From owner-svn-src-head@freebsd.org Fri Jan 13 02:14:34 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B2FE5CADE7B; Fri, 13 Jan 2017 02:14:34 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DBC71D22; Fri, 13 Jan 2017 02:14:33 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-wm0-f67.google.com with SMTP id l2so8152421wml.2; Thu, 12 Jan 2017 18:14:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=V6OhUDID8fGQshKAzzuBzrTiN26ycTptzCvZYOl2mDs=; b=E2c9t+nKRn4xFU8YAtOr17xahS8hz7uSvP/zvgFIgaD14B4pYytNtG52lQJlUYHBqI lPtrOXsz1Ag0JQGrD1nzB5qwEaV8fk9C0B+6TFlPrKyO7uaoUJUNkc6bnH75KBOSymfH MwIMkIeA9O06X/B7QfeBx4cyrPpA7gQEkY36F7aDfg3TjcvxzPLiOTbv5gvWF63WC7rK R4YAjz84LwfzLJNRLoSIFqDB+Q5FXlEUTHxhB/bJgAqsDsOxX+9K6LvJNjtpaaWKHmcl hIZ5irVLKZeC8zU6SPAU0RPfe9amPAp17THujQVd4lED4DRtw5cQ9P9EFD6OXIKkztuq kgbg== X-Gm-Message-State: AIkVDXKMsT3hZ4sZjFESdsi7xC0pbCcgn0vTe2LG9iLhUl7dqc6h1Kxz2/xWk7BIwa2rRw== X-Received: by 10.223.151.138 with SMTP id s10mr9594601wrb.65.1484273671947; Thu, 12 Jan 2017 18:14:31 -0800 (PST) Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com. [74.125.82.54]) by smtp.gmail.com with ESMTPSA id e14sm516447wmd.14.2017.01.12.18.14.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Jan 2017 18:14:31 -0800 (PST) Received: by mail-wm0-f54.google.com with SMTP id c85so45758897wmi.1; Thu, 12 Jan 2017 18:14:31 -0800 (PST) X-Received: by 10.28.6.210 with SMTP id 201mr223428wmg.85.1484273671619; Thu, 12 Jan 2017 18:14:31 -0800 (PST) MIME-Version: 1.0 Reply-To: cem@freebsd.org Received: by 10.194.29.72 with HTTP; Thu, 12 Jan 2017 18:14:31 -0800 (PST) In-Reply-To: <201701130212.v0D2Cw0j092852@repo.freebsd.org> References: <201701130212.v0D2Cw0j092852@repo.freebsd.org> From: Conrad Meyer Date: Thu, 12 Jan 2017 18:14:31 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r312003 - head/usr.sbin/fstyp To: svn-src-head@freebsd.org Cc: src-committers , svn-src-all@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2017 02:14:34 -0000 Forgot to mention: Documentation: https://www.sans.org/reading-room/whitepapers/forensics/reverse-engineering-microsoft-exfat-file-system-33274 Images for testing: http://www.cfreds.nist.gov/dfr-test-images.html (raw disk images, include partition tables) On Thu, Jan 12, 2017 at 6:12 PM, Conrad E. Meyer wrote: > Author: cem > Date: Fri Jan 13 02:12:58 2017 > New Revision: 312003 > URL: https://svnweb.freebsd.org/changeset/base/312003 > > Log: > fstyp(8): Detect exFAT filesystems > > Simply detect the exFAT filesystem name in the Volume Boot Record > (superblock). > > PR: 214908 > Reported by: > > Added: > head/usr.sbin/fstyp/exfat.c (contents, props changed) > Modified: > head/usr.sbin/fstyp/Makefile > head/usr.sbin/fstyp/fstyp.8 > head/usr.sbin/fstyp/fstyp.c > head/usr.sbin/fstyp/fstyp.h > > Modified: head/usr.sbin/fstyp/Makefile > ============================================================================== > --- head/usr.sbin/fstyp/Makefile Fri Jan 13 02:11:16 2017 (r312002) > +++ head/usr.sbin/fstyp/Makefile Fri Jan 13 02:12:58 2017 (r312003) > @@ -3,7 +3,7 @@ > .include > > PROG= fstyp > -SRCS= cd9660.c ext2fs.c fstyp.c geli.c msdosfs.c ntfs.c ufs.c > +SRCS= cd9660.c exfat.c ext2fs.c fstyp.c geli.c msdosfs.c ntfs.c ufs.c > > .if ${MK_ZFS} != "no" > SRCS += zfs.c > > Added: head/usr.sbin/fstyp/exfat.c > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/usr.sbin/fstyp/exfat.c Fri Jan 13 02:12:58 2017 (r312003) > @@ -0,0 +1,77 @@ > +/* > + * Copyright (c) 2017 Conrad Meyer > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in the > + * documentation and/or other materials provided with the distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY > + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > + * SUCH DAMAGE. > + */ > + > +#include > +__FBSDID("$FreeBSD$"); > + > +#include > +#include > +#include > +#include > + > +#include "fstyp.h" > + > +struct exfat_vbr { > + char ev_jmp[3]; > + char ev_fsname[8]; > + char ev_zeros[53]; > + uint64_t ev_part_offset; > + uint64_t ev_vol_length; > + uint32_t ev_fat_offset; > + uint32_t ev_fat_length; > + uint32_t ev_cluster_offset; > + uint32_t ev_cluster_count; > + uint32_t ev_rootdir_cluster; > + uint32_t ev_vol_serial; > + uint16_t ev_fs_revision; > + uint16_t ev_vol_flags; > + uint8_t ev_log_bytes_per_sect; > + uint8_t ev_log_sect_per_clust; > + uint8_t ev_num_fats; > + uint8_t ev_drive_sel; > + uint8_t ev_percent_used; > +} __packed; > + > +int > +fstyp_exfat(FILE *fp, char *label, size_t size) > +{ > + struct exfat_vbr *ev; > + > + ev = (struct exfat_vbr *)read_buf(fp, 0, 512); > + if (ev == NULL || strncmp(ev->ev_fsname, "EXFAT ", 8) != 0) > + goto fail; > + > + /* > + * Reading the volume label requires walking the root directory to look > + * for a special label file. Left as an exercise for the reader. > + */ > + free(ev); > + return (0); > + > +fail: > + free(ev); > + return (1); > +} > > Modified: head/usr.sbin/fstyp/fstyp.8 > ============================================================================== > --- head/usr.sbin/fstyp/fstyp.8 Fri Jan 13 02:11:16 2017 (r312002) > +++ head/usr.sbin/fstyp/fstyp.8 Fri Jan 13 02:12:58 2017 (r312003) > @@ -27,7 +27,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd February 28, 2016 > +.Dd January 12, 2017 > .Dt FSTYP 8 > .Os > .Sh NAME > @@ -43,7 +43,7 @@ > The > .Nm > utility is used to determine the filesystem type on a given device. > -It can recognize ISO-9660, Ext2, FAT, NTFS, and UFS filesystems. > +It can recognize ISO-9660, exFAT, Ext2, FAT, NTFS, and UFS filesystems. > When the > .Fl u > flag is specified, > @@ -61,6 +61,8 @@ as, respectively: > .It > cd9660 > .It > +exfat > +.It > ext2fs > .It > geli > > Modified: head/usr.sbin/fstyp/fstyp.c > ============================================================================== > --- head/usr.sbin/fstyp/fstyp.c Fri Jan 13 02:11:16 2017 (r312002) > +++ head/usr.sbin/fstyp/fstyp.c Fri Jan 13 02:12:58 2017 (r312003) > @@ -57,6 +57,7 @@ static struct { > bool unmountable; > } fstypes[] = { > { "cd9660", &fstyp_cd9660, false }, > + { "exfat", &fstyp_exfat, true }, > { "ext2fs", &fstyp_ext2fs, false }, > { "geli", &fstyp_geli, true }, > { "msdosfs", &fstyp_msdosfs, false }, > > Modified: head/usr.sbin/fstyp/fstyp.h > ============================================================================== > --- head/usr.sbin/fstyp/fstyp.h Fri Jan 13 02:11:16 2017 (r312002) > +++ head/usr.sbin/fstyp/fstyp.h Fri Jan 13 02:12:58 2017 (r312003) > @@ -39,6 +39,7 @@ char *checked_strdup(const char *s); > void rtrim(char *label, size_t size); > > int fstyp_cd9660(FILE *fp, char *label, size_t size); > +int fstyp_exfat(FILE *fp, char *label, size_t size); > int fstyp_ext2fs(FILE *fp, char *label, size_t size); > int fstyp_geli(FILE *fp, char *label, size_t size); > int fstyp_msdosfs(FILE *fp, char *label, size_t size); >