public void AddTest()
{
var data = new byte[]
{
0x11,
0x22,
0x33
};
_sniffer.Add(data, new[] { "what", "file", "type" });
var result = _sniffer.Match(data);
Assert.IsTrue(result.Contains("what"));
Assert.IsTrue(result.Contains("file"));
Assert.IsTrue(result.Contains("type"));
}
public void ComplexFileTypeTest()
{
var sniffer = new Sniffer();
Record record = new Record()
{
Extentions = "a,b,c",
Hex = "0x11 0x22 ?? ?? ?? 0x33",
Offset = 2
};
sniffer.Add(record);
var data = new byte[]
{
0x11, 0x11, 0x11, 0x22, 0xff, 0xdd, 0x1d, 0x33
};
var result = sniffer.Match(data);
Assert.IsTrue(result.Contains("a"));
Assert.IsTrue(result.Contains("b"));
Assert.IsTrue(result.Contains("c"));
}
public void OverlapTest()
{
var sniffer = new Sniffer();
sniffer.Populate(FileTypes.Common);
sniffer.Populate(FileTypes.Unfrequent);
var data = new byte[]
{
0xff,
0xd8,
0xff,
0xdb
};
sniffer.Add(data, new[] { "jpegx" });
var result = sniffer.Match(data);
Assert.IsTrue(result.Contains("jpg"));
Assert.IsTrue(result.Contains("jpeg"));
Assert.IsTrue(result.Contains("jpegx"));
}
public void FindAllTest()
{
var sniffer = new Sniffer();
sniffer.Populate(FileTypes.Common);
sniffer.Populate(FileTypes.Unfrequent);
var data = new byte[]
{
0x25,
0x50,
0x44,
0x46,
0x11
};
sniffer.Add(data, new[] { "pdfx" });
var result = sniffer.Match(data, true);
Assert.IsTrue(result.Contains("pdf"));
Assert.IsTrue(result.Contains("pdfx"));
}
private void button1_Click(object sender, EventArgs e)
{
dataGridView1.Rows.Clear();
folderBrowserDialog1.SelectedPath = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments);
DialogResult result = folderBrowserDialog1.ShowDialog();
textBox1.Text = folderBrowserDialog1.SelectedPath;
path = folderBrowserDialog1.SelectedPath;
string[] allfiles = Directory.GetFiles(folderBrowserDialog1.SelectedPath, "*.*", SearchOption.AllDirectories);
System.Text.Encoding enc = System.Text.Encoding.ASCII;
Sniffer sniffer = new Sniffer();
sniffer.Populate(FileTypes.Common);
sniffer.Add(new Record("plist", "62 70")); //adding plist
sniffer.Add(new Record("jpg", "FF D8 FF E1 09 50 68")); //
sniffer.Add(new Record("data", "0C 00 00 00 0B 00 00"));
sniffer.Add(new Record("JSON", "7B"));
sniffer.Add(new Record("Binary Cookies", "63 6F 6F"));
sniffer.Add(new Record("SQLite DB", "53 51 4c 69"));
sniffer.Add(new Record("SQLite WAL", "37 7F 06"));
sniffer.Add(new Record("SQLite SHM", "18 E2 2D"));
sniffer.Add(new Record("Serialised Data", "52 B7 0E 08"));
sniffer.Add(new Record("Android Manifest", "31 0A 63 6F"));
foreach (var file in allfiles)
{
string typelist = "";
FileInfo info = new FileInfo(file);
//Console.WriteLine(file);
DataGridViewRow row = new DataGridViewRow();
byte[] fileHead = ReadFileHead(file);
//Console.WriteLine(sniffer.Match(fileHead));
List <string> results = sniffer.Match(fileHead, false);
foreach (var i in results)
{
typelist = typelist + "," + i;
matchtype = 0;
}
if (typelist == "" && file.Contains("NetworkCache"))
{
typelist = "NetworkCacheBlob";
matchtype = 1;
}
if (typelist == "" && info.Extension.Contains("json"))
{
typelist = "JSON";
matchtype = 1;
}
if (typelist == "" && info.Extension.Contains(".log"))
{
typelist = "Log";
matchtype = 1;
}
if (typelist == "" && file.Contains("com.apple.WebKit.WebContent") && (info.Extension.Contains("data") | info.Extension.Contains("maps")))
{
typelist = "WebKitData";
matchtype = 1;
}
if (typelist == "")
{
typelist = "Unknown";
matchtype = 1;
}
if (info.Length == 0)
{
typelist = "Empty File";
matchtype = 0;
}
dataGridView1.Rows.Add(file.Replace(folderBrowserDialog1.SelectedPath, ""), typelist, ByteArrayToString(fileHead));
//dataGridView1.Rows[XmlReadMode - 1].Cells[2].Style.ForeColor = Color.Purple;
typelist = "";
}
}
