Create a gist now

Instantly share code, notes, and snippets.

@sheagcraig /ThunderstrikeVulnerabilityEA.py
Last active Aug 29, 2015

What would you like to do?
Download ZIP
ThunderstrikeVulnerabilityEA.py
Raw
ThunderstrikeVulnerabilityEA.py
#!/usr/bin/python
# Culled from https://gist.github.com/arubdesu/05b4172890450fa2d9e6
# Given a list of FW models and Thunderstrike patched FW versions,
# report on whether a machine has been patched.
import subprocess
import plistlib
__version__ = "1.0.0"
firmware_dict = {"MM51":"B12",
"MM61":"B08",
"MM71":"B03",
"MP61":"B15",
"MB81":"B06",
"IM121": "B21",
"IM131": "B08",
"IM141": "B11",
"IM142": "B11",
"IM143": "B11",
"IM144": "B10",
"IM151": "B03",
"MBP81": "B2A",
"MBP91": "B0B",
"MBA41": "B12",
"MBA51": "B03",
"MBA61": "B19",
"MBA71": "B06",
"MBP101": "B09",
"MBP102": "B08",
"MBP111": "B15",
"MBP112": "B15",
"MBP114": "B04",
"MBP121": "B07"}
cmd = ["/usr/sbin/system_profiler","SPHardwareDataType", "-xml"]
hdwe_stdout = subprocess.check_output(cmd)
output_plist = plistlib.readPlistFromString(hdwe_stdout)
full_rom = output_plist[0]["_items"][0]["boot_rom_version"]
(hdwe_code, _, current_fw_vers) = full_rom.split(".")
patched_vers = firmware_dict.get(hdwe_code)
if patched_vers:
if current_fw_vers >= patched_vers:
result = "Patched"
else:
result = ("Unpatched current version: %s required version: %s" %
(current_fw_vers, patched_vers))
else:
result = "NotPatchable"
print "<result>%s</result>" % result
@arubdesu

This comment has been minimized.

Show comment Hide comment
@arubdesu

arubdesu Jul 21, 2015

As per Slack, https://gist.github.com/sheagcraig/962b1ec99882b80d03dc#file-thunderstrikevulnerabilityea-py-L24 is indeed wrong as well, it's actually B2A

arubdesu commented Jul 21, 2015

As per Slack, https://gist.github.com/sheagcraig/962b1ec99882b80d03dc#file-thunderstrikevulnerabilityea-py-L24 is indeed wrong as well, it's actually B2A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment