Created
February 14, 2019 16:41
-
-
Save 0x1F9F1/3a3269a37c9a1eb610aecd71be4473cb to your computer and use it in GitHub Desktop.
Convert a bndb snapshot to json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import json | |
if True: | |
import lzf # pip install python-lzf | |
else: | |
import ctypes | |
class lzf: | |
_lzf_dll = ctypes.CDLL('lzf.dll') | |
_lzf_decompress = _lzf_dll['lzf_decompress'] | |
_lzf_decompress.argtypes = [ctypes.POINTER(ctypes.c_char), ctypes.c_uint, ctypes.POINTER(ctypes.c_char), ctypes.c_uint] | |
_lzf_decompress.restype = ctypes.c_int | |
def decompress(data, max_len): | |
output = ctypes.create_string_buffer(max_len) | |
count = lzf._lzf_decompress(ctypes.create_string_buffer(data), len(data), output, max_len) | |
return output[:count] | |
def binja_lzf_decompress(data): | |
data_len = struct.unpack_from('<I', data, 0)[0] | |
if not (data_len & 0x80000000): | |
data = lzf.decompress(data[4:], data_len & 0x7FFFFFFF) | |
else: | |
data = data[4:] | |
return data | |
with open('snapshot.bin', 'rb') as f: | |
raw_data = f.read() | |
raw_data = binja_lzf_decompress(raw_data) | |
offset = 0 | |
magic, = struct.unpack_from('<I', raw_data, offset) | |
offset += 4 | |
assert magic == 0xCD87E1F8 | |
results = {} | |
while offset < len(raw_data): | |
key_len, = struct.unpack_from('<H', raw_data, offset) | |
offset += 2 | |
key = raw_data[offset:offset+key_len].decode('utf-8') | |
offset += key_len | |
print(key) | |
value_len, = struct.unpack_from('<I', raw_data, offset) | |
offset += 4 | |
value = raw_data[offset:offset+value_len] | |
offset += value_len | |
value = binja_lzf_decompress(value) | |
value = value.decode('utf-8') | |
results[key] = json.loads(value) | |
with open('snapshot.json', 'w') as f: | |
f.write(json.dumps(results, indent = 4)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment