public void AddTest() { var data = new byte[] { 0x11, 0x22, 0x33 }; _sniffer.Add(data, new[] { "what", "file", "type" }); var result = _sniffer.Match(data); Assert.IsTrue(result.Contains("what")); Assert.IsTrue(result.Contains("file")); Assert.IsTrue(result.Contains("type")); }
public void ComplexFileTypeTest() { var sniffer = new Sniffer(); Record record = new Record() { Extentions = "a,b,c", Hex = "0x11 0x22 ?? ?? ?? 0x33", Offset = 2 }; sniffer.Add(record); var data = new byte[] { 0x11, 0x11, 0x11, 0x22, 0xff, 0xdd, 0x1d, 0x33 }; var result = sniffer.Match(data); Assert.IsTrue(result.Contains("a")); Assert.IsTrue(result.Contains("b")); Assert.IsTrue(result.Contains("c")); }
public void OverlapTest() { var sniffer = new Sniffer(); sniffer.Populate(FileTypes.Common); sniffer.Populate(FileTypes.Unfrequent); var data = new byte[] { 0xff, 0xd8, 0xff, 0xdb }; sniffer.Add(data, new[] { "jpegx" }); var result = sniffer.Match(data); Assert.IsTrue(result.Contains("jpg")); Assert.IsTrue(result.Contains("jpeg")); Assert.IsTrue(result.Contains("jpegx")); }
public void FindAllTest() { var sniffer = new Sniffer(); sniffer.Populate(FileTypes.Common); sniffer.Populate(FileTypes.Unfrequent); var data = new byte[] { 0x25, 0x50, 0x44, 0x46, 0x11 }; sniffer.Add(data, new[] { "pdfx" }); var result = sniffer.Match(data, true); Assert.IsTrue(result.Contains("pdf")); Assert.IsTrue(result.Contains("pdfx")); }
private void button1_Click(object sender, EventArgs e) { dataGridView1.Rows.Clear(); folderBrowserDialog1.SelectedPath = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments); DialogResult result = folderBrowserDialog1.ShowDialog(); textBox1.Text = folderBrowserDialog1.SelectedPath; path = folderBrowserDialog1.SelectedPath; string[] allfiles = Directory.GetFiles(folderBrowserDialog1.SelectedPath, "*.*", SearchOption.AllDirectories); System.Text.Encoding enc = System.Text.Encoding.ASCII; Sniffer sniffer = new Sniffer(); sniffer.Populate(FileTypes.Common); sniffer.Add(new Record("plist", "62 70")); //adding plist sniffer.Add(new Record("jpg", "FF D8 FF E1 09 50 68")); // sniffer.Add(new Record("data", "0C 00 00 00 0B 00 00")); sniffer.Add(new Record("JSON", "7B")); sniffer.Add(new Record("Binary Cookies", "63 6F 6F")); sniffer.Add(new Record("SQLite DB", "53 51 4c 69")); sniffer.Add(new Record("SQLite WAL", "37 7F 06")); sniffer.Add(new Record("SQLite SHM", "18 E2 2D")); sniffer.Add(new Record("Serialised Data", "52 B7 0E 08")); sniffer.Add(new Record("Android Manifest", "31 0A 63 6F")); foreach (var file in allfiles) { string typelist = ""; FileInfo info = new FileInfo(file); //Console.WriteLine(file); DataGridViewRow row = new DataGridViewRow(); byte[] fileHead = ReadFileHead(file); //Console.WriteLine(sniffer.Match(fileHead)); List <string> results = sniffer.Match(fileHead, false); foreach (var i in results) { typelist = typelist + "," + i; matchtype = 0; } if (typelist == "" && file.Contains("NetworkCache")) { typelist = "NetworkCacheBlob"; matchtype = 1; } if (typelist == "" && info.Extension.Contains("json")) { typelist = "JSON"; matchtype = 1; } if (typelist == "" && info.Extension.Contains(".log")) { typelist = "Log"; matchtype = 1; } if (typelist == "" && file.Contains("com.apple.WebKit.WebContent") && (info.Extension.Contains("data") | info.Extension.Contains("maps"))) { typelist = "WebKitData"; matchtype = 1; } if (typelist == "") { typelist = "Unknown"; matchtype = 1; } if (info.Length == 0) { typelist = "Empty File"; matchtype = 0; } dataGridView1.Rows.Add(file.Replace(folderBrowserDialog1.SelectedPath, ""), typelist, ByteArrayToString(fileHead)); //dataGridView1.Rows[XmlReadMode - 1].Cells[2].Style.ForeColor = Color.Purple; typelist = ""; } }