotiation/cipher change.
- Record defragmentation not supported, seems rare over TCP.
- TLS 1.3
- SSL v2 but v2 compat header is supported.
- Some key exchange messages not decoded yet
Decryption code is heavly based on golang crypto/tls and zmap/zcrypto.
Will be base for decoding http2 and other TLS based on protocols.
Fixes #587
2023-03-05 13:52:12 +01:00
Mattias Wadman
c75a83c829
help: Show default option value as JSON
2023-03-04 09:53:33 +01:00
Mattias Wadman
dec433fc53
help,markdown: Fix double line breaks when converting to text
...
Also fix ugly last line break hack
2023-03-02 23:38:11 +01:00
Mattias Wadman
6c032455eb
pcap,pcapng,ipv4,ipv6: Support raw link type (ipv4 or ipv6)
2023-03-02 18:37:00 +01:00
Mattias Wadman
bdd6718ddb
zip: Correctly peek for zip64 EOCD
2023-02-22 22:22:36 +01:00
Mattias Wadman
5228fdd6cd
zip: Correctly look for and decode both zip32/64 EOCD record
...
There will always be zip(32) EOCD but optinally a zip64 EOCD
Related to #586
2023-02-22 19:34:28 +01:00
Mattias Wadman
56edb59e83
toml,xml: Fail fast on invalid content
...
encoding/xml and github.com/BurntSushi/toml both reads a lot before detecting
that it can't decode. Now we instead read one UTF-8 and make sure it's valid
xml or toml.
Should speed up probing
Related to #586 bigzero-zip.zip
2023-02-22 16:23:21 +01:00
Mattias Wadman
d4ea6632fa
pcap: Add ipv4 fragments tcp test
2023-02-20 11:45:12 +01:00
Mattias Wadman
c8666eeb04
ipv4_packet,ipv6_packet,sll_packet,sll2_packet: Support ipv4/ipv6 link frames and pass correct in arg
...
ipv4/ipv6 in sll* accidentally worked as it passed wrong arg with ether type
2023-02-20 01:34:38 +01:00
Mattias Wadman
8e0dde03d0
decode: Support multiple format args and some rename and refactor
...
This will allow passing both cli options and format options to sub decoder.
Ex: pass keylog option to a tls decoder when decoding a pcap.
Ex: pass decode options to a format inside a http body inside a pcap.
Add ArgAs method to lookup argument based on type. This also makes the format
decode function have same signature as sub decoders in the decode API.
This change decode.Format a bit:
DecodeFn is now just func(d *D) any
DecodeInArg renamed to DefaultInArg
2023-02-18 21:38:51 +01:00
Mattias Wadman
a1bb630a2a
doc,fq: Improve cli help and some cleanup
2023-02-15 11:04:39 +01:00
Mattias Wadman
9aaf2ddf27
matroska: Add unknown size test and add description to ebml header
2023-02-10 10:29:25 +01:00
Mattias Wadman
c890a2899f
matroska: Update spec and make refs in descriptions look nicer
2023-02-09 23:18:17 +01:00
Mattias Wadman
a8d0bf4d3e
matroska: Assume master with unknown size has ended if a valid parent is found
...
Major refactor of ebml code generator, now decoupled from fq code
Cleanup element descriptions a bit, a bit shorter and less clutter
Cleanup old comments
2023-02-09 20:10:47 +01:00
Mattias Wadman
0d14d7b40f
matroska: Handle unknown size for non-master types a bit better
...
For non-master types assume size to be rest of file
Still does not follow the ebml spec
2023-02-08 12:14:40 +01:00
Mattias Wadman
b60aceca9e
matroska: Add decode_samples option
...
Also change the option help a bit, maybe medid and support is confusing, we
might evetually decode non-audio/video things.
2023-02-08 11:31:41 +01:00
Mattias Wadman
dc79a73b72
interp,json: Move error handling to colorjson
...
Cancel error from ValueFn etc will be return by Marshal instead
2023-02-07 16:57:54 +01:00
Mattias Wadman
5c8e115106
colorjson: Refactor to option struct
2023-02-07 16:18:32 +01:00
Mattias Wadman
62e2cef5c2
tcp_segment: Decode standard options and rename maxseg to mss
2023-01-31 12:42:16 +01:00
Mattias Wadman
1eb5e502af
tcp: Ignore TCP option check for now as it seems unreliable in dumps
...
For example MSS can be to small in local dumps
2023-01-28 20:49:20 +01:00
Mattias Wadman
a2cdb3d6c9
Merge pull request #558 from wader/mp4-udta-with-no-length
...
mp4: udta: Handle box with value rest of box
2023-01-25 16:34:58 +01:00
Mattias Wadman
6340365841
mp4: udta: Handle box with value rest of box
...
Try distinguish by probing length field. Should probably be improved, what does ffmpeg do?
Regression from c3e3b3e90d
#553
2023-01-25 16:24:28 +01:00
Mattias Wadman
0d1fdb5edf
Merge pull request #557 from wader/mp3-max-unknown-opt
...
mp3: Add max_unknown option to fail decode if too much unknown bits
2023-01-25 16:00:49 +01:00
Mattias Wadman
2d82c05f64
mp3: Add max_unknown option to fail decode if too much unknown bits
...
Hopefully help fix even more miss-detections
2023-01-25 15:27:31 +01:00
Mattias Wadman
b04a650bae
flac_picture,mpeg: Fix trailing ")" typo in map sym and description
2023-01-25 14:01:34 +01:00
Mattias Wadman
d645e71008
Merge pull request #554 from wader/mp4-ftyp-qt-minor-desc
...
mp4: Decode qt minor verison as YYYY.MM description
2023-01-16 12:23:42 +01:00
Mattias Wadman
f386a5158e
mp4: Decode qt minor verison as YYYY.MM description
2023-01-16 12:13:19 +01:00
Mattias Wadman
c3e3b3e90d
mp4: Decode udta metadata boxes without meta box
2023-01-16 12:03:53 +01:00
Mattias Wadman
c2795a7c2f
Merge pull request #552 from wader/mp4-tkhd-flags
...
mp4: Decode tkhd flags
2023-01-13 18:02:53 +01:00
Mattias Wadman
3555dc6721
mp4: Decode tkhd flags
2023-01-13 17:49:03 +01:00
Mattias Wadman
c49012dbca
mp4: sgpd,sbgp: Change grouping_type to a string
...
Is defined as int32 but is a string in practive it seems
2023-01-05 19:18:48 +01:00
Mattias Wadman
8b49b42fa3
interp: Wrap Binary in decodeValue to fix prompt issue with bits/bytes format
2023-01-04 15:30:05 +01:00
Mattias Wadman
e3ae1440c9
interp: Rename to/from<format> functions to to_/from_<format>
...
Feels less cluttered, easier to read and more consistent.
Still keep tovalue, tobytes etc that are more basic functions this
only renamed format related functions.
Also there is an exceptin for to/fromjson as it comes from jq.
Also fixes lots of spelling errors while reading thru.
2022-12-21 17:48:39 +01:00
Mattias Wadman
8f39ef6335
bplist: Harmonize ns_keyed_archive jq style a bit
...
Let root arg be a lambda so torepr can be done once
2022-12-20 00:56:19 +01:00
Mattias Wadman
6f354bb350
Merge pull request #527 from dgmcdona/apple_package
...
decode: add ns_keyed_archiver, restructure apple decoders into package
2022-12-19 22:47:29 +01:00
David McDonald
129b4b7026
bplist: doc: update docs to reflect changes to ns_keyed_archiver
2022-12-19 15:24:57 -06:00
David McDonald
a9047c0278
bplist: updates from_ns_keyed_archiver to do automatic torepr based on format detection
2022-12-19 15:18:05 -06:00
David McDonald
9dab3c606c
bplist: minor fix to from_ns_keyed_archiver
2022-12-19 14:22:17 -06:00
David McDonald
448c3efb28
bplist: update docs with from_ns_keyed_archiver reference, add error case to function
2022-12-19 13:30:34 -06:00
Mattias Wadman
a85da29544
decode: Make FieldFormat usage more consistent
...
Will make it easier to refactor later on
2022-12-19 19:12:57 +01:00
David McDonald
cba72dbdf0
bplist: added overload for from_ns_keyed_archiver jq func
2022-12-19 02:04:23 -06:00
David McDonald
98eab8cb5b
decode: rename parameter for consistency
2022-12-17 13:36:16 -06:00
David McDonald
93f2aa5d73
decode: change PosLoopDetector to use generics
2022-12-17 13:26:40 -06:00
David McDonald
3232f9cc15
decode: moves PosLoopDetector into its own package
2022-12-17 02:18:48 -06:00
David McDonald
fa368bb790
decode: updates all.go with correct macho path
2022-12-17 01:57:23 -06:00
David McDonald
7c9504c727
decode: moves macho decoder to apple package
2022-12-17 01:54:59 -06:00