-
-
Save xpn/66dc3597acd48a4c31f5f77c3cc62f30 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import struct | |
import sys | |
def take_uint8(data, index): | |
r = struct.unpack("B", data[index:index+1]) | |
return r[0] | |
def take_uint32(data, index): | |
r = struct.unpack("I", data[index:index+4]) | |
return r[0] | |
def take_blob(data, index, count): | |
r = struct.unpack(f"{count}s", data[index:index+count]) | |
return r[0] | |
def parseEntry(data, index): | |
# Entry structure: | |
# typedef struct _TrustCacheEntry2 { | |
# uint8_t CDHash[kTCEntryHashSize]; | |
# uint8_t hashType; | |
# uint8_t flags; | |
# uint8_t constraintCategory; | |
# uint8_t reserved0; | |
# } __attribute__((packed)) TrustCacheEntry2_t; | |
cdhash = take_blob(data, index, 20) | |
hashType = take_uint8(data, index + 20) | |
flags = take_uint8(data, index + 21) | |
constraintCategory = take_uint8(data, index + 22) | |
reserved0 = take_uint8(data, index + 23) | |
return (cdhash, hashType, flags, constraintCategory, reserved0) | |
if len(sys.argv) != 2: | |
print("Usage: extract_trustcache.py <extracted_trust_cache_file>") | |
sys.exit(1) | |
with open(sys.argv[1], 'rb') as fd: | |
data = fd.read() | |
# Verify header (_TrustCacheModule2) | |
version = take_uint32(data, 0) | |
if version != 2: | |
print("Unknown version") | |
sys.exit(1) | |
cacheUUID = take_blob(data, 4, 16) | |
entryCount = take_uint32(data, 20) | |
print(f"Cache: {cacheUUID.hex()}") | |
print(f"Number of entries: {entryCount}") | |
# Parse entries (_TrustCacheEntry2) | |
for i in range(entryCount): | |
entry = parseEntry(data, 24 + i * 24) | |
print(f"CDHASH: {entry[0].hex()} HashType:{entry[1]} Flags:{entry[2]} ConstraintCategory:{entry[3]}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment