Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to detect simple patterns #263

Closed
martonilles opened this issue Feb 22, 2022 · 3 comments
Closed

Add ability to detect simple patterns #263

martonilles opened this issue Feb 22, 2022 · 3 comments
Milestone
v3.0 - discoverin...

Comments

@martonilles
Copy link
Contributor

This could help manual analysis process and could useful hints to the user.

It would be also interesting to easily add some special pattern detection, especially for unknown chunks to help identifying parts.
Some examples;

  • entropy detection with customized chunk size for better accuracy
  • padding detection (all 0x00/0xff)
  • reoccuring pattern detection

We would need some simple way to include simple patterns (like yara rules, magic detection etc.).

In these cases we need just detection, no extraction is required.
@martonilles martonilles added this to the v3.0 milestone Feb 22, 2022
@martonilles martonilles mentioned this issue Mar 11, 2022
Closed
@qkaiser
Copy link
Contributor

qkaiser commented Apr 25, 2023

I experimented a bit with this earlier this month. It's visible at https://github.com/onekey-sec/unblob/tree/padding-auto-id

Have a look when you got time :)

@qkaiser qkaiser mentioned this issue Aug 11, 2023
Closed
@qkaiser
Copy link
Contributor

qkaiser commented Dec 24, 2023

Rebased the https://github.com/onekey-sec/unblob/tree/padding-auto-id branch, expect some more work soon.

@qkaiser
Copy link
Contributor

qkaiser commented Jan 3, 2024

Implemented by #697

@qkaiser qkaiser closed this as completed Jan 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.0 - discovering unknowns
Development

No branches or pull requests
2 participants
@qkaiser @martonilles