Merge branch 'n1073645-keychainExtractor'

This commit is contained in:
n1474335 2021-02-11 16:14:34 +00:00
commit 0989550e5c

View File

@ -2197,14 +2197,14 @@ export const FILE_SIGNATURES = {
mime: "application/octet-stream", mime: "application/octet-stream",
description: "", description: "",
signature: { signature: {
0: 0x6b, // keych 0: 0x6b, // kych
1: 0x79, 1: 0x79,
2: 0x63, 2: 0x63,
3: 0x68, 3: 0x68,
4: 0x00, 4: 0x00,
5: 0x01 5: 0x01
}, },
extractor: null extractor: extractMacOSXKeychain
}, },
{ {
name: "TCP Packet", name: "TCP Packet",
@ -2355,6 +2355,12 @@ export const FILE_SIGNATURES = {
1: 0x03, 1: 0x03,
2: 0xc6, 2: 0xc6,
3: 0x04 3: 0x04
},
{
0: 0x95,
1: 0x05,
2: 0x86,
3: 0x04
} }
], ],
extractor: null extractor: null
@ -3406,6 +3412,26 @@ export function extractPListXML(bytes, offset) {
} }
/**
* MacOS X Keychain Extactor.
*
* @param {Uint8Array} bytes
* @param {number} offset
* @returns {Uint8Array}
*/
export function extractMacOSXKeychain(bytes, offset) {
const stream = new Stream(bytes.slice(offset));
// Move to size field.
stream.moveTo(0x14);
// Move forwards by size.
stream.moveForwardsBy(stream.readInt(4));
return stream.carve();
}
/** /**
* OLE2 extractor. * OLE2 extractor.
* *