Mobius Forensic Toolkit

Home Support Development Screenshots About

Sample code: Calculating hashes for all files inside an imagefile


C++


#include <mobius/disk/disk.h>
#include <mobius/core/application.h>
#include <mobius/crypt/hash.h>
#include <mobius/io/file.h>
#include <iostream>

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
//! \brief Process file
//! \param f File object
//! \param hash_type Hash type
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
void
process_file (
  const mobius::io::file& f,
  const std::string& hash_type
)
{
  try
    {
      if (f.is_reallocated ())
        return;

      auto reader = f.new_reader ();

      if (!reader)
        return;

      mobius::crypt::hash h (hash_type);

      constexpr int BLOCK_SIZE = 65536;
      auto data = reader.read (BLOCK_SIZE);

      while (data)
        {
          h.update (data);
          data = reader.read (BLOCK_SIZE);
        }

      std::cout << h.get_hex_digest () << '\t' << f.get_path () << std::endl;
    }
  catch (const std::exception& e)
    {
      std::cerr << "Warning: " << e.what () << std::endl;
    }
}

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
//! \brief Process folder
//! \param folder Folder object
//! \param hash_type Hash type
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
void
process_folder (
  const mobius::io::folder& folder,
  const std::string& hash_type
)
{
  if (folder.is_reallocated ())
    return;

  try
    {
      for (const auto& child : folder.get_children ())
        {
          if (child.is_file ())
            {
              auto fchild = child.get_file ();
              process_file (fchild, hash_type, path + '/' + fchild.get_name ());
            }

          else
            {
              auto fchild = child.get_folder ();
              process_folder (fchild, hash_type, path + '/' + fchild.get_name ());
            }
        }
    }
  catch (const std::exception& e)
    {
      std::cerr << "Warning: " << e.what () << std::endl;
    }
}

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
//! \brief Process disk
//! \param disk Disk object
//! \param hash_type Hash type
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
void
process_disk (
  const mobius::disk::disk& disk,
  const std::string& hash_type
)
{
  for (const auto& fs : disk.get_filesystems ())
    process_folder (fs.get_root_folder (), hash_type);
}

// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
//! \brief main function
// =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
int
main (int argc, char **argv)
{
  for (int i = 1; i < argc;i++)
    {
      std::cout << std::endl;
      std::cout << ">> " << argv[i] << std::endl;

      auto disk = mobius::disk::new_disk_from_url (argv[i]);

      if (disk.is_available ())
        process_disk (disk, "sha2_512");
    }
}

Python


import mobius
import sys

 # =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# @brief Print hash for file
# @param f File object
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
def process_file (f):
  reader = f.new_reader ()
  if not reader:
    return

  h = mobius.crypt.hash ('sha2_512')
  data = reader.read (65536)
  while data:
    h.update (data)
    data = reader.read (65536)
    
  hvalue = h.get_hex_digest ()
  print '%s\t%s/%s' % (hvalue, f.path, f.name)

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# @brief Print hash values for entries in folder
# @param folder Folder object
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
def process_folder (folder):

  try:
    if folder.is_reallocated ():
      return

    for child in folder.get_children ():
      if child.is_folder ():
        process_folder (child)

      elif not child.is_deleted ():
        process_file (child)

  except Exception, e:
    print 'Warning:', str (e)

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# @brief Print hash values for all entries in disk
# @param disk Disk object
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
def process_disk (disk):
  for idx, fs in enumerate (disk.get_filesystems ()):
    root = fs.get_root_folder ()
    root.set_path (chr (ord ('C') + idx) + ':')   # C:, D:, E:, ...
    process_folder (root)

# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Calculate hashes for each image file
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
for url in sys.argv[1:]:
   disk = mobius.disk.new_disk_from_url (url)

   if disk.is_available ():
     process_disk (disk)

Usage

kff <imagefile-url>
Where imagefile-url is a complete URL to imagefile
Example: kff file:///home/aguiar/imagefile.E01


© 2008-2024 by Eduardo Aguiar. Valid CSS & XHTML. Template design by Arcsin from oswd.org