Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add basic LUKS header support #699

Merged
merged 1 commit into from
Oct 16, 2024
Merged

add basic LUKS header support #699

merged 1 commit into from
Oct 16, 2024

Conversation

nmatt0
Copy link
Contributor

@nmatt0 nmatt0 commented Oct 16, 2024

This PR adds basic support for detecting LUKS headers:
https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

Currently I'm only parsing the version and the hash function because those are the two fields that are in the same offsets in versions 1 and 2 of LUKS.

After that version 1 and 2 start to diverge, and will take some more work to parse them separately.

Test data was generated as follows:

dd if=/dev/zero of=test1.bin count=100000 bs=1024
dd if=/dev/zero of=test2.bin count=100000 bs=1024
cryptsetup luksFormat --type luks1 test1.bin
cryptsetup luksFormat --type luks2 test2.bin
echo -e "LUKS\xba\xbe\x00\xff" > test3.bin # FALSE POSITIVE TEST (invalid version number)

Output for LUKS vesion 1:

                 /home/nmatt/work/research/binwalkv3/testfw/test1.bin
--------------------------------------------------------------------------------------
DECIMAL                            HEXADECIMAL                        DESCRIPTION
--------------------------------------------------------------------------------------
0                                  0x0                                LUKS header, 
                                                                      version: 1, 
                                                                      hash fn: 
                                                                      sha256
--------------------------------------------------------------------------------------

Analyzed 1 file for 78 file signatures (180 magic patterns) in 40.0 milliseconds

Output for LUKS vesion 2:

                 /home/nmatt/work/research/binwalkv3/testfw/test2.bin
--------------------------------------------------------------------------------------
DECIMAL                            HEXADECIMAL                        DESCRIPTION
--------------------------------------------------------------------------------------
0                                  0x0                                LUKS header, 
                                                                      version: 2, 
                                                                      hash fn: 
                                                                      sha256
--------------------------------------------------------------------------------------

Analyzed 1 file for 78 file signatures (180 magic patterns) in 349.0 milliseconds

test3.bin did not get flagged as a LUKS header. (correctly)

Thanks,
Matt

@devttys0 devttys0 merged commit 2dcde43 into ReFirmLabs:binwalkv3 Oct 16, 2024
1 check passed
@devttys0
Copy link
Collaborator

Thank you!

@devttys0
Copy link
Collaborator

This has been merged into the master branch

@felbinger felbinger mentioned this pull request Nov 21, 2024
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nmatt0 @devttys0