createstringsfromvmwarelog.py

1. #!/usr/bin/env python
2. #
3. # This program takes a VMWare USB log, and parses the
4. # data sent by a specific endpoint
5. #
6. # brad.antoniewicz@foundstone.org
7. #
8.  
9. '''
10. Useful one liners:
11.  
12. grep -B 6 "42 ad 00 4a" ~/navigo/vmware_omnikey_navigo_successauth.log | sed -e '/Up/d' -e '/Down/d' -e 's/^.*USBIO: //' -e 's/^[0-9]\{3\}: //' -e 's/\(.\)\{17\}$//g' | tr -d '\n' | sed -e 's/--/\n/g' | tr 'a-z' 'A-Z' | sort
13.  
14. grep -A 6 "00 4a 00" ~/navigo/vmware_omnikey_navigo_successauth.log | sed -e 's/^.*USBIO: //' -e /2013/d -e 's/^[0-9]\{3\}: //' -e 's/\(.\)\{17\}$//g' | tr -d '\n' | sed -e 's/--/\n/g'
15.  
16. '''
17.  
18.  
19.  
20. import re;
21. import sys;
22. import getopt;
23.  
24.  
25.  
26. def parseLine(line,responseList):
27.     #print line
28.     matchObj = re.match(r'.*\d{3}: ((?:(?:[0-9a-f]{2}) ){1,}).{1,}', line, re.M);
29.     if matchObj:
30.         bytes = str(matchObj.group(1)).split(" ");
31.         for byte in bytes:
32.             if byte != "":
33.                 responseList.append(byte); 
34.  
35. def printVar(master):
36.     count = 0;
37.     strCount = 0;
38.     for responseList in master:
39.         print "respStr_%04d\t= [\t"%(strCount),;
40.         for i in responseList[:-1]:
41.             if count == 7:
42.                 print "0x%s,"%i;
43.                 print "\t\t\t",
44.                 count = 0;
45.             else:
46.                 print "0x%s, "%(i),;
47.                 count += 1;
48.         print "0x%s"%responseList[-1];
49.         print "\n\t\t\t];\n";
50.         count=0;
51.         strCount += 1;
52.  
53. def printLine(master):
54.     for responseList in master:
55.         for i in responseList[:-1]:
56.             print " %s"%i,;
57.         print " %s"%responseList[-1];
58.  
59. def findDups(master):
60.     checked = [];
61.     for e in master:
62.         if e not in checked:
63.             checked.append(e);
64.     return checked;
65.  
66.  
67. def usage():
68.     print "\nSet the following settings within the .vmx file associated with your VM:"
69.     print " \t#";
70.     print " \t# START USB Debugging Options";
71.     print " \t# as per http://vusb-analyzer.sourceforge.net/tutorial.html";
72.     print " \t#";
73.     print " \t.encoding = \"windows-1252\"";
74.     print " \t";
75.     print " \tmonitor = \"debug\"";
76.     print " \tusb.analyzer.enable = TRUE";
77.     print " \tusb.analyzer.maxLine = 8192";
78.     print " \tmouse.vusb.enable = FALSE";
79.     print " \t";
80.     print " \t#";
81.     print " \t# END USB Debugging Options";
82.     print " \t#";
83.     print " \t#";
84.     print "\nUsage:"
85.     print "\t-f [file]\t VMWare Log File (USBIO)";
86.     print "\t-e [EP ADDR]\t Endpoint 1 (Host - Implies USBIO Down - No work)";
87.     print "\t-p [EP ADDR]\t Endpoint 2 (Device)";
88.     print "\t-i \t Output python importable variables";
89.     print "\t-s \t Output hex strings";
90.     print "\t-r \t Remove duplicates";
91.     print "Example:"
92.     print "\t" + sys.argv[0] + " 84 vmware.log";
93.     print "\n";
94.     sys.exit(-1);
95.  
96. '''
97. main
98. '''
99.  
100. endPoint1 = endPoint2 = output = remDups = 0;
101. vmLogFile = None;
102.  
103.  
104. print "VMWare USBIO Log Parser"
105. print "Creates importable Python strings"
106. print "by brad.antoniewicz@foundstone.com"
107. print "------------------------------------------"
108.  
109. try:
110.     opts,args = getopt.getopt(sys.argv[1:], "hf:e:p:rsi", []);
111. except getopt.GetoptError:
112.     usage(sys.argv[0]);
113.  
114. for o,a in opts:
115.     if o == "-h":
116.         usage();
117.     if o == "-f":
118.         vmLogFile = a;
119.     if o == "-e":
120.         endPoint1 = a;
121.     if o == "-p":
122.         endPoint2 = a;
123.     if o == "-i":
124.         output = 0; # Python Output
125.     if o == "-s":
126.         output = 1; # Hex output
127.     if o == "-r":
128.         remDups = 1;
129.        
130.  
131. if vmLogFile == None or ( endPoint2 == 0 and endPoint1 == 0):
132.     usage();
133.  
134. numLinesAfter = 0;
135. #strCount = 0;
136. getState = 0;
137.  
138. #ep1RespList = []; # Usually the host
139. #ep2RespList = []; # Usually the device
140.  
141. epRespList = [];
142. responseListMaster = [];
143. responseListFinal = [];
144.  
145. epSearchStr=None;
146.  
147. if endPoint1 != 0:
148.     print "[+] Search for Endpoint1 [" + endPoint1 + "] within " + vmLogFile;
149.     ep1SearchStr = "USBIO: Down.*endpt="+endPoint1+".* datalen=([0-9]{1,}) .*";
150.     epSearchStr = ep1SearchStr;
151. elif endPoint2 != 0:
152.     print "[+] Search for Endpoint2 [" + endPoint2 + "] within " + vmLogFile;
153.     ep2SearchStr = "USBIO: Up.*endpt="+endPoint2+".* datalen=([0-9]{1,}) .*";
154.     epSearchStr = ep2SearchStr;
155.  
156.  
157.  
158. inputFile = open(vmLogFile, 'r');
159.  
160. for line in inputFile:
161.     if numLinesAfter == 0:
162.         matchObj = re.search(r''+epSearchStr+'', line, re.M);
163.         if matchObj:
164.             packetLen = int(matchObj.group(1));
165.             if packetLen%16 == 0:
166.                 numLinesAfter = packetLen/16;
167.             else:
168.                 numLinesAfter = (packetLen/16)+1;
169.     elif numLinesAfter > 0:
170.         parseLine(line,epRespList);
171.         numLinesAfter -= 1;
172.         if numLinesAfter == 0:
173.             responseListMaster.append(epRespList[:]);
174.             epRespList[:] = []; # Clears
175.  
176. inputFile.close();
177.  
178. if remDups:
179.    responseListFinal = findDups(responseListMaster);
180. else:
181.    responseListFinal = responseListMaster;
182.  
183. if output == 0:
184.     printVar(responseListFinal);
185. elif output == 1:
186.     printLine(responseListFinal);