Created
August 17, 2019 13:52
-
-
Save brainstorm/0eca3489bf44c41f6168e7448b81e419 to your computer and use it in GitHub Desktop.
Anritsu MS2721B quick and dirty over-telnet symbol enumeration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import re | |
import csv | |
import telnetlib | |
from collections import defaultdict | |
## EXAMPLE FROM MS2721B telnet session | |
TEST_PAYLOAD='''lkAddr 0\r\n0x0c002000 _usrEntry text \r\n0x0c002040 _sysInit text \r\n0x0c002064 _intPrioTable text \r\n0x0c0 | |
0216c _intPrioTableSize text \r\n0x0c002180 _ataDrv text \r\n0x0c002e40 _ataDevCreate text \r\n0x0c0030c0 _ataRawio | |
text \r\n0x0c0050e0 _testAtaRw text \r\n0x0c005140 _mysysInWordString text \r\n0x0c0051c0 _mysysInLongString text \r\n0x0c00 | |
5240 _batteryInit text \r\n0x0c0052a0 _giBatteryCmd text \r\nvalue = 0 = 0x0\r\n->''' | |
HOST = "10.1.1.116" | |
PROMPT = b"->" | |
SYMBOLS = defaultdict(dict) | |
tn = telnetlib.Telnet(HOST) | |
def connect(host): | |
tn.read_until(PROMPT) | |
def exit(): | |
tn.write(b"exit\r\n") | |
def decode_payload(payload): | |
records = payload.split('\\r\\n') | |
for r in records: | |
if '_' in r: # symbol found | |
if 'value = 0' not in r: | |
addr, func = r.split(' ')[0:2] # only interested in addresses and symbols | |
SYMBOLS[addr] = func | |
# return latest pair to carry on | |
return addr, func | |
def lookup_address(addr): | |
tn.write(bytes("lkAddr {}\r\n".format(addr).encode())) | |
payload=tn.read_until(PROMPT) | |
return str(payload) | |
def main(): | |
print("Connecting to host {}".format(HOST)) | |
connect(HOST) | |
print("Going through all address space, from 0x0 to 0x03f8000") | |
addr = "0" | |
# while int(addr, 16) < int("0x03f80000", 16): | |
while int(addr, 16) != int("0x0fb93aac", 16): | |
# while int(addr, 16) <= int("0x0fb94000", 16): | |
payload = lookup_address(addr) | |
next_addr, symbols = decode_payload(payload) | |
addr = next_addr | |
print("addr {}: {}".format(addr, symbols)) | |
print(SYMBOLS) | |
with open("anritsu_symbols.csv", 'w') as f: | |
writer = csv.writer(f) | |
for k,v in SYMBOLS.items(): | |
writer.writerow([k]+[v]) | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment