Breaking Code

December 23, 2008

Working with Property List files in Python

Filed under: Tools — Tags: , , , — Mario Vilas @ 7:25 pm
Update: Python 2.6 now supports .plist files using the plistlib module, check it out!

Hi all. Today we have a tool I wrote some time ago to work with Mac OS Property List (.plist) files. This files have an XML based format, and can serialize high level objects like integers, floats, strings, arrays and dictionaries. There’s also a legacy plist format that doesn’t use XML and should also be easy to parse, but we won’t bother with it since it’s been deprecated in Mac OS 10.0. Here is the Wikipedia entry on Property List files for more details.

Here’s an example Property List file, taken from the Mac OS X Manual Page for plist:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
        <dict>
            <key>Year Of Birth</key>
            <integer>1965</integer>
            <key>Pets Names</key>
            <array/>
            <key>Picture</key>
            <data>
                PEKBpYGlmYFCPA==
            </data>
            <key>City of Birth</key>
            <string>Springfield</string>
            <key>Name</key>
            <string>John Doe</string>
            <key>Kids Names</key>
            <array>
                <string>John</string>
                <string>Kyra</string>
            </array>
        </dict>
    </plist>

As we can see, the data types supported by plist files are also supported natively by Python, so mapping Python objects as Property Lists should be quite straight forward, and it is. What I’m presenting here is a little tool that does the marshalling and unmarshalling, so you can use it pretty much like you would with Pickle, Shelve or Marshal.

A usage example. The following code reads the example plist file from above and produces a Python object, using the fromfile method.

    from PList import PList
    plist = PList.fromfile('example.plist')

Yeah, kinda simple, isn’t it :)

You can also load a plist from a string, using the fromstring method:

    from PList import PList
    data  = open('example.plist', 'r').read()
    plist = PList.fromstring(data)

Or from an ElementTree object, with the fromtree method:

    from PList import PList
    from xml.etree import ElementTree
    tree  = ElementTree.parse('example.plist')
    plist = PList.fromtree(tree)

In all cases the output is an ordinary Python object, tipically a dictionary or an array containing other objects. This is the Python object corresponding to the example plist shown above:

    {'City of Birth': 'Springfield',
     'Kids Names': ['John', 'Kyra'],
     'Name': 'John Doe',
     'Pets Names': [],
     'Picture': '<B\x81\xa5\x81\xa5\x99\x81B<',
     'Year Of Birth': 1965}

You can also write Python objects as Property List files. The output can be a string (the tostring method), an ElementTree tree (totree method) or a file (tofile method).

    from PList import PList
    PList.tofile('output.plist', plist)

Download the code: PList.py

bin2py.py

Filed under: Tools — Tags: , — Mario Vilas @ 6:14 pm

Hi there folks.

Here’s a little tool I coded quite some time ago, and probably we all have done the same at one time or another, maybe over and over again. It’s yet another binary-to-python-code converter. The catch is, this one has a few extra options that may come in handy…

  • Encodes using repr(), hexadecimal or base64
  • Compress with zlib or gzip
  • Also generates the code to uncompress and/or decode the data
  • Can work with a batch of files
  • Can generate multiple output files, or merge all output into one file
  • Cross-platform, of course, since it’s made in Python :)

The code kinda sucks (no classes, all functions, lots of copy paste) but it works. Anyway, a friend told me It’d be a good idea to post it here, so here it is. Enjoy.

Updated

Aug 3, 2011: Added some speed optimizations.

Download the code: bin2py.py

December 13, 2008

Did you check out Netifera already?

Filed under: Tools — Tags: , , , , , — Mario Vilas @ 2:27 am

Netifera is a new open source security tool for network mapping and security auditing for Linux and Mac OS X (Windows will also be supported in the future). It’s a only beta for now, but I think we’ll be hearing much more about it!

There are two kinds of recon you can do with Netifera, active and passive. Today active recon seems a bit rough in the edges, but I’m sure it will evolve soon. There are TCP and UDP port scanners, a very complete DNS tool, a simple web crawler and a rudimentary FTP password bruteforcer.

The passive recon tool is much more remarkable, however. By sniffing the network, Netifera detects active hosts and open ports, maps which host has connected to which (that can help you deduce the function of each host in the network, or the relationships between them), and you can run active recon tools on said hosts while sniffing. Most notably the DNS information gathering tool can use any discovered host with port 53 open as a DNS server.

But there are two reasons for which it draws my attention so much. One is the development framework. Everything is done as Java plugins, pretty much like Eclipse, thus making it very extensible and easier to port to multiple platforms. Here is a tutorial on writing sniffer plugins for Netifera, to add functionality to the passive recon tool. I believe this is a key feature – the possibility of adding plugins for anything can quickly turn this quick-and-dirty recon tool into a much more advanced security audit tool in the future, as more users contribute to the project. It makes me think of Metasploit or nmap, they are what they are today thanks to user contributions, and Netifera may (hopefully) follow the same path. The one drawback I see here is the choice of language -Java- as opposed to scripting languages -Python, Perl, Ruby- which are much less robust but allow for faster development and quick-and-dirty tests scripts or macros.

The second reason I liked this so much is the probe idea they’ll be adding in upcoming versions. What is a probe? In a nutshell, it’s a tiny portable java runtime engine that you can deploy anywhere in the network. This probes can run any code from the Netifera framework (including your custom-made plugins of course), so it’s essentially the same as having the tool installed and running there, but without the hassle. :) By deploying many probes in your network you can map it from several points of view simultaneously, giving you a better perspective on it’s security. The beta you can download from the Netifera web page does not yet have the ability to deploy probes on other hosts, it’s a pity because I really wanted to try that out :( but I’ve been told it will be available soon, so stay tuned.

Well, enough said. Just go grab a copy and toy with it a little, don’t trust my word for it and see for yourselves! :)

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,479 other followers