2020-11-12 09:38:52 +01:00
|
|
|
#include "views/view_information.hpp"
|
|
|
|
|
|
|
|
#include "providers/provider.hpp"
|
|
|
|
|
2020-11-28 21:55:52 +01:00
|
|
|
#include "helpers/utils.hpp"
|
2020-11-12 09:38:52 +01:00
|
|
|
|
|
|
|
#include <cstring>
|
|
|
|
#include <cmath>
|
2020-11-12 21:21:11 +01:00
|
|
|
#include <filesystem>
|
|
|
|
#include <span>
|
|
|
|
#include <vector>
|
|
|
|
|
2020-11-12 09:38:52 +01:00
|
|
|
#include <magic.h>
|
|
|
|
|
|
|
|
namespace hex {
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
ViewInformation::ViewInformation() : View("Information") {
|
2020-11-17 13:58:50 +01:00
|
|
|
View::subscribeEvent(Events::DataChanged, [this](const void*) {
|
2020-11-22 19:43:35 +01:00
|
|
|
this->m_dataValid = false;
|
|
|
|
this->m_highestBlockEntropy = 0;
|
|
|
|
this->m_blockEntropy.clear();
|
|
|
|
this->m_averageEntropy = 0;
|
|
|
|
this->m_blockSize = 0;
|
|
|
|
this->m_valueCounts.fill(0x00);
|
|
|
|
this->m_mimeType = "";
|
|
|
|
this->m_fileDescription = "";
|
|
|
|
this->m_analyzedRegion = { 0, 0 };
|
2020-11-12 09:38:52 +01:00
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
ViewInformation::~ViewInformation() {
|
|
|
|
View::unsubscribeEvent(Events::DataChanged);
|
|
|
|
}
|
|
|
|
|
|
|
|
static float calculateEntropy(std::array<float, 256> &valueCounts, size_t numBytes) {
|
|
|
|
float entropy = 0;
|
|
|
|
|
|
|
|
for (u16 i = 0; i < 256; i++) {
|
|
|
|
valueCounts[i] /= numBytes;
|
|
|
|
|
|
|
|
if (valueCounts[i] > 0)
|
|
|
|
entropy -= (valueCounts[i] * std::log2(valueCounts[i]));
|
|
|
|
}
|
|
|
|
|
|
|
|
return entropy / 8;
|
|
|
|
}
|
|
|
|
|
2020-12-22 18:10:01 +01:00
|
|
|
void ViewInformation::drawContent() {
|
2020-11-23 23:57:19 +01:00
|
|
|
if (ImGui::Begin("Data Information", &this->getWindowOpenState(), ImGuiWindowFlags_NoCollapse)) {
|
2020-11-12 09:38:52 +01:00
|
|
|
ImGui::BeginChild("##scrolling", ImVec2(0, 0), false, ImGuiWindowFlags_NoMove | ImGuiWindowFlags_NoNav);
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
auto provider = prv::Provider::getCurrentProvider();
|
|
|
|
|
|
|
|
if (provider != nullptr && provider->isReadable()) {
|
2020-11-12 09:38:52 +01:00
|
|
|
if (this->m_shouldInvalidate) {
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
this->m_analyzedRegion = { provider->getBaseAddress(), provider->getBaseAddress() + provider->getSize() };
|
2020-11-22 19:43:35 +01:00
|
|
|
|
2020-11-12 09:38:52 +01:00
|
|
|
{
|
2020-12-27 15:39:06 +01:00
|
|
|
this->m_blockSize = std::ceil(provider->getSize() / 2048.0F);
|
2020-11-14 14:41:15 +01:00
|
|
|
std::vector<u8> buffer(this->m_blockSize, 0x00);
|
2020-11-12 09:38:52 +01:00
|
|
|
std::memset(this->m_valueCounts.data(), 0x00, this->m_valueCounts.size() * sizeof(u32));
|
|
|
|
this->m_blockEntropy.clear();
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
for (u64 i = 0; i < provider->getSize(); i += this->m_blockSize) {
|
2020-11-12 09:38:52 +01:00
|
|
|
std::array<float, 256> blockValueCounts = { 0 };
|
2020-12-27 15:39:06 +01:00
|
|
|
provider->read(i, buffer.data(), std::min(u64(this->m_blockSize), provider->getSize() - i));
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-14 14:41:15 +01:00
|
|
|
for (size_t j = 0; j < this->m_blockSize; j++) {
|
2020-11-12 09:38:52 +01:00
|
|
|
blockValueCounts[buffer[j]]++;
|
|
|
|
this->m_valueCounts[buffer[j]]++;
|
|
|
|
}
|
2020-11-14 14:41:15 +01:00
|
|
|
this->m_blockEntropy.push_back(calculateEntropy(blockValueCounts, this->m_blockSize));
|
2020-11-12 09:38:52 +01:00
|
|
|
}
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
this->m_averageEntropy = calculateEntropy(this->m_valueCounts, provider->getSize());
|
2020-11-12 09:38:52 +01:00
|
|
|
this->m_highestBlockEntropy = *std::max_element(this->m_blockEntropy.begin(), this->m_blockEntropy.end());
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
2020-12-27 15:39:06 +01:00
|
|
|
std::vector<u8> buffer(provider->getSize(), 0x00);
|
|
|
|
provider->read(0x00, buffer.data(), buffer.size());
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-12 21:21:11 +01:00
|
|
|
this->m_fileDescription.clear();
|
|
|
|
this->m_mimeType.clear();
|
|
|
|
|
|
|
|
std::string magicFiles;
|
|
|
|
|
2020-11-12 23:08:17 +01:00
|
|
|
std::error_code error;
|
|
|
|
for (const auto &entry : std::filesystem::directory_iterator("magic", error)) {
|
2020-11-12 21:21:11 +01:00
|
|
|
if (entry.is_regular_file() && entry.path().extension() == ".mgc")
|
|
|
|
magicFiles += entry.path().string() + MAGIC_PATH_SEPARATOR;
|
|
|
|
}
|
|
|
|
|
2020-11-12 23:08:17 +01:00
|
|
|
if (!error) {
|
|
|
|
magicFiles.pop_back();
|
|
|
|
|
|
|
|
{
|
|
|
|
magic_t cookie = magic_open(MAGIC_NONE);
|
2020-11-21 14:39:16 +01:00
|
|
|
if (magic_load(cookie, magicFiles.c_str()) != -1)
|
|
|
|
this->m_fileDescription = magic_buffer(cookie, buffer.data(), buffer.size());
|
|
|
|
else
|
|
|
|
this->m_fileDescription = "";
|
2020-11-12 21:21:11 +01:00
|
|
|
|
2020-11-12 23:08:17 +01:00
|
|
|
magic_close(cookie);
|
|
|
|
}
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-12 21:21:11 +01:00
|
|
|
|
2020-11-12 23:08:17 +01:00
|
|
|
{
|
|
|
|
magic_t cookie = magic_open(MAGIC_MIME);
|
2020-11-21 14:39:16 +01:00
|
|
|
if (magic_load(cookie, magicFiles.c_str()) != -1)
|
|
|
|
this->m_mimeType = magic_buffer(cookie, buffer.data(), buffer.size());
|
|
|
|
else
|
|
|
|
this->m_mimeType = "";
|
2020-11-12 23:08:17 +01:00
|
|
|
|
|
|
|
magic_close(cookie);
|
|
|
|
}
|
2020-11-12 21:21:11 +01:00
|
|
|
|
2020-11-12 09:38:52 +01:00
|
|
|
}
|
|
|
|
|
2020-11-12 21:21:11 +01:00
|
|
|
|
2020-11-12 09:38:52 +01:00
|
|
|
this->m_shouldInvalidate = false;
|
2020-11-22 19:43:35 +01:00
|
|
|
this->m_dataValid = true;
|
2020-11-12 09:38:52 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ImGui::NewLine();
|
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
if (ImGui::Button("Analyze current page"))
|
|
|
|
this->m_shouldInvalidate = true;
|
2020-11-15 16:06:10 +01:00
|
|
|
|
|
|
|
ImGui::NewLine();
|
|
|
|
ImGui::Separator();
|
|
|
|
ImGui::NewLine();
|
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
if (this->m_dataValid) {
|
|
|
|
|
2020-12-27 15:39:06 +01:00
|
|
|
for (auto &[name, value] : prv::Provider::getCurrentProvider()->getDataInformation()) {
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::LabelText(name.c_str(), "%s", value.c_str());
|
|
|
|
}
|
|
|
|
|
|
|
|
ImGui::LabelText("Analyzed region", "0x%llx - 0x%llx", this->m_analyzedRegion.first, this->m_analyzedRegion.second);
|
2020-11-15 16:06:10 +01:00
|
|
|
|
|
|
|
ImGui::NewLine();
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::Separator();
|
|
|
|
ImGui::NewLine();
|
2020-11-15 16:06:10 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
if (!this->m_fileDescription.empty()) {
|
|
|
|
ImGui::TextUnformatted("Description:");
|
|
|
|
ImGui::TextWrapped("%s", this->m_fileDescription.c_str());
|
|
|
|
ImGui::NewLine();
|
|
|
|
}
|
2020-11-15 16:06:10 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
if (!this->m_mimeType.empty()) {
|
|
|
|
ImGui::TextUnformatted("MIME Type:");
|
|
|
|
ImGui::TextWrapped("%s", this->m_mimeType.c_str());
|
|
|
|
ImGui::NewLine();
|
|
|
|
}
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::Separator();
|
|
|
|
ImGui::NewLine();
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::Text("Byte Distribution");
|
|
|
|
ImGui::PlotHistogram("##nolabel", this->m_valueCounts.data(), 256, 0, nullptr, FLT_MAX, FLT_MAX,ImVec2(0, 100));
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::NewLine();
|
|
|
|
ImGui::Separator();
|
|
|
|
ImGui::NewLine();
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::Text("Entropy");
|
|
|
|
ImGui::PlotLines("##nolabel", this->m_blockEntropy.data(), this->m_blockEntropy.size(), 0, nullptr, FLT_MAX, FLT_MAX, ImVec2(0, 100));
|
2020-11-12 09:38:52 +01:00
|
|
|
|
2020-11-12 12:01:13 +01:00
|
|
|
ImGui::NewLine();
|
2020-11-22 19:43:35 +01:00
|
|
|
|
2020-11-23 00:34:53 +01:00
|
|
|
ImGui::LabelText("Block size", "2048 blocks of %lu bytes", this->m_blockSize);
|
2020-11-22 19:43:35 +01:00
|
|
|
ImGui::LabelText("Average entropy", "%.8f", this->m_averageEntropy);
|
|
|
|
ImGui::LabelText("Highest entropy block", "%.8f", this->m_highestBlockEntropy);
|
|
|
|
|
|
|
|
if (this->m_averageEntropy > 0.83 && this->m_highestBlockEntropy > 0.9) {
|
|
|
|
ImGui::NewLine();
|
|
|
|
ImGui::TextColored(ImVec4(0.92F, 0.25F, 0.2F, 1.0F),"This data is most likely encrypted or compressed!");
|
|
|
|
}
|
|
|
|
|
2020-11-12 12:01:13 +01:00
|
|
|
}
|
2020-11-12 09:38:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
ImGui::EndChild();
|
|
|
|
}
|
|
|
|
ImGui::End();
|
|
|
|
}
|
|
|
|
|
2020-12-22 18:10:01 +01:00
|
|
|
void ViewInformation::drawMenu() {
|
2020-11-23 23:57:19 +01:00
|
|
|
|
2020-11-12 09:38:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|