[go: up one dir, main page]

CN118444975A - Firmware analysis method, storage medium and device - Google Patents

Firmware analysis method, storage medium and device Download PDF

Info

Publication number
CN118444975A
CN118444975A CN202410495233.7A CN202410495233A CN118444975A CN 118444975 A CN118444975 A CN 118444975A CN 202410495233 A CN202410495233 A CN 202410495233A CN 118444975 A CN118444975 A CN 118444975A
Authority
CN
China
Prior art keywords
file
firmware
information
firmware file
target type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410495233.7A
Other languages
Chinese (zh)
Inventor
马延龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
360 Digital Security Technology Group Co Ltd
Original Assignee
360 Digital Security Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 360 Digital Security Technology Group Co Ltd filed Critical 360 Digital Security Technology Group Co Ltd
Priority to CN202410495233.7A priority Critical patent/CN118444975A/en
Publication of CN118444975A publication Critical patent/CN118444975A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The application discloses a firmware analysis method, a storage medium and a device, wherein the first head information of a firmware file is matched with a first information mapping table by acquiring the first head information of the firmware file, so that the target type of the firmware file is determined, all information of the firmware file is not required to be scanned, the firmware analysis speed is improved, meanwhile, the firmware file is automatically analyzed by calling a corresponding target program file based on the target type, the file to be extracted is obtained, a command is not required to be manually input, the operation complexity is reduced, and the firmware analysis efficiency is improved.

Description

一种固件解析方法、存储介质及设备A firmware analysis method, storage medium and device

技术领域Technical Field

本申请涉及计算机技术领域,尤其涉及一种固件解析方法、存储介质及设备。The present application relates to the field of computer technology, and in particular to a firmware parsing method, storage medium and device.

背景技术Background technique

固件是一种写入硬件设备的软件,是嵌入式系统和物联网设备中最基础、最底层的软件,用户通过固件安装软件,实现对应用和各项系统功能的实时控制,因此,固件的安全性在嵌入式系统和物联网设备中起着至关重要的作用,通过对固件进行解析可以发现系统中隐藏的安全隐患。现有的固件解析方法需要对固件文件的所有字节进行扫描,解析过程中需要手动输入命令,操作复杂,耗时偏长。Firmware is a type of software written into hardware devices. It is the most basic and lowest-level software in embedded systems and IoT devices. Users install software through firmware to achieve real-time control of applications and various system functions. Therefore, the security of firmware plays a vital role in embedded systems and IoT devices. By parsing the firmware, hidden security risks in the system can be discovered. Existing firmware parsing methods require scanning all bytes of the firmware file, and commands need to be manually entered during the parsing process, which is complex and time-consuming.

发明内容Summary of the invention

本申请实施例提供了一种固件解析方法、装置、存储介质及设备,无需扫描固件文件的全部信息以及手动输入命令,降低了操作复杂度,提升了解析速度,技术方案如下:The embodiments of the present application provide a firmware parsing method, apparatus, storage medium and device, which do not require scanning all information of the firmware file and manually inputting commands, thereby reducing the operation complexity and improving the parsing speed. The technical solution is as follows:

本申请实施例第一方面提供了一种固件解析方法,包括:A first aspect of an embodiment of the present application provides a firmware parsing method, including:

获取固件文件的第一头部信息;Get the first header information of the firmware file;

将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;Matching the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine the target type of the firmware file;

基于所述匹配结果,确定所述固件文件的目标类型;Based on the matching result, determining a target type of the firmware file;

基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。Based on the target type, the target program file is called to parse the firmware file to obtain a file to be extracted.

本申请实施例第二方面提供了一种固件解析装置,包括:A second aspect of an embodiment of the present application provides a firmware parsing device, including:

头部信息获取单元,用于获取固件文件的第一头部信息;A header information acquisition unit, used to acquire first header information of the firmware file;

匹配单元,用于将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;a matching unit, configured to match the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine a target type of the firmware file;

目标类型确定单元,用于基于所述匹配结果,确定所述固件文件的目标类型;a target type determining unit, configured to determine a target type of the firmware file based on the matching result;

解析单元,用于基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。The parsing unit is used to call the target program file to parse the firmware file based on the target type to obtain the file to be extracted.

本申请实施例第三方面提供了一种计算机设备,包括处理器、存储器、输入输出接口;A third aspect of the embodiments of the present application provides a computer device, including a processor, a memory, and an input and output interface;

处理器分别与存储器和输入输出接口相连,其中,输入输出接口用于页面交互,存储器用于存储程序代码,处理器用于调用程序代码,以执行上述的方法步骤。The processor is connected to the memory and the input and output interface respectively, wherein the input and output interface is used for page interaction, the memory is used for storing program codes, and the processor is used for calling the program codes to execute the above method steps.

本申请实施例第四方面提供了一种计算机存储介质,计算机存储介质存储有计算机程序,计算机程序包括程序指令,程序指令当被处理器执行时,执行上述的方法步骤。A fourth aspect of an embodiment of the present application provides a computer storage medium, which stores a computer program. The computer program includes program instructions. When the program instructions are executed by a processor, the above-mentioned method steps are executed.

在本申请实施例中,通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率。In an embodiment of the present application, by obtaining the first header information of the firmware file, the first header information of the firmware file is matched with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the corresponding target program file is called based on the target type to automatically parse the firmware file. There is no need to manually enter commands, which reduces the complexity of operations and improves the efficiency of firmware parsing.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

图1是本申请实施例提供的一种固件解析方法的流程示意图;FIG1 is a flow chart of a firmware parsing method provided in an embodiment of the present application;

图2是本申请实施例提供的一种匹配目标类型的第一信息映射表;FIG2 is a first information mapping table of a matching target type provided in an embodiment of the present application;

图3是本申请实施例提供的一种固件解析方法的流程示意图;FIG3 is a flow chart of a firmware parsing method provided in an embodiment of the present application;

图4是本申请实施例提供的一种匹配目标类型的第二信息映射表;FIG4 is a second information mapping table of a matching target type provided in an embodiment of the present application;

图5是本申请实施例提供的一种固件解析装置的结构示意图;FIG5 is a schematic diagram of the structure of a firmware parsing device provided in an embodiment of the present application;

图6是本申请实施例提供的一种固件解析装置的结构示意图;FIG6 is a schematic diagram of the structure of a firmware parsing device provided in an embodiment of the present application;

图7是本申请实施例提供的一种匹配单元的结构示意图;FIG7 is a schematic diagram of the structure of a matching unit provided in an embodiment of the present application;

图8是本申请实施例提供的一种目标类型确定单元的结构示意图;FIG8 is a schematic diagram of the structure of a target type determination unit provided in an embodiment of the present application;

图9是本申请实施例提供的一种解析单元的结构示意图;FIG9 is a schematic diagram of the structure of a parsing unit provided in an embodiment of the present application;

图10是本申请实施例提供的一种计算机设备的结构示意图。FIG. 10 is a schematic diagram of the structure of a computer device provided in an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

本申请实施例提供的固件解析方法和固件解析装置可以应用于对嵌入式系统中的固件进行解析的场景,固件为写入存储器中的可以直接控制硬件设备的程序,担任着嵌入式系统和物联网设备中最底层、最基础的工作,存储器包括但不限于Flash、EPROM、EEPROM等存储器,嵌入式系统为基于Windows、Linux等操作系统的集软硬件于一体的专用计算机系统,固件解析装置包括但不限于个人电脑、笔记本电脑等安装操作系统的计算机设备。The firmware parsing method and firmware parsing device provided in the embodiments of the present application can be applied to the scenario of parsing the firmware in the embedded system. The firmware is a program written in the memory that can directly control the hardware device, and is responsible for the lowest and most basic work in the embedded system and the Internet of Things device. The memory includes but is not limited to Flash, EPROM, EEPROM and other memories. The embedded system is a special-purpose computer system integrating software and hardware based on operating systems such as Windows and Linux. The firmware parsing device includes but is not limited to personal computers, laptops and other computer devices installed with operating systems.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operations and improves the efficiency of firmware parsing.

请参见图1,为本申请实施例提供了一种固件解析方法的流程示意图。如图1所示,本申请实施例的方法可以包括以下步骤S101-步骤S104。Please refer to Figure 1, which is a flowchart of a firmware parsing method provided in an embodiment of the present application. As shown in Figure 1, the method in the embodiment of the present application may include the following steps S101-S104.

S101,获取固件文件的第一头部信息;S101, obtaining first header information of a firmware file;

具体的,通过扫描固件文件的文件头获取第一头部信息,文件头为文件开头的一段数据,第一头部信息为固件文件的前几个字节,其中包含了识别文件类型的标识符和特征码。本申请实施例仅通过扫描固件文件的文件头获取第一头部信息,无需对固件文件的全部信息进行扫描,提升了固件解析的速度。可选的,固件文件可以从固件厂商的官网下载获取,也可以通过读取硬件设备存储器的方式获取。Specifically, the first header information is obtained by scanning the file header of the firmware file. The file header is a piece of data at the beginning of the file. The first header information is the first few bytes of the firmware file, which contains an identifier and a feature code for identifying the file type. The embodiment of the present application obtains the first header information only by scanning the file header of the firmware file, without scanning all the information of the firmware file, thereby improving the speed of firmware parsing. Optionally, the firmware file can be downloaded from the official website of the firmware manufacturer, or obtained by reading the memory of the hardware device.

S102,将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果;S102, matching the first header information with the first information mapping table to obtain a matching result;

具体的,将第一头部信息与第一信息映射表中的文件头字节进行匹配,得到匹配结果,以确定目标类型。第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型,目标类型为MIME类型,MIME类型是一种用于标识文件类型和内容的机制,能够确保文件在不同的网络环境、平台和操作系统中以预期的方式被处理和识别。请参见图2,第一信息映射表包括文件头字节、文件扩展名、MIME类型三列,文件扩展名用于判定文件的种类,从而知道其格式和用途,文件扩展名有很多种,例如:doc、jpeg、tar、zip、7z等,但文件扩展名可以被随意修改,可以通过识别文件的头字节识别文件的目标类型,以zip文件为例,zip文件的头字节一般为固定的50 4B 03 04,扫描固件文件的第一头部信息,获取第一头部信息为50 4B 03 04,则可以确定该固件文件为zip类型的压缩文件,文件扩展名为zip,MIME类型为application/zip。Specifically, the first header information is matched with the file header bytes in the first information mapping table to obtain a matching result to determine the target type. The first information mapping table is used to match the header information of the firmware file to determine the target type of the firmware file. The target type is the MIME type. The MIME type is a mechanism for identifying the file type and content, which can ensure that the file is processed and identified in an expected manner in different network environments, platforms and operating systems. Please refer to Figure 2. The first information mapping table includes three columns: file header bytes, file extensions, and MIME types. The file extension is used to determine the type of the file, so as to know its format and purpose. There are many types of file extensions, such as: doc, jpeg, tar, zip, 7z, etc., but the file extension can be modified at will. The target type of the file can be identified by identifying the header bytes of the file. Taking the zip file as an example, the header bytes of the zip file are generally fixed 50 4B 03 04. Scan the first header information of the firmware file, and obtain the first header information as 50 4B 03 04, then it can be determined that the firmware file is a compressed file of the zip type, the file extension is zip, and the MIME type is application/zip.

S103,基于所述匹配结果,确定所述固件文件的目标类型;S103, determining a target type of the firmware file based on the matching result;

具体的,基于第一头部信息与第一信息映射表的匹配结果,确定固件文件的MIME类型。Specifically, based on the matching result between the first header information and the first information mapping table, the MIME type of the firmware file is determined.

S104,基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。S104, based on the target type, calling the target program file to parse the firmware file to obtain a file to be extracted.

具体的,基于MIME类型,调用对应的目标程序文件对固件文件进行自动化解析处理,得到待提取文件,无需手动输入操作指令,降低了固件解析的操作复杂度。目标程序文件的表现形式为插件化架构,具体表现为解密插件、解压插件和提取插件,采用插件化架构便于固件解析工具的开发和维护,提升开发过程中的灵活性和可扩展性,固件解析工具为本申请实施例提供的可以解析固件以获取固件信息的应用工具,解析处理包括解密处理和解压处理,待提取文件为无需进行解密或解压,可直接提取固件信息的文件。Specifically, based on the MIME type, the corresponding target program file is called to automatically parse the firmware file to obtain the file to be extracted, without manually entering the operation instructions, reducing the operational complexity of firmware parsing. The target program file is expressed in a plug-in architecture, specifically a decryption plug-in, a decompression plug-in and an extraction plug-in. The use of a plug-in architecture facilitates the development and maintenance of firmware parsing tools, and improves the flexibility and scalability of the development process. The firmware parsing tool is an application tool provided in the embodiment of the present application that can parse the firmware to obtain firmware information. The parsing process includes decryption processing and decompression processing. The file to be extracted is a file that can directly extract firmware information without decryption or decompression.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率,采用插件化的解析架构,提升了开发过程中的灵活性和可扩展性,保证了固件解析工具的使用效果。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operation and improves the efficiency of firmware parsing. The plug-in parsing architecture is adopted to improve the flexibility and scalability of the development process and ensure the use effect of the firmware parsing tool.

请参见图3,为本申请实施例提供了一种固件解析方法的流程示意图。如图3所示,本申请实施例的方法可以包括以下步骤S201-步骤S209。Please refer to Figure 3, which is a flowchart of a firmware parsing method provided in an embodiment of the present application. As shown in Figure 3, the method in the embodiment of the present application may include the following steps S201-S209.

S201,获取固件文件的第一头部信息;S201, obtaining first header information of a firmware file;

具体的,通过扫描固件文件的文件头获取第一头部信息,文件头为文件开头的一段数据,第一头部信息为固件文件的前几个字节,其中包含了识别文件类型的标识符和特征码。本申请实施例仅通过扫描固件文件的文件头获取第一头部信息,无需对固件文件的全部信息进行扫描,提升了固件解析的速度。可选的,固件文件可以从固件厂商的官网下载获取,也可以通过读取硬件设备存储器的方式获取。Specifically, the first header information is obtained by scanning the file header of the firmware file. The file header is a piece of data at the beginning of the file. The first header information is the first few bytes of the firmware file, which contains an identifier and a feature code for identifying the file type. The embodiment of the present application obtains the first header information only by scanning the file header of the firmware file, without scanning all the information of the firmware file, thereby improving the speed of firmware parsing. Optionally, the firmware file can be downloaded from the official website of the firmware manufacturer, or obtained by reading the memory of the hardware device.

S202,从第一信息映射表中查找与第一头部信息相匹配的头部信息对应的目标类型,得到匹配结果;S202, searching the first information mapping table for a target type corresponding to the header information that matches the first header information, and obtaining a matching result;

具体的,将第一头部信息与第一信息映射表中的文件头字节进行匹配,得到匹配结果,以确定目标类型。第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型,目标类型为MIME类型,MIME类型是一种用于标识文件类型和内容的机制,能够确保文件在不同的网络环境、平台和操作系统中以预期的方式被处理和识别。请参见图2,第一信息映射表包括文件头字节、文件扩展名、MIME类型三列,文件扩展名用于判定文件的种类,从而知道其格式和用途,文件扩展名有很多种,例如:doc、jpeg、tar、zip、7z等,但文件扩展名可以被随意修改,可以通过识别文件的头字节识别文件的目标类型,以zip文件为例,zip文件的头字节一般为固定的50 4B 03 04,扫描固件文件的第一头部信息,获取第一头部信息为50 4B 03 04,则可以确定该固件文件为zip类型的压缩文件,文件扩展名为zip,MIME类型为application/zip。若匹配成功,则执行步骤S203;若匹配不成功,则执行步骤S204;Specifically, the first header information is matched with the file header bytes in the first information mapping table to obtain a matching result to determine the target type. The first information mapping table is used to match the header information of the firmware file to determine the target type of the firmware file. The target type is the MIME type. The MIME type is a mechanism for identifying the file type and content, which can ensure that the file is processed and identified in an expected manner in different network environments, platforms and operating systems. Please refer to Figure 2. The first information mapping table includes three columns: file header bytes, file extensions, and MIME types. The file extension is used to determine the type of the file, so as to know its format and purpose. There are many types of file extensions, such as: doc, jpeg, tar, zip, 7z, etc., but the file extension can be modified at will. The target type of the file can be identified by identifying the header bytes of the file. Taking the zip file as an example, the header bytes of the zip file are generally fixed 50 4B 03 04. Scan the first header information of the firmware file, and obtain the first header information as 50 4B 03 04, then it can be determined that the firmware file is a compressed file of the zip type, the file extension is zip, and the MIME type is application/zip. If the match is successful, execute step S203; if the match is unsuccessful, execute step S204;

S203,若匹配成功,则基于所述匹配结果确定所述固件文件的目标类型;S203, if the match is successful, determining the target type of the firmware file based on the matching result;

具体的,如果在第一信息映射表中匹配到与第一头部信息相同的文件头字节,则匹配成功,基于该文件头字节对应的MIME类型确定固件文件的MIME类型。Specifically, if the file header bytes identical to the first header information are matched in the first information mapping table, the match is successful, and the MIME type of the firmware file is determined based on the MIME type corresponding to the file header bytes.

S204,若匹配不成功,则对所述固件文件的全部信息进行扫描处理,得到扫描结果,基于所述扫描结果,将所述固件文件的文件信息与第二信息映射表进行匹配,以确定所述固件文件的目标类型;S204, if the match is unsuccessful, scanning all the information of the firmware file to obtain a scanning result, and matching the file information of the firmware file with the second information mapping table based on the scanning result to determine the target type of the firmware file;

具体的,如果在第一信息映射表中未能找到与固件文件的第一头部信息相同的文件头字节,则匹配不成功。对所述固件文件的全部信息进行线性扫描,得到扫描结果,线性扫描为从固件文件的第一个字节开始扫描,直到最后一个字节,基于扫描结果,将固件文件的文件信息与第二信息映射表进行匹配,第二信息映射表用于与所述固件文件的文件信息进行匹配以确定所述固件文件的目标类型,目标类型为MIME类型,文件信息包括文件头和文件尾,文件尾是文件的结束标志,有些文件的文件尾也包含了识别文件类型的标识符和特征码。请参见图4,第二信息映射表包括文件头字节、文件尾字节、文件扩展名、MIME类型四列,文件扩展名用于判定文件的种类,从而知道其格式和用途,文件扩展名有很多种,例如:doc、jpeg、tar、zip、7z等,但文件扩展名可以被随意修改,可以通过识别文件的头字节识别文件的目标类型,有些文件的尾字节也是固定的,以zip文件为例,zip文件的头字节一般为固定的50 4B 03 04,尾字节一般为固定的50 4B,扫描固件文件的全部信息,若固件文件的文件头字节和文件尾字节与第二信息映射表中的文件头字节和尾字节至少一个匹配,则可以确定该固件文件为zip类型的压缩文件,文件扩展名为zip,MIME类型为application/zip。Specifically, if the file header byte identical to the first header information of the firmware file is not found in the first information mapping table, the match is unsuccessful. Linear scanning is performed on all the information of the firmware file to obtain a scanning result. The linear scanning is to scan from the first byte of the firmware file to the last byte. Based on the scanning result, the file information of the firmware file is matched with the second information mapping table. The second information mapping table is used to match the file information of the firmware file to determine the target type of the firmware file. The target type is the MIME type. The file information includes a file header and a file tail. The file tail is the end mark of the file. The file tail of some files also contains an identifier and a feature code for identifying the file type. Please refer to Figure 4. The second information mapping table includes four columns: file header byte, file tail byte, file extension, and MIME type. The file extension is used to determine the type of file, so as to know its format and purpose. There are many types of file extensions, such as: doc, jpeg, tar, zip, 7z, etc., but the file extension can be modified at will. The target type of the file can be identified by identifying the file header byte. The tail byte of some files is also fixed. Taking zip files as an example, the header bytes of zip files are generally fixed 50 4B 03 04, and the tail bytes are generally fixed 50 4B. Scan all the information of the firmware file. If the file header byte and the file tail byte of the firmware file match at least one of the file header byte and the tail byte in the second information mapping table, it can be determined that the firmware file is a compressed file of the zip type, the file extension is zip, and the MIME type is application/zip.

可以理解的是,如果在第二信息映射表中未能找到与固件文件的文件信息相同的文件头字节或文件尾字节,则考虑该固件文件为全新的格式。对该固件文件进行人工分析,根据固件的厂商、过往版本等分析得到该固件文件的加密算法或压缩算法,采用对应的解密算法和解压算法进行解析处理,同时自定义一个MIME类型,预先设置针对该固件文件的MIME类型的检测规则,将该MIME类型和标识MIME类型的文件头字节添加至第一信息映射表中。It is understandable that if the file header byte or file tail byte that is the same as the file information of the firmware file cannot be found in the second information mapping table, the firmware file is considered to be in a completely new format. The firmware file is manually analyzed, and the encryption algorithm or compression algorithm of the firmware file is obtained according to the firmware manufacturer, previous versions, etc., and the corresponding decryption algorithm and decompression algorithm are used for parsing and processing. At the same time, a MIME type is customized, and the detection rules for the MIME type of the firmware file are pre-set, and the MIME type and the file header byte that identifies the MIME type are added to the first information mapping table.

S205,基于目标类型,调用目标程序文件对固件文件进行解析处理,得到待提取文件;S205, based on the target type, calling the target program file to parse the firmware file to obtain the file to be extracted;

具体的,基于固件文件的MIME类型,调用对应于MIME类型的目标程序文件进行解析处理,得到待提取文件,无需手动输入操作指令,降低了固件解析的操作复杂度。目标程序文件的表现形式为插件化架构,具体表现为解密插件、解压插件和提取插件,采用插件化架构便于固件解析工具的开发和维护,提升开发过程中的灵活性和可扩展性,固件解析工具为本申请实施例提供的可以解析固件以获取固件信息的应用工具,解析处理包括解密处理和解压处理,待提取文件为无需进行解密或解压,可直接提取固件信息的文件。Specifically, based on the MIME type of the firmware file, the target program file corresponding to the MIME type is called for parsing and processing to obtain the file to be extracted, without manually entering the operation instructions, reducing the operational complexity of firmware parsing. The target program file is expressed in a plug-in architecture, specifically in the form of a decryption plug-in, a decompression plug-in, and an extraction plug-in. The use of a plug-in architecture facilitates the development and maintenance of firmware parsing tools, and improves the flexibility and scalability of the development process. The firmware parsing tool is an application tool provided in the embodiment of the present application that can parse the firmware to obtain firmware information. The parsing process includes decryption processing and decompression processing. The file to be extracted is a file that can directly extract firmware information without decryption or decompression.

可以理解的是,若固件文件是加密文件,则调用对应于该固件文件的MIME类型的解密插件对所述固件文件进行解密处理,得到解密后的固件文件。解密处理基于自动解密流程进行,自动解密流程为首先进行加密信息的预提取,判断加密信息是否符合预设的规则,加密信息为固件厂商、加密逻辑、加密算法等信息,若符合,则采用对应的解密算法进行解密,解密完成后,总结该固件的识别特征并添加至解密处理的流程中,以使得下次解密可以根据识别特征直接判断固件文件的加密信息,识别特征包括但不限于固件厂商、文件头、字节序列等特征,解密完成后,调用解压插件对解密后的固件文件进行解压处理,得到待提取文件。It is understandable that if the firmware file is an encrypted file, the decryption plug-in corresponding to the MIME type of the firmware file is called to decrypt the firmware file to obtain the decrypted firmware file. The decryption process is based on the automatic decryption process. The automatic decryption process is to first pre-extract the encrypted information and determine whether the encrypted information meets the preset rules. The encrypted information is information such as the firmware manufacturer, encryption logic, encryption algorithm, etc. If it meets the requirements, the corresponding decryption algorithm is used for decryption. After the decryption is completed, the identification features of the firmware are summarized and added to the decryption process, so that the next decryption can directly determine the encryption information of the firmware file based on the identification features. The identification features include but are not limited to the firmware manufacturer, file header, byte sequence and other features. After the decryption is completed, the decompression plug-in is called to decompress the decrypted firmware file to obtain the file to be extracted.

若固件文件不是加密文件,则直接调用解压插件对固件文件进行解压处理,得到待提取文件,解压处理的具体过程为基于MIME类型识别固件文件的压缩算法,采用对应的解压算法进行解压。可以理解的是,某些压缩算法可能被厂商自定义修改,针对这种压缩算法,即使识别出压缩算法类型也无法准确定位压缩数据的偏移位置,因此,解压处理中还包括自定义的解压算法,自定义的解压算法为识别出压缩算法后,取不同的偏移位置对固件文件的头部信息进行尝试性解压,进而识别出厂商所自定义的压缩算法,完成解压处理。If the firmware file is not an encrypted file, the decompression plug-in is directly called to decompress the firmware file to obtain the file to be extracted. The specific process of the decompression process is to identify the compression algorithm of the firmware file based on the MIME type and use the corresponding decompression algorithm to decompress it. It is understandable that some compression algorithms may be customized by the manufacturer. For such compression algorithms, even if the compression algorithm type is identified, the offset position of the compressed data cannot be accurately located. Therefore, the decompression process also includes a customized decompression algorithm. After the customized decompression algorithm is identified, different offset positions are taken to try to decompress the header information of the firmware file, and then the compression algorithm customized by the manufacturer is identified to complete the decompression process.

可以理解的是,针对存在文件嵌套压缩的固件文件,文件嵌套压缩为从固件文件中解压出多个新的压缩文件,本申请实施例通过循环迭代式解压算法对固件文件进行解压。循环迭代式解压算法是指对固件文件进行解压之后,将解压产生的文件作为输入,继续进行扫描识别,基于扫描识别的结果判断是否存在压缩文件,若存在,则根据扫描识别结果进行对应的解压,将解压产生的文件继续作为输入。本申请实施例的循环迭代算法为调用解压插件对固件文件进行解压处理,得到待解析文件,通过扫描该待解析文件的文件头获取第二头部信息,从第一信息映射表中查找与第二头部信息相匹配的头部信息对应的MIME类型,得到匹配结果,基于匹配结果,确定该待解析文件的MIME类型,响应于该MIME类型,若该待解析文件不是压缩文件,则将该待解析文件作为待提取文件;若该待解析文件是压缩文件,则调用对应的解压插件对该待解析文件进行解压处理,得到下一个待解析文件,将该待解析文件作为输入,进行扫描识别,基于扫描识别的结果判断是否进行解压处理,直至得到待提取文件。It can be understood that for firmware files with nested file compression, the nested file compression is to decompress multiple new compressed files from the firmware file, and the embodiment of the present application decompresses the firmware file through a cyclic iterative decompression algorithm. The cyclic iterative decompression algorithm means that after decompressing the firmware file, the file generated by the decompression is used as input, and scanning and recognition are continued. Based on the results of the scanning and recognition, it is determined whether there is a compressed file. If so, the corresponding decompression is performed according to the scanning and recognition results, and the file generated by the decompression is continued as input. The cyclic iterative algorithm of the embodiment of the present application is to call a decompression plug-in to decompress the firmware file to obtain a file to be parsed, obtain the second header information by scanning the file header of the file to be parsed, search the MIME type corresponding to the header information matching the second header information from the first information mapping table, obtain a matching result, and determine the MIME type of the file to be parsed based on the matching result. In response to the MIME type, if the file to be parsed is not a compressed file, the file to be parsed is used as a file to be extracted; if the file to be parsed is a compressed file, the corresponding decompression plug-in is called to decompress the file to be parsed to obtain the next file to be parsed, and the file to be parsed is used as input for scanning and identification, and whether to perform decompression is determined based on the result of the scanning and identification, until the file to be extracted is obtained.

S206,将所述待提取文件保存至待提取文件集合中;S206, saving the to-be-extracted file into a to-be-extracted file set;

具体的,将每次解压得到的待提取文件保存至待提取文件集合中,待提取文件集合可以为文件夹。Specifically, the to-be-extracted files obtained by each decompression are saved in a to-be-extracted file set, and the to-be-extracted file set may be a folder.

S207,基于所述目标类型调用对应的提取程序,从所述待提取文件集合中的待提取文件中提取固件信息。S207: Call a corresponding extraction program based on the target type to extract firmware information from the files to be extracted in the set of files to be extracted.

具体的,每个MIME类型都有对应的提取插件,基于MIME类型调用与待提取文件对应的提取插件,从待提取文件中提取固件信息,固件信息包括但不限于文件系统、函数库、交叉编译器版本等。Specifically, each MIME type has a corresponding extraction plug-in. The extraction plug-in corresponding to the file to be extracted is called based on the MIME type to extract firmware information from the file to be extracted. The firmware information includes but is not limited to the file system, function library, cross-compiler version, etc.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率,解密过程中的自动解密流程和解压过程中的循环迭代式解压算法实现了对不同来源、不同结构的固件进行解析处理,采用插件化的解析架构,提升了开发过程中的灵活性和可扩展性,保证了固件解析工具的使用效果。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operations and improves the efficiency of firmware parsing. The automatic decryption process in the decryption process and the cyclic iterative decompression algorithm in the decompression process realize the parsing and processing of firmware from different sources and different structures. The plug-in parsing architecture is adopted to improve the flexibility and scalability of the development process and ensure the use effect of the firmware parsing tool.

下面将结合附图5-附图8,对本申请实施例提供的固件解析装置进行详细介绍。需要说明的是,附图5-附图8中的固件解析装置,用于执行本申请图1和图3所示实施例的方法,为了便于说明,仅示出了与本申请实施例相关的部分,具体技术细节未揭示的,请参照本申请图1和图3所示的实施例。The firmware parsing device provided in the embodiment of the present application will be described in detail below in conjunction with Figures 5 to 8. It should be noted that the firmware parsing device in Figures 5 to 8 is used to execute the method of the embodiment shown in Figures 1 and 3 of the present application. For the convenience of explanation, only the part related to the embodiment of the present application is shown. For the specific technical details not disclosed, please refer to the embodiment shown in Figures 1 and 3 of the present application.

请参见图5,为本申请实施例提供了一种固件解析装置的结构示意图。如图5所示,本申请实施例的固件解析装置1可以包括:头部信息获取单元11、匹配单元12、目标类型确定单元13和解析单元14。Please refer to Fig. 5, which is a schematic diagram of the structure of a firmware parsing device according to an embodiment of the present application. As shown in Fig. 5, the firmware parsing device 1 according to the embodiment of the present application may include: a header information acquisition unit 11, a matching unit 12, a target type determination unit 13 and a parsing unit 14.

头部信息获取单元11,用于获取固件文件的第一头部信息;The header information acquisition unit 11 is used to acquire the first header information of the firmware file;

匹配单元12,用于将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;A matching unit 12, configured to match the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine a target type of the firmware file;

目标类型确定单元13,用于基于所述匹配结果,确定所述固件文件的目标类型;A target type determination unit 13, configured to determine a target type of the firmware file based on the matching result;

解析单元14,用于基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。The parsing unit 14 is used to call the target program file to parse the firmware file based on the target type to obtain the file to be extracted.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率,采用插件化的解析架构,提升了开发过程中的灵活性和可扩展性,保证了固件解析工具的使用效果。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operation and improves the efficiency of firmware parsing. The plug-in parsing architecture is adopted to improve the flexibility and scalability of the development process and ensure the use effect of the firmware parsing tool.

请参见图6,为本申请实施例提供了一种固件解析装置的结构示意图。如图6所示,本申请实施例的固件解析装置1可以包括:头部信息获取单元11、匹配单元12、目标类型确定单元13、解析单元14、待提取文件保存单元15、信息提取单元16。Please refer to Figure 6, which is a schematic diagram of the structure of a firmware parsing device according to an embodiment of the present application. As shown in Figure 6, the firmware parsing device 1 according to the embodiment of the present application may include: a header information acquisition unit 11, a matching unit 12, a target type determination unit 13, a parsing unit 14, a file storage unit 15, and an information extraction unit 16.

头部信息获取单元11,用于获取固件文件的第一头部信息;The header information acquisition unit 11 is used to acquire the first header information of the firmware file;

匹配单元12,用于将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;A matching unit 12, configured to match the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine a target type of the firmware file;

具体的,请一并参见图7,为本申请实施例提供了一种匹配单元的结构示意图。如图7所示,匹配单元12可以包括:Specifically, please refer to FIG. 7 , which is a schematic diagram of a matching unit structure provided in an embodiment of the present application. As shown in FIG. 7 , the matching unit 12 may include:

目标类型查找子单元121,用于从所述第一信息映射表中查找与所述第一头部信息相匹配的头部信息对应的目标类型,得到匹配结果。The target type search subunit 121 is used to search the first information mapping table for a target type corresponding to the header information that matches the first header information, and obtain a matching result.

目标类型确定单元13,用于基于所述匹配结果,确定所述固件文件的目标类型;A target type determination unit 13, configured to determine a target type of the firmware file based on the matching result;

具体的,请一并参见图8,为本申请实施例提供了一种目标类型确定单元的结构示意图。如图8所示,目标类型确定单元13可以包括:Specifically, please refer to FIG8 , which is a schematic diagram of the structure of a target type determination unit according to an embodiment of the present application. As shown in FIG8 , the target type determination unit 13 may include:

匹配成功子单元131,用于若匹配成功,则基于所述匹配结果确定所述固件文件的目标类型;A matching success subunit 131, configured to determine the target type of the firmware file based on the matching result if the matching is successful;

匹配失败子单元132,用于若匹配不成功,则对所述固件文件的全部信息进行扫描处理,得到扫描结果,基于所述扫描结果,将所述固件文件的文件信息与第二信息映射表进行匹配,以确定所述固件文件的目标类型,所述第二信息映射表用于与所述固件文件的文件信息进行匹配以确定所述固件文件的目标类型。The match failure subunit 132 is used to scan and process all the information of the firmware file to obtain a scan result if the match is unsuccessful, and based on the scan result, match the file information of the firmware file with a second information mapping table to determine the target type of the firmware file, and the second information mapping table is used to match the file information of the firmware file to determine the target type of the firmware file.

解析单元14,用于基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件;The parsing unit 14 is used to call the target program file to parse the firmware file based on the target type to obtain a file to be extracted;

具体的,请一并参见图9,为本申请实施例提供了一种解析单元的结构示意图。如图9所示,解析单元14可以包括:Specifically, please refer to FIG9 , which is a schematic diagram of the structure of a parsing unit provided in an embodiment of the present application. As shown in FIG9 , the parsing unit 14 may include:

加密文件解析子单元141,用于若所述固件文件是加密文件,则调用对应的解密程序对所述固件文件进行解密处理,得到解密后的固件文件,调用解压程序对所述固件文件进行解压处理,得到待提取文件;The encrypted file parsing subunit 141 is used for, if the firmware file is an encrypted file, calling a corresponding decryption program to decrypt the firmware file to obtain a decrypted firmware file, and calling a decompression program to decompress the firmware file to obtain a file to be extracted;

非加密文件解析子单元142,用于若所述固件文件不是加密文件,则调用解压程序对所述固件文件进行解压处理,得到待提取文件。The non-encrypted file parsing subunit 142 is used to call a decompression program to decompress the firmware file if the firmware file is not an encrypted file, so as to obtain a file to be extracted.

待提取文件保存单元15,用于将所述待提取文件保存至待提取文件集合中;A to-be-extracted file storage unit 15, used for storing the to-be-extracted file in a to-be-extracted file set;

信息提取单元16,用于基于所述目标类型调用对应的提取程序,从所述待提取文件集合中的待提取文件中提取固件信息。The information extraction unit 16 is used to call a corresponding extraction program based on the target type to extract firmware information from the files to be extracted in the set of files to be extracted.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率,解密过程中的自动解密流程和解压过程中的循环迭代式解压算法实现了对不同来源、不同结构的固件进行解析处理,采用插件化的解析架构,提升了开发过程中的灵活性和可扩展性,保证了固件解析工具的使用效果。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operations and improves the efficiency of firmware parsing. The automatic decryption process in the decryption process and the cyclic iterative decompression algorithm in the decompression process realize the parsing and processing of firmware from different sources and different structures. The plug-in parsing architecture is adopted to improve the flexibility and scalability of the development process and ensure the use effect of the firmware parsing tool.

请参见图10,为本申请实施例提供了一种计算机设备的结构示意图。如图10所示,计算机设备1000可以包括:至少一个处理器1001,例如CPU,至少一个网络接口1004,输入输出接口1003,存储器1005,至少一个通信总线1002。其中,通信总线1002用于实现这些组件之间的连接通信。其中,网络接口1004可选的可以包括标准的有线接口、无线接口(如WI-FI接口)。存储器1005可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatilememory),例如至少一个磁盘存储器。存储器1005可选的还可以是至少一个位于远离前述处理器1001的存储装置。如图10所示,作为一种计算机存储介质的存储器1005中可以包括操作系统、网络通信模块、输入输出接口模块以及连接建立应用程序。Please refer to Figure 10, which provides a structural diagram of a computer device for an embodiment of the present application. As shown in Figure 10, the computer device 1000 may include: at least one processor 1001, such as a CPU, at least one network interface 1004, an input and output interface 1003, a memory 1005, and at least one communication bus 1002. Among them, the communication bus 1002 is used to realize the connection communication between these components. Among them, the network interface 1004 may optionally include a standard wired interface and a wireless interface (such as a WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also be at least one storage device located away from the aforementioned processor 1001. As shown in Figure 10, the memory 1005 as a computer storage medium may include an operating system, a network communication module, an input and output interface module, and a connection establishment application.

在一个实施例中,处理器1001可以用于调用存储器1005中存储的连接建立应用程序,并具体执行以下操作:In one embodiment, the processor 1001 may be used to call a connection establishment application stored in the memory 1005, and specifically perform the following operations:

获取固件文件的第一头部信息;Get the first header information of the firmware file;

将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;Matching the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine the target type of the firmware file;

基于所述匹配结果,确定所述固件文件的目标类型;Based on the matching result, determining a target type of the firmware file;

基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。Based on the target type, the target program file is called to parse the firmware file to obtain a file to be extracted.

可选的,处理器1001在执行将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型时,具体执行以下操作:Optionally, when the processor 1001 matches the first header information with a first information mapping table to obtain a matching result, and the first information mapping table is used to match the header information of the firmware file to determine the target type of the firmware file, the processor 1001 specifically performs the following operations:

从所述第一信息映射表中查找与所述第一头部信息相匹配的头部信息对应的目标类型,得到匹配结果。The target type corresponding to the header information matching the first header information is searched in the first information mapping table to obtain a matching result.

可选的,处理器1001在执行基于所述匹配结果,确定所述固件文件的目标类型时,具体执行以下操作:Optionally, when the processor 1001 determines the target type of the firmware file based on the matching result, the processor 1001 specifically performs the following operations:

若匹配成功,则基于所述匹配结果确定所述固件文件的目标类型;If the match is successful, determining the target type of the firmware file based on the matching result;

若匹配不成功,则对所述固件文件的全部信息进行扫描处理,得到扫描结果,基于所述扫描结果,将所述固件文件的文件信息与第二信息映射表进行匹配,以确定所述固件文件的目标类型,所述第二信息映射表用于与所述固件文件的文件信息进行匹配以确定所述固件文件的目标类型。If the match is unsuccessful, all the information of the firmware file is scanned and processed to obtain a scan result. Based on the scan result, the file information of the firmware file is matched with a second information mapping table to determine the target type of the firmware file. The second information mapping table is used to match the file information of the firmware file to determine the target type of the firmware file.

可选的,处理器1001在执行基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件时,具体执行以下操作:Optionally, when the processor 1001 executes the parsing process of the firmware file by calling the target program file based on the target type to obtain the file to be extracted, the following operations are specifically performed:

若所述固件文件是加密文件,则调用对应的解密程序对所述固件文件进行解密处理,得到解密后的固件文件,调用解压程序对所述固件文件进行解压处理,得到待提取文件;If the firmware file is an encrypted file, calling a corresponding decryption program to decrypt the firmware file to obtain a decrypted firmware file, and calling a decompression program to decompress the firmware file to obtain a file to be extracted;

若所述固件文件不是加密文件,则调用解压程序对所述固件文件进行解压处理,得到待提取文件。If the firmware file is not an encrypted file, a decompression program is called to decompress the firmware file to obtain a file to be extracted.

可选的,处理器1001在执行基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件之后,还执行以下操作:Optionally, after the processor 1001 executes the parsing process of the firmware file by calling the target program file based on the target type and obtains the file to be extracted, the processor 1001 further performs the following operations:

将所述待提取文件保存至待提取文件集合中;Saving the to-be-extracted file into a to-be-extracted file set;

基于所述目标类型调用对应的提取程序,从所述待提取文件集合中的待提取文件中提取固件信息。A corresponding extraction program is called based on the target type to extract firmware information from the files to be extracted in the set of files to be extracted.

本申请实施例通过获取固件文件的第一头部信息,将固件文件的第一头部信息与第一信息映射表进行匹配,以确定固件文件的目标类型,无需扫描固件文件的全部信息,提升了固件解析的速度,同时基于目标类型调用对应的目标程序文件对固件文件进行自动化解析,无需手动输入命令,降低了操作复杂度,提升了固件解析的效率,解密过程中的自动解密流程和解压过程中的循环迭代式解压算法实现了对不同来源、不同结构的固件进行解析处理,采用插件化的解析架构,提升了开发过程中的灵活性和可扩展性,保证了固件解析工具的使用效果。The embodiment of the present application obtains the first header information of the firmware file and matches the first header information of the firmware file with the first information mapping table to determine the target type of the firmware file. There is no need to scan all the information of the firmware file, which improves the speed of firmware parsing. At the same time, the firmware file is automatically parsed by calling the corresponding target program file based on the target type. There is no need to manually enter commands, which reduces the complexity of operations and improves the efficiency of firmware parsing. The automatic decryption process in the decryption process and the cyclic iterative decompression algorithm in the decompression process realize the parsing and processing of firmware from different sources and different structures. The plug-in parsing architecture is adopted to improve the flexibility and scalability of the development process and ensure the use effect of the firmware parsing tool.

本申请实施例还提供了一种计算机存储介质,计算机存储介质可以存储有多条程序指令,程序指令适于由处理器加载并执行如上述图1和图3所示实施例的方法步骤,具体执行过程可以参见图1和图3所示实施例的具体说明,在此不进行赘述。An embodiment of the present application also provides a computer storage medium, which can store multiple program instructions. The program instructions are suitable for being loaded by a processor and executing the method steps of the embodiments shown in Figures 1 and 3 above. The specific execution process can be found in the specific description of the embodiments shown in Figures 1 and 3, and will not be repeated here.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。Those skilled in the art can understand that all or part of the processes in the above-mentioned embodiments can be implemented by instructing the relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium, and when the program is executed, it can include the processes of the embodiments of the above-mentioned methods. Among them, the storage medium can be a disk, an optical disk, a read-only memory (ROM) or a random access memory (RAM), etc.

以上所揭露的仅为本申请较佳实施例而已,当然不能以此来限定本申请之权利范围,因此依本申请权利要求所作的等同变化,仍属本申请所涵盖的范围。The above disclosure is only the preferred embodiment of the present application, which certainly cannot be used to limit the scope of rights of the present application. Therefore, equivalent changes made according to the claims of the present application are still within the scope covered by the present application.

Claims (10)

1.一种固件解析方法,其特征在于,包括:1. A firmware analysis method, comprising: 获取固件文件的第一头部信息;Get the first header information of the firmware file; 将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的第一头部信息进行匹配以确定所述固件文件的目标类型;Matching the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the first header information of the firmware file to determine a target type of the firmware file; 基于所述匹配结果,确定所述固件文件的目标类型;Based on the matching result, determining a target type of the firmware file; 基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。Based on the target type, the target program file is called to parse the firmware file to obtain a file to be extracted. 2.根据权利要求1所述的方法,其特征在于,所述基于所述匹配结果,确定所述固件文件的目标类型,包括:2. The method according to claim 1, wherein determining the target type of the firmware file based on the matching result comprises: 若匹配成功,则基于所述匹配结果确定所述固件文件的目标类型;If the match is successful, determining the target type of the firmware file based on the matching result; 若匹配不成功,则对所述固件文件的全部信息进行扫描处理,得到扫描结果,基于所述扫描结果,将所述固件文件的文件信息与第二信息映射表进行匹配,以确定所述固件文件的目标类型,所述第二信息映射表用于与所述固件文件的文件信息进行匹配以确定所述固件文件的目标类型。If the match is unsuccessful, all the information of the firmware file is scanned and processed to obtain a scan result. Based on the scan result, the file information of the firmware file is matched with a second information mapping table to determine the target type of the firmware file. The second information mapping table is used to match the file information of the firmware file to determine the target type of the firmware file. 3.根据权利要求1所述的方法,其特征在于,所述基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件,包括:3. The method according to claim 1, characterized in that the step of calling the target program file to parse the firmware file based on the target type to obtain the file to be extracted comprises: 若所述固件文件是加密文件,则调用对应的解密程序对所述固件文件进行解密处理,得到解密后的固件文件,调用解压程序对所述固件文件进行解压处理,得到待提取文件;If the firmware file is an encrypted file, calling a corresponding decryption program to decrypt the firmware file to obtain a decrypted firmware file, and calling a decompression program to decompress the firmware file to obtain a file to be extracted; 若所述固件文件不是加密文件,则调用解压程序对所述固件文件进行解压处理,得到待提取文件。If the firmware file is not an encrypted file, a decompression program is called to decompress the firmware file to obtain a file to be extracted. 4.根据权利要求3所述的方法,其特征在于,所述若所述固件文件为加密文件,则调用对应的解密程序进行解密处理,得到解密后的固件文件,包括:4. The method according to claim 3, characterized in that if the firmware file is an encrypted file, calling a corresponding decryption program to perform decryption processing to obtain a decrypted firmware file comprises: 若所述固件文件是加密文件,则基于自动解密流程判断所述固件文件的加密算法;If the firmware file is an encrypted file, determining the encryption algorithm of the firmware file based on an automatic decryption process; 根据所述加密算法采用对应的解密算法对所述固件文件进行解密处理。The firmware file is decrypted using a corresponding decryption algorithm according to the encryption algorithm. 5.根据权利要求3所述的方法,其特征在于,所述调用解压程序对所述固件文件进行解压处理,得到待提取文件,包括:5. The method according to claim 3, characterized in that the calling of a decompression program to decompress the firmware file to obtain the file to be extracted comprises: 调用解压程序对所述固件文件进行解压处理,得到待解析文件;Calling a decompression program to decompress the firmware file to obtain a file to be parsed; 获取所述待解析文件的第二头部信息,将所述第二头部信息与所述第一信息映射表进行匹配,得到匹配结果;Acquire second header information of the file to be parsed, and match the second header information with the first information mapping table to obtain a matching result; 基于所述匹配结果,确定所述待解析文件的目标类型;Based on the matching result, determining the target type of the file to be parsed; 响应于所述目标类型,若所述待解析文件不是压缩文件,则将所述待解析文件作为待提取文件;In response to the target type, if the file to be parsed is not a compressed file, treating the file to be parsed as a file to be extracted; 若所述待解析文件是压缩文件,则调用解压程序对所述压缩文件进行解压处理,得到待解析文件,执行获取所述待解析文件的第二头部信息的步骤,直至得到待提取文件。If the file to be parsed is a compressed file, a decompression program is called to decompress the compressed file to obtain the file to be parsed, and the step of obtaining the second header information of the file to be parsed is performed until the file to be extracted is obtained. 6.根据权利要求5所述的方法,其特征在于,所述调用解压程序对所述固件文件进行解压处理,得到待解析文件,包括:6. The method according to claim 5, characterized in that the calling of a decompression program to decompress the firmware file to obtain the file to be parsed comprises: 基于所述目标类型识别压缩算法,采用对应的解压算法对所述固件文件进行解压处理,得到待解析文件。Based on the target type identification compression algorithm, the firmware file is decompressed using a corresponding decompression algorithm to obtain a file to be parsed. 7.根据权利要求1所述的方法,其特征在于,所述方法还包括:7. The method according to claim 1, characterized in that the method further comprises: 将所述待提取文件保存至待提取文件集合中;Saving the to-be-extracted file into a to-be-extracted file set; 基于所述目标类型调用对应的提取程序,从所述待提取文件集合中的待提取文件中提取固件信息。A corresponding extraction program is called based on the target type to extract firmware information from the files to be extracted in the set of files to be extracted. 8.一种固件解析装置,其特征在于,包括:8. A firmware analysis device, comprising: 头部信息获取单元,用于获取固件文件的第一头部信息;A header information acquisition unit, used to acquire first header information of the firmware file; 匹配单元,用于将所述第一头部信息与第一信息映射表进行匹配,得到匹配结果,所述第一信息映射表用于与所述固件文件的头部信息进行匹配以确定所述固件文件的目标类型;a matching unit, configured to match the first header information with a first information mapping table to obtain a matching result, wherein the first information mapping table is used to match the header information of the firmware file to determine a target type of the firmware file; 目标类型确定单元,用于基于所述匹配结果,确定所述固件文件的目标类型;a target type determining unit, configured to determine a target type of the firmware file based on the matching result; 解析单元,用于基于所述目标类型,调用目标程序文件对所述固件文件进行解析处理,得到待提取文件。The parsing unit is used to call the target program file to parse the firmware file based on the target type to obtain the file to be extracted. 9.一种计算机设备,其特征在于,包括处理器、存储器、输入输出接口;9. A computer device, characterized in that it comprises a processor, a memory, and an input and output interface; 所述处理器分别与所述存储器和所述输入输出接口相连,其中,所述输入输出接口用于页面交互,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,以执行如权利要求1-7任一项所述的方法。The processor is connected to the memory and the input/output interface respectively, wherein the input/output interface is used for page interaction, the memory is used for storing program code, and the processor is used for calling the program code to execute the method according to any one of claims 1-7. 10.一种计算机存储介质,其特征在于,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时,执行如权利要求1-7任一项所述的方法。10. A computer storage medium, characterized in that the computer storage medium stores a computer program, wherein the computer program comprises program instructions, and when the program instructions are executed by a processor, the method according to any one of claims 1 to 7 is executed.
CN202410495233.7A 2024-04-23 2024-04-23 Firmware analysis method, storage medium and device Pending CN118444975A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410495233.7A CN118444975A (en) 2024-04-23 2024-04-23 Firmware analysis method, storage medium and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410495233.7A CN118444975A (en) 2024-04-23 2024-04-23 Firmware analysis method, storage medium and device

Publications (1)

Publication Number Publication Date
CN118444975A true CN118444975A (en) 2024-08-06

Family

ID=92317270

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410495233.7A Pending CN118444975A (en) 2024-04-23 2024-04-23 Firmware analysis method, storage medium and device

Country Status (1)

Country Link
CN (1) CN118444975A (en)

Similar Documents

Publication Publication Date Title
CN100447740C (en) System and method for intra-package delta compression of data
US7234165B1 (en) Malware scanning of compressed computer files
US20200089873A1 (en) DYNAMIC CODE EXTRACTION-based AUTOMATIC ANTI-ANALYSIS EVASION AND CODE LOGIC ANALYSIS APPARATUS
US8572054B2 (en) Forward compatibility guaranteed data compression and decompression method and apparatus thereof
CN104217165B (en) The processing method of file and device
CN107402798B (en) Method and apparatus for converting sequencing scripts to reuse JCL in different coding environments
JP2002529849A (en) Data compression method for intermediate object code program executable in embedded system supplied with data processing resources, and embedded system corresponding to this method and having multiple applications
CN116522368A (en) A method for decrypting and analyzing firmware of an Internet of Things device, electronic device, and medium
CN110647753B (en) Method, device and equipment for acquiring kernel file and storage medium
CN103778188A (en) Method and equipment for inquiring and/or maintaining data in library file
CN115357897A (en) Open source software identification method and device
CN115756964A (en) Coprocessor firmware parsing method and device
CN118444975A (en) Firmware analysis method, storage medium and device
CN109002710B (en) Detection method, detection device and computer readable storage medium
CN106802860B (en) Useless class detection method and device
CN113132484A (en) Data transmission method and device
CN112540755A (en) Front-end-based component processing method, device, equipment and storage medium
EP3309680B1 (en) Information processing device, information processing method, and information processing program
CN113961236A (en) Firmware file modification method and system, readable storage medium and computer equipment
CN112612473B (en) File compression packing method, device, device and storage medium
CN112433743A (en) File updating method and device, electronic equipment and storage medium
CN114527984A (en) Shader generation method and device, player and storage medium
CN118916854A (en) Software code protection method, device, storage medium and apparatus
CN116954701B (en) Binary component detection method and system based on blood relationship
CN118784732A (en) A data transmission processing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination