一、文件操作与隐写
1.1 文件类型识别
1.2 文件分离操作
1.3 文件合并操作
1.4 文件内容隐写
二、图片隐写术
2.1 图片文件隐写
LSB.py #coding:utf-8 importPIL.Image deffoo(): im = PIL.Image.open('01.bmp') im2 =im.copy() pix = im2.load() width,height=im2.size for x inxrange(0,width): for y inxrange(0,height): if pix[x,y]&0x1 ==0: pix[x,y]=0 else: pix[x,y]=255 im2.show() pass ifname == 'main': foo() print'ok.' pass
#coding:utf-8 import binascii import struct crcbp = open("xxx.png","rb").read()#此处填上文件名 for i inrange(1024): for j inrange(1024): data = crcbp[12:16] + struct.pack('>i',i) + struct.pack('>i',j) + crcbp[24:29] crc32 = binascii.crc32(data) &0xffffffff if crc32==0x08ec7edb:#此处填上CRC值 printi,j print"hex",hex(i),hex(j)
三、压缩文件处理
3.1 压缩文件分析
四、流量取证技术
4.1 流量包文件分析
4.2 无线流量包跑密码
4.3 USB流量包文件分析
# a keyboardmaping mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D",0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J",0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P",0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V",0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2",0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8",0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:"\t", 0x2C:" ",0x2D:"- ", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~",0x33:";", 0x34:"'", 0x36:",", 0x37:".",0x82:"CaspsLock"} nums =[] keys =open('usbdata.txt') data='' for line in keys: line =line.strip() if line[0]!='0' or line[1]!='0' or line[3]!='0'or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0'or line[13]!='0' or line[15]!='0' or line[16]!='0' orline[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0': continue strs =str(line.split(":")[2]) id ="0x"+strs if int(id,16) in mappings: data+=mappings[int(id,16)] print data keys.close()
# a keyboardmaping mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D",0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J",0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P",0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V",0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2",0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8",0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:"\t", 0x2C:" ",0x2D:"- ", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~",0x33:";", 0x34:"'", 0x36:",", 0x37:".",0x82:"CaspsLock"} nums=[] keys =open('usbdata.txt') data='' for line in keys: line =line.strip() if line[0]!='0' or line[1]!='0' or line[3]!='0'or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0'or line[13]!='0' or line[15]!='0' or line[16]!='0' orline[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0': continue strs =str(line.split(":")[2]) id ="0x"+strs if int(id,16) in mappings: data+=mappings[int(id,16)] print data keys.close()
nums =[] keys = open('usbdata.txt','r') posx =0 posy =0 for line inkeys: if len(line) != 12: continue x=int(line[3:5],16)y=int(line[6:8],16)ifx>127: x-=256 if y>127: y -=256 posx +=x posy +=y btn_flag = int(line[0: 2], 16)# 1 for left, 2 for right, 0 for nothing printbtn_flag if btn_flag == 1: print posx,posy keys.close() ifbtn_flag需要自行调整0,1,2。
4.4 HTTPS流量包文件分析