python2.GPTAnalyzer.py

1. #!/usr/bin/python
2.  
3.  
4. # Author : n0fate
5. # E-Mail [email protected], [email protected]
6. #
7. # This program is free software; you can redistribute it and/or modify
8. # it under the terms of the GNU General Public License as published by
9. # the Free Software Foundation; either version 2 of the License, or (at
10. # your option) any later version.
11. #
12. # This program is distributed in the hope that it will be useful, but
13. # WITHOUT ANY WARRANTY; without even the implied warranty of
14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15. # General Public License for more details.
16. #
17. # You should have received a copy of the GNU General Public License
18. # along with this program; if not, write to the Free Software
19. # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20. #
21. # Using structures defined in Wikipedia('http://en.wikipedia.org/wiki/GUID_Partition_Table')
22.  
23.  
24. import sys,os,getopt
25. import random,math
26. import struct
27. import hashlib
28. import codecs
29. import uuid
30.  
31. import zlib
32.  
33. if sys.version_info < (2,5):
34.     sys.stdout.write("\n\nERROR: This script needs Python version 2.5 or greater, detected as ")
35.     print sys.version_info
36.     sys.exit()  # error
37.  
38. LBA_SIZE = 512
39.  
40. PRIMARY_GPT_LBA = 1
41.  
42. OFFSET_CRC32_OF_HEADER = 16
43. GPT_HEADER_FORMAT = '<8sIIIIQQQQ16sQIII420x'
44. GUID_PARTITION_ENTRY_FORMAT = '<16s16sQQQ72s'
45.  
46.  
47. def ReverseByteOrder(data):
48.     """
49.    Method to reverse the byte order of a given unsigned data value
50.    Input:
51.        data:   data value whose byte order needs to be swap
52.                data can only be as big as 4 bytes
53.    Output:
54.        revD: data value with its byte order reversed
55.    """
56.     s = "Error: Only 'unsigned' data of type 'int' or 'long' is allowed"
57.     if not ((type(data) == int)or(type(data) == long)):
58.         s1 = "Error: Invalid data type: %s" % type(data)
59.         print(''.join([s,'\n',s1]))
60.         return data
61.     if(data < 0):
62.         s2 = "Error: Data is signed. Value is less than 0"
63.         print(''.join([s,'\n',s2]))
64.         return data
65.  
66.     seq = ["0x"]
67.  
68.     while(data > 0):
69.         d = data & 0xFF     # extract the least significant(LS) byte
70.         seq.append('%02x'%d)# convert to appropriate string, append to sequence
71.         data >>= 8          # push next higher byte to LS position
72.  
73.     revD = int(''.join(seq),16)
74.  
75.     return revD
76.  
77. ## gpt parser code start
78.  
79. def get_lba(fhandle, entry_number, count):
80.     fhandle.seek(LBA_SIZE*entry_number)
81.     fbuf = fhandle.read(LBA_SIZE*count)
82.    
83.     return fbuf
84.  
85. def swap64(x):
86.     if ( x ==0 ):
87.     return 0
88.     little_endian = ReverseByteOrder(x)
89.     return little_endian
90.  
91. def unsigned32(n):
92.   return n & 0xFFFFFFFFL
93.  
94. def get_gpt_header(fhandle, fbuf, lba):
95.     fbuf = get_lba(fhandle, lba, 1)
96.    
97.     gpt_header = struct.unpack(GPT_HEADER_FORMAT, fbuf)
98.    
99.     crc32_header_value = calc_header_crc32(fbuf, gpt_header[2])
100.    
101.     return gpt_header, crc32_header_value, fbuf
102.  
103. def make_nop(byte):
104.     nop_code = 0x00
105.     pk_nop_code = struct.pack('=B', nop_code)
106.     nop = pk_nop_code*byte
107.     return nop
108.  
109. def calc_header_crc32(fbuf, header_size):
110.    
111.     nop = make_nop(4)
112.    
113.     clean_header = fbuf[:OFFSET_CRC32_OF_HEADER] + nop + fbuf[OFFSET_CRC32_OF_HEADER+4:header_size]
114.    
115.     crc32_header_value = unsigned32(zlib.crc32(clean_header))
116.     return crc32_header_value
117.  
118. def an_gpt_header(gpt_header, crc32_header_value, gpt_buf):
119.     md5 = hashlib.md5()
120.     md5.update(gpt_buf)
121.     md5 = md5.hexdigest()
122.  
123.     signature = gpt_header[0]
124.     revision = gpt_header[1]
125.     headersize = gpt_header[2]
126.     crc32_header = gpt_header[3]
127.     reserved = gpt_header[4]
128.     currentlba = gpt_header[5]
129.     backuplba = gpt_header[6]
130.     first_use_lba_for_partitions = gpt_header[7]
131.     last_use_lba_for_partitions = gpt_header[8]
132.     disk_guid = uuid.UUID(bytes_le=gpt_header[9])
133.     part_entry_start_lba = gpt_header[10]
134.     num_of_part_entry = gpt_header[11]
135.     size_of_part_entry = gpt_header[12]
136.     crc32_of_partition_array = gpt_header[13]
137.  
138.     print '<?xml version="1.0"?>'
139.     print '\t<configuration>'
140.     print '\t\t<!-- Primary GPT header: -->'
141.     print '\t\t<!-- MD5: %s -->' %md5
142.     print '\t\t<!-- Signature: %s -->' %signature
143.     print '\t\t<!-- Revision: %d -->' %revision
144.     print '\t\t<!-- Header Size: %d -->' %headersize
145.     if crc32_header_value == crc32_header:
146.         print '\t\t<!-- CRC32 of header: %X (VALID) => Real: %X -->'%(crc32_header, crc32_header_value)
147.     else:
148.         print '\t\t<!-- WARNING!! CRC32 of header: %X (INVALID) => Real: %X -->'%(crc32_header, crc32_header_value)
149.     print '\t\t<!-- Current LBA: 0x%.8X -->'%currentlba
150.     print '\t\t<!-- Backup LBA: 0x%.8X -->'%backuplba
151.     print '\t\t<!-- First usable LBA for partitions: 0x%.8X -->'%first_use_lba_for_partitions
152.     print '\t\t<!-- Last usable LBA for partitions: 0x%.8X -->'%last_use_lba_for_partitions
153.     print '\t\t<!-- Disk GUID: %s -->'%str(disk_guid).upper()
154.     print '\t\t<!-- Partition entries starting LBA: 0x%.8X -->'%part_entry_start_lba
155.     print '\t\t<!-- Number of partition entries: %d -->'%num_of_part_entry
156.     print '\t\t<!-- Size of partition entry: 0x%.8X -->'%size_of_part_entry
157.     print '\t\t<!-- CRC32 of partition array: 0x%.8X -->'%crc32_of_partition_array
158.  
159.     print '\t\t<parser_instructions>'
160.     print '\t\t\t<!-- NOTE: entries here are used by the parser when generating output -->'
161.     print '\t\t\t<!-- NOTE: each filename must be on it\'s own line as in variable=value-->'
162.     print '\t\t\tWRITE_PROTECT_BOUNDARY_IN_KB = 32768'
163.     print '\t\t\tGROW_LAST_PARTITION_TO_FILL_DISK = false'
164.     print '\t\t</parser_instructions>\n'
165.  
166.     print '\t\t<!-- NOTE: "physical_partition" are listed in order and apply to devices such as eMMC cards that have (for example) 3 physical partitions -->'
167.     print '\t\t<!-- This is physical partition 0 -->'
168.     print '\t\t<physical_partition>'
169.     print '\t\t\t<!-- NOTE: Define information for each partition, which will be created in order listed here -->'
170.     print '\t\t\t<!-- NOTE: Place all "readonly=true" partitions side by side for optimum space usage -->'
171.     print '\t\t\t<!-- NOTE: If OPTIMIZE_READONLY_PARTITIONS=true, then partitions won\'t be in the order listed here -->'
172.     print '\t\t\t<!--       they will instead be placed side by side at the beginning of the disk -->'
173.  
174.  
175. # get partition entry
176. def get_part_entry(fbuf, offset, size):
177.     return struct.unpack(GUID_PARTITION_ENTRY_FORMAT, fbuf[offset:offset+size])
178.  
179. def get_part_table_area(f, gpt_header):
180.     part_entry_start_lba = gpt_header[10]
181.     first_use_lba_for_partitions = gpt_header[7]
182.     fbuf = get_lba(f, part_entry_start_lba, first_use_lba_for_partitions - part_entry_start_lba)
183.    
184.     return fbuf
185.  
186. def part_attribute(value):
187.     if value == 0:
188.         return 'System Partition'
189.     elif value == 2:
190.         return 'Legacy BIOS Bootable'
191.     elif value == 60:
192.         return 'Read-Only'
193.     elif value == 62:
194.         return 'Hidden'
195.     elif value == 63:
196.         return 'Do not automount'
197.     else:
198.         return 'UNKNOWN'
199.  
200. def check_partition_guid_type(guid):
201.     if guid == '024DEE41-33E7-11D3-9D69-0008C781F39F':
202.         return 'MBR partition scheme', 'None'
203.    
204.     elif guid == 'C12A7328-F81F-11D2-BA4B-00A0C93EC93B':
205.         return 'EFI System partition', 'None'
206.    
207.     elif guid == '21686148-6449-6E6F-744E-656564454649':
208.         return 'BIOS Boot partition', 'None'
209.    
210.     # Windows
211.     elif guid == 'E3C9E316-0B5C-4DB8-817D-F92DF00215AE':
212.         return 'Microsoft Reserved Partition', 'Windows'
213.    
214.     elif guid == 'EBD0A0A2-B9E5-4433-87C0-68B6B72699C7':
215.         return 'Basic data partition / Linux filesystem data', 'Windows / Linux'
216.    
217.     elif guid == '5808C8AA-7E8F-42E0-85D2-E1E90434CFB3':
218.         return 'Logical Disk Manager metadata partition', 'Windows'
219.    
220.     elif guid == 'AF9B60A0-1431-4F62-BC68-3311714A69AD':
221.         return 'Logical Disk Manager data partition', 'Windows'
222.    
223.     elif guid == 'DE94BBA4-06D1-4D40-A16A-BFD50179D6AC':
224.         return 'Windows Recovery Environment', 'Windows'
225.    
226.     elif guid == '37AFFC90-EF7D-4E96-91C3-2D7AE055B174':
227.         return 'IBM General Parallel File System (GPFS) partition', 'Windows'
228.    
229.     elif guid == 'DB97DBA9-0840-4BAE-97F0-FFB9A327C7E1':
230.         return 'Cluster metadata partition', 'Windows'
231.    
232.     # HP-UX
233.     elif guid == '75894C1E-3AEB-11D3-B7C1-7B03A0000000':
234.         return 'Data partition', 'HP-UX'
235.    
236.     elif guid == 'E2A1E728-32E3-11D6-A682-7B03A0000000':
237.         return 'Service partition', 'HP-UX'
238.    
239.     # Linux
240.     elif guid == '0FC63DAF-8483-4772-8E79-3D69D8477DE4':
241.         return 'Linux filesystem data', 'Linux'
242.    
243.     elif guid == 'A19D880F-05FC-4D3B-A006-743F0F84911E':
244.         return 'RAID partition', 'Linux'
245.    
246.     elif guid == '0657FD6D-A4AB-43C4-84E5-0933C84B4F4F':
247.         return 'Swao partition', 'Linux'
248.    
249.     elif guid == 'E6D6D379-F507-44C2-A23C-238F2A3DF928':
250.         return 'Logical Volume Manager (LVM) partition', 'Linux'
251.    
252.     elif guid == '8DA63339-0007-60C0-C436-083AC8230908':
253.         return 'Reserved', 'Linux'
254.    
255.     # FreeBSD
256.     elif guid == '83BD6B9D-7F41-11DC-BE0B-001560B84F0F':
257.         return 'Boot partition', 'FreeBSD'
258.    
259.     elif guid == '516E7CB4-6ECF-11D6-8FF8-00022D09712B':
260.         return 'Data partition', 'FreeBSD'
261.    
262.     elif guid == '516E7CB5-6ECF-11D6-8FF8-00022D09712B':
263.         return 'Swap partition', 'FreeBSD'
264.    
265.     elif guid == '516E7CB6-6ECF-11D6-8FF8-00022D09712B':
266.         return 'Unix File System(UFS) partition', 'FreeBSD'
267.    
268.     elif guid == '516E7CB8-6ECF-11D6-8FF8-00022D09712B':
269.         return 'Vinum volume manager partition', 'FreeBSD'
270.    
271.     elif guid == '516E7CB8-6ECF-11D6-8FF8-00022D09712B':
272.         return 'ZFS partition', 'FreeBSD'
273.    
274.     # Mac OS X
275.     elif guid == '48465300-0000-11AA-AA11-00306543ECAC':
276.         return 'Hierarchical File System Plus (HFS+) partition', 'Mac OS X'
277.    
278.     elif guid == '55465300-0000-11AA-AA11-00306543ECAC':
279.         return 'Apple UFS', 'Mac OS X'
280.    
281.     elif guid == '6A898CC3-1DD2-11B2-99A6-080020736631':
282.         return 'ZFS / /usr partition', 'Mac OS X / Solaris'
283.    
284.     elif guid == '52414944-0000-11AA-AA11-00306543ECAC':
285.         return 'Apple RAID partition', 'Mac OS X'
286.    
287.     elif guid == '52414944-5F4F-11AA-AA11-00306543ECAC':
288.         return 'Apple RAID partition, offline', 'Mac OS X'
289.    
290.     elif guid == '426F6F74-0000-11AA-AA11-00306543ECAC':
291.         return 'Apple Boot partition', 'Mac OS X'
292.    
293.     elif guid == '4C616265-6C00-11AA-AA11-00306543ECAC':
294.         return 'Apple Label', 'Mac OS X'
295.    
296.     elif guid == '5265636F-7665-11AA-AA11-00306543ECAC':
297.         return 'Apple TV Recovery partition', 'Mac OS X'
298.    
299.     elif guid == '53746F72-6167-11AA-AA11-00306543ECAC':
300.         return 'Apple Core Storage (i.e. Lion FileVault) partition', 'Mac OS X'
301.    
302.     # Solaris
303.     elif guid == '6A82CB45-1DD2-11B2-99A6-080020736631':
304.         return 'Boot partition', 'Solaris'
305.    
306.     elif guid == '6A85CF4D-1DD2-11B2-99A6-080020736631':
307.         return 'Root partition', 'Solaris'
308.    
309.     elif guid == '6A87C46F-1DD2-11B2-99A6-080020736631':
310.         return 'Swap partition', 'Solaris'
311.    
312.     elif guid == '6A8B642B-1DD2-11B2-99A6-080020736631':
313.         return 'Backup partition', 'Solaris'
314.    
315.     #elif guid == '6A898CC3-1DD2-11B2-99A6-080020736631':
316.     #    return '/usr partition', 'Solaris'
317.    
318.     elif guid == '6A8EF2E9-1DD2-11B2-99A6-080020736631':
319.         return '/var partition', 'Solaris'
320.    
321.     elif guid == '6A90BA39-1DD2-11B2-99A6-080020736631':
322.         return '/home partition', 'Solaris'
323.    
324.     elif guid == '6A9283A5-1DD2-11B2-99A6-080020736631':
325.         return 'Alternate sector', 'Solaris'
326.    
327.     elif guid == '6A945A3B-1DD2-11B2-99A6-080020736631' or \
328.     guid == '6A9630D1-1DD2-11B2-99A6-080020736631' or \
329.     guid == '6A980767-1DD2-11B2-99A6-080020736631' or \
330.     guid == '6A96237F-1DD2-11B2-99A6-080020736631' or \
331.     guid == '6A8D2AC7-1DD2-11B2-99A6-080020736631':
332.         return 'Reserved partition', 'Solaris'
333.    
334.     # NetBSD
335.     elif guid == '49F48D32-B10E-11DC-B99B-0019D1879648':
336.         return 'Swap partition', 'NetBSD'
337.    
338.     elif guid == '49F48D5A-B10E-11DC-B99B-0019D1879648':
339.         return 'FFS partition', 'NetBSD'
340.    
341.     elif guid == '49F48D82-B10E-11DC-B99B-0019D1879648':
342.         return 'LFS partition', 'NetBSD'
343.    
344.     elif guid == '49F48DAA-B10E-11DC-B99B-0019D1879648':
345.         return 'RAID partition', 'NetBSD'
346.    
347.     elif guid == '2DB519C4-B10F-11DC-B99B-0019D1879648':
348.         return 'Concatenated partition', 'NetBSD'
349.    
350.     elif guid == '2DB519EC-B10F-11DC-B99B-0019D1879648':
351.         return 'Encrypted partition', 'NetBSD'
352.    
353.     # Chrome OS
354.     elif guid == 'FE3A2A5D-4F32-41A7-B725-ACCC3285A309':
355.         return 'ChromeOS kernel', 'Chrome OS'
356.    
357.     elif guid == '3CB8E202-3B7E-47DD-8A3C-7FF2A13CFCEC':
358.         return 'ChromeOS rootfs', 'Chrome OS'
359.    
360.     elif guid == '2E0A753D-9E48-43B0-8337-B15192CB1B5E':
361.         return 'ChromeOS future use', 'Chrome OS'
362.    
363.     # VMware ESX
364.     elif guid == 'AA31E02A-400F-11DB-9590-000C2911D1B8':
365.         return 'VMFS partition', 'VMware ESX'
366.    
367.     elif guid == '9D275380-40AD-11DB-BF97-000C2911D1B8':
368.         return 'vmkcore crash partition', 'VMware ESX'
369.    
370.     # Midnight BSD
371.     elif guid == '85D5E45E-237C-11E1-B4B3-E89A8F7FC3A7':
372.         return 'Boot partition', 'MidnightBSD'
373.    
374.     elif guid == '85D5E45A-237C-11E1-B4B3-E89A8F7FC3A7':
375.         return 'Data partition', 'MidnightBSD'
376.    
377.     elif guid == '85D5E45B-237C-11E1-B4B3-E89A8F7FC3A7':
378.         return 'Swap partition', 'MidnightBSD'
379.    
380.     elif guid == '0394Ef8B-237E-11E1-B4B3-E89A8F7FC3A7':
381.         return 'Unix File System (UFS) partition', 'MidnightBSD'
382.    
383.     elif guid == '85D5E45C-237C-11E1-B4B3-E89A8F7FC3A7':
384.         return 'Vinum volume manager partition', 'MidnightBSD'
385.    
386.     elif guid == '85D5E45D-237C-11E1-B4B3-E89A8F7FC3A7':
387.         return 'ZFS partition', 'MidnightBSD'
388.    
389.     # Qualcomm Boot GPT Partition IDs
390.     elif guid == 'DEA0BA2C-CBDD-4805-B4F9-F428251C3E98':
391.         return 'SBL1 partition', 'Qualcomm'
392.  
393.     elif guid == '8C6B52AD-8A9E-4398-AD09-AE916E53AE2D':
394.         return 'SBL2 partition', 'Qualcomm'
395.  
396.     elif guid == '05E044DF-92F1-4325-B69E-374A82E97D6E':
397.         return 'SBL3 partition', 'Qualcomm'
398.  
399.     elif guid == '400FFDCD-22E0-47E7-9A23-F16ED9382388':
400.         return 'APPSBL partition', 'Qualcomm'
401.  
402.     elif guid == 'A053AA7F-40B8-4B1C-BA08-2F68AC71A4F4':
403.         return 'QSEE partition', 'Qualcomm'
404.  
405.     elif guid == 'E1A6A689-0C8D-4CC6-B4E8-55A4320FBD8A':
406.         return 'QHEE partition', 'Qualcomm'
407.  
408.     elif guid == '098DF793-D712-413D-9D4E-89D711772228':
409.         return 'RPM partition', 'Qualcomm'
410.  
411.     elif guid == 'D4E0D938-B7FA-48C1-9D21-BC5ED5C4B203':
412.         return 'WDOG debug partition', 'Qualcomm'
413.  
414.     elif guid == '20A0C19C-286A-42FA-9CE7-F64C3226A794':
415.         return 'DDR partition', 'Qualcomm'
416.  
417.     elif guid == 'A19F205F-CCD8-4B6D-8F1E-2D9BC24CFFB1':
418.         return 'CDT partition', 'Qualcomm'
419.  
420.     elif guid == '66C9B323-F7FC-48B6-BF96-6F32E335A428':
421.         return 'RAM dump partition', 'Qualcomm'
422.  
423.     elif guid == '303E6AC3-AF15-4C54-9E9B-D9A8FBECF401':
424.         return 'SEC partition', 'Qualcomm'
425.  
426.     elif guid == 'C00EEF24-7709-43D6-9799-DD2B411E7A3C':
427.         return 'PMIC config data partition', 'Qualcomm'
428.  
429.     elif guid == '82ACC91F-357C-4A68-9C8F-689E1B1A23A1':
430.         return 'MISC? partition', 'Qualcomm'
431.  
432.     elif guid == '10A0C19C-516A-5444-5CE3-664C3226A794':
433.         return 'LIMITS? partition', 'Qualcomm'
434.  
435.     elif guid == '65ADDCF4-0C5C-4D9A-AC2D-D90B5CBFCD03':
436.         return 'DEVINFO? partition', 'Qualcomm'
437.  
438.     elif guid == 'E6E98DA2-E22A-4D12-AB33-169E7DEAA507':
439.         return 'APDP? partition', 'Qualcomm'
440.  
441.     elif guid == 'ED9E8101-05FA-46B7-82AA-8D58770D200B':
442.         return 'MSADP? partition', 'Qualcomm'
443.  
444.     elif guid == '11406F35-1173-4869-807B-27DF71802812':
445.         return 'DPO? partition', 'Qualcomm'
446.  
447.     elif guid == 'DF24E5ED-8C96-4B86-B00B-79667DC6DE11':
448.         return 'SPARE1? partition', 'Qualcomm'
449.  
450.     elif guid == '6C95E238-E343-4BA8-B489-8681ED22AD0B':
451.         return 'PERSIST? partition', 'Qualcomm'
452.  
453.     elif guid == 'EBBEADAF-22C9-E33B-8F5D-0E81686A68CB':
454.         return 'MODEMST1 partition', 'Qualcomm'
455.  
456.     elif guid == '0A288B1F-22C9-E33B-8F5D-0E81686A68CB':
457.         return 'MODEMST2 partition', 'Qualcomm'
458.  
459.     elif guid == 'EBBEADAF-22C9-E33B-8F5D-0E81686A68CB':
460.         return 'MODEMST1 partition', 'Qualcomm'
461.  
462.     elif guid == '638FF8E2-22C9-E33B-8F5D-0E81686A68CB':
463.         return 'FSG? partition', 'Qualcomm'
464.  
465.     elif guid == '57B90A16-22C9-E33B-8F5D-0E81686A68CB':
466.         return 'FSC? partition', 'Qualcomm'
467.  
468.     elif guid == '2C86E742-745E-4FDD-BFD8-B6A7AC638772':
469.         return 'SSD? partition', 'Qualcomm'
470.  
471.     elif guid == 'DE7D4029-0F5B-41C8-AE7E-F6C023A02B33':
472.         return 'KEYSTORE? partition', 'Qualcomm'
473.  
474.     elif guid == '323EF595-AF7A-4AFA-8060-97BE72841BB9':
475.         return 'ENCRYPT? partition', 'Qualcomm'
476.  
477.     elif guid == '45864011-CF89-46E6-A445-85262E065604':
478.         return 'EKSST? partition', 'Qualcomm'
479.  
480.     elif guid == '8ED8AE95-597F-4C8A-A5BD-A7FF8E4DFAA9':
481.         return 'RCT partition', 'Qualcomm'
482.  
483.     elif guid == '7C29D3AD-78B9-452E-9DEB-D098D542F092':
484.         return 'SPARE2? partition', 'Qualcomm'
485.  
486.     elif guid == '9D72D4E4-9958-42DA-AC26-BEA7A90B0434':
487.         return 'RECOVERY? partition', 'Qualcomm'
488.  
489.     elif guid == '4627AE27-CFEF-48A1-88FE-99C3509ADE26':
490.         return 'raw_resources? partition', 'Qualcomm'
491.  
492.     elif guid == '20117F86-E985-4357-B9EE-374BC1D8487D':
493.         return 'BOOT partition', 'Qualcomm'
494.  
495.     elif guid == '379D107E-229E-499D-AD4F-61F5BCF87BD4':
496.         return 'SPARE3? partition', 'Qualcomm'
497.  
498.     elif guid == '86A7CB80-84E1-408C-99AB-694F1A410FC7':
499.         return 'FOTA? partition', 'Qualcomm'
500.  
501.     elif guid == '0DEA65E5-A676-4CDF-823C-77568B577ED5':
502.         return 'SPARE4? partition', 'Qualcomm'
503.  
504.     elif guid == '97D7B011-54DA-4835-B3C4-917AD6E73D74':
505.         return 'SYSTEM? partition', 'Qualcomm'
506.  
507.     elif guid == '5594C694-C871-4B5F-90B1-690A6F68E0F7':
508.         return 'CACHE? partition', 'Qualcomm'
509.  
510.     elif guid == '1B81E7E6-F50D-419B-A739-2AEEF8DA3335':
511.         return 'USERDATA? partition', 'Qualcomm'
512.  
513.     # LG Advanced Flasher Partition
514.     elif guid == '98523EC6-90FE-4C67-B50A-0FC59ED6F56D':
515.         return 'LG Advanced Flasher partition', 'LG'
516.  
517.     # else
518.     else:
519.         return 'unknown partition', 'UNKNOWN'
520.    
521.  
522. # analysis partition table
523. def an_part_table(partition_table, gpt_header, fbuf):
524.     md5 = hashlib.md5()
525.     md5.update(fbuf)
526.     md5 = md5.hexdigest()
527.    
528.     num_of_part_entry = gpt_header[11]
529.     size_of_part_entry = gpt_header[12]
530.     crc32_of_partition_array = gpt_header[13]
531.    
532.     part_list = []
533.    
534.     crc32_part_value = unsigned32(zlib.crc32(partition_table))
535.  
536.     print '\n\t\t\t<!-- Partition table: -->'
537.     print '\t\t\t\t<!-- MD5: %s -->'%md5
538.     if crc32_part_value == crc32_of_partition_array:
539.         print '\t\t\t\t<!-- CRC32 Check : %.8X (VALID) -->\n'%crc32_part_value
540.     else:
541.         print '\t\t\t\t<!-- WARNING!! CRC32 Check : %.8X (INVALID) -->\n'%crc32_part_value
542.    
543.     for part_entry_num in range(0, num_of_part_entry):
544.         part_entry = get_part_entry(partition_table, size_of_part_entry*part_entry_num, size_of_part_entry)
545.        
546.         # first LBA, last LBA
547.         if part_entry[2] == 0 or part_entry[3] == 0:
548.             continue
549.        
550.         part_list.append(part_entry)
551.    
552.     count = 1
553.     for part_entry in part_list:
554.         part_type = check_partition_guid_type(str(uuid.UUID(bytes_le=part_entry[0])).upper())
555.         part_guid = str(uuid.UUID(bytes_le=part_entry[1])).upper()
556.         part_label = unicode(part_entry[5].replace('\0',''))
557.         part_type = str(uuid.UUID(bytes_le=part_entry[0])).upper()
558.         part_type_label = check_partition_guid_type(part_type)
559.         part_bootable = 'false'
560.         part_lba_first = part_entry[2]
561.         part_lba_first_offset = (part_entry[2] * LBA_SIZE)
562.         part_lba_last = part_entry[3]
563.         part_lba_last_offset = (part_entry[3] * LBA_SIZE)
564.         part_size = (((part_lba_last - part_lba_first) + 1) / 2)
565.  
566.         print '\t\t\t<!-- #%02d -->' %count
567.         print '\t\t\t<!-- First LBA: %s /' %part_lba_first,
568.         print 'Disk Offset: %s -->' %part_lba_first_offset
569.         print '\t\t\t<!-- Last LBA : %s /' %part_lba_last,
570.         print 'Disk Offset: %s -->' %part_lba_last_offset
571.         print '\t\t\t<!-- %s |' %part_type_label[0],
572.         print '%s -->' %part_type_label[1]
573.         print '\t\t\t<!-- GUID: %s -->' %part_guid
574.  
575.         print '\t\t\t<partition',
576.         print 'label="%s"' %part_label,
577.         print 'size_in_kb="%d"' %part_size,
578.         print 'type="%s"'%part_type,
579.         print 'bootable="%s"' %part_bootable,
580.         print 'firstlba="%s"' %part_lba_first,
581.         print 'uniqueguid="%s"' %part_guid,
582.  
583.         #print 'attributes="0x%0.2X"' %part_entry[4],
584.         part_attr_tag = swap64( part_entry[4] )
585.         if(part_attr_tag & 0):
586.             print 'system="true"',
587.         elif(part_attr_tag & 60):
588.             print 'readonly="true"',
589.         elif(part_attr_tag & 62):
590.             print 'hidden="true"',
591.         elif(part_attr_tag & 63):
592.             print 'automount="true"',
593.  
594.         part_filename = ''
595.         part_match = part_label
596.  
597.         part_list_bak = ['rpm','sdi','hyp','sbl1','tz','pmic','aboot','raw_resources']
598.         part_list_img = ['persist','laf','drm','sns','mpt','eri','system','cache','userdata']
599.  
600.         for party in part_list_bak:
601.             if party in part_match:
602.                 part_filename = '%s.mbn' %part_match.replace('bak','')
603.  
604.         for party in part_list_img:
605.             if party in part_match:
606.                 part_filename = '%s.img' %party
607.  
608.         if part_match == str('modem'):
609.             part_filename = 'NON-HLOS.bin'
610.         elif part_match == str('DDR'):
611.             part_filename = 'DDR.bin'
612.         elif part_match == str('sec'):
613.             part_filename = 'sec.dat'
614.         elif part_match == 'aboot':
615.             part_filename = 'emmc_appsboot.mbn'
616.  
617.         print 'filename="%s"/>\n' %part_filename
618.  
619.         count += 1
620.  
621. def usage(argv):
622.     print '%s <DISK IMAGE>'%argv[0]
623.     sys.exit()
624.    
625.  
626. def main():
627.    
628.     try:
629.         option, args = getopt.getopt(sys.argv[1:], '')
630.  
631.     except getopt.GetoptError, err:
632.         usage(sys.argv)
633.         sys.exit()
634.    
635.     try:
636.         if len(sys.argv) != 2:
637.             usage(sys.argv)
638.             sys.exit()
639.    
640.     except IndexError:
641.         usage()
642.         sys.exit()
643.    
644.     try:
645.         f = open(sys.argv[1], 'rb')
646.     except IOError:
647.         print '[+] WARNING!! Can not open disk image.'
648.         #usage(sys.argv)
649.         sys.exit()
650.    
651.     fbuf = ''
652.    
653.     # Protected MBR
654.     # You can use mbr_parser.py at http://gleeda.blogspot.com/2012/04/mbr-parser.html
655.    
656.     # Primary GPT header
657.     gpt_header, crc32_header_value, gpt_buf = get_gpt_header(f, fbuf, PRIMARY_GPT_LBA)
658.     an_gpt_header(gpt_header, crc32_header_value, gpt_buf)
659.    
660.    
661.     # Partition entries
662.     fbuf = get_part_table_area(f, gpt_header)
663.     an_part_table(fbuf, gpt_header, fbuf)
664.    
665.     ## backup GPT header
666.     # print ''
667.     # try:
668.     #     gpt_header, crc32_header_value, gpt_buf = get_gpt_header(f, fbuf, gpt_header[6])
669.     #     an_gpt_header(gpt_header, crc32_header_value, gpt_buf)
670.        
671.     #     h = hashlib.md5()
672.     #     h.update(gpt_buf)
673.     #     print '\t\t\t<!-- [+] Backup GPT header md5: %s -->'%h.hexdigest()
674.     # except struct.error:
675.     #     print '\t\t\t<!-- [+] WARNING!! Backup GPT header can not found. Check your disk image. -->'
676.     #     print '\t\t\t<!-- [+] WARNING!! Backup GPT header offset: 0x%.8X -->'%(gpt_header[6] * LBA_SIZE)
677.  
678.     print '\t\t</physical_partition>'
679.     print '\t</configuration>'
680.    
681.     f.close()
682.    
683. if __name__ == "__main__":
684.     main()
685.