From 2aa3bfae5be8d2f0490c3ca55feac2a32d900035 Mon Sep 17 00:00:00 2001 From: Patrick Neumann Date: Mon, 30 Nov 2020 10:11:17 +0100 Subject: [PATCH] Added Nautilus scripts for os detection --- .../01-E01-find-installation-and-version | 175 +++++++++++++++ .../01-E01-find-installation-and-version | 211 ++++++++++++++++++ .../01-RAW-find-installation-and-version | 202 +++++++++++++++++ 3 files changed, 588 insertions(+) create mode 100755 home/lucifer/.local/share/nautilus/scripts/05a-Windows/01-E01-find-installation-and-version create mode 100755 home/lucifer/.local/share/nautilus/scripts/05b-macOS/01-E01-find-installation-and-version create mode 100755 home/lucifer/.local/share/nautilus/scripts/05c-Linux/01-RAW-find-installation-and-version diff --git a/home/lucifer/.local/share/nautilus/scripts/05a-Windows/01-E01-find-installation-and-version b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/01-E01-find-installation-and-version new file mode 100755 index 0000000..f559d51 --- /dev/null +++ b/home/lucifer/.local/share/nautilus/scripts/05a-Windows/01-E01-find-installation-and-version @@ -0,0 +1,175 @@ +#!/bin/bash +#=============================================================================== +# +# DIRECTORY: +# /home/*/.local/share/nautilus/scripts/05a-Windows/ +# OR +# /home/*/.gnome2/nautilus-sctipts/05a-Windows/ (deprecated) +# +# FILE: +# 01-E01-find-installation-and-version +# +# USAGE: +# Right click on a EWF image (.E01) and +# choose this nautilus script from the context menu. +# +# OPTIONS: +# none +# +# DESCRIPTION: +# Shows/stores partition with windows installation incl. version. +# +# REQUIREMENTS: +# bash, zenity, awk, sleuthkit, grep and libhivex-bin +# +# BUGS: +# --- +# +# NOTES: +# Tested on +# - Debian 8+ +# - Arch Linux +# +# AUTHOR: +# Patrick Neumann, patrick@neumannsland.de +# +# COMPANY: +# (privately) +# +# VERSION: +# 0.9 (beta) +# +# LINK TO THE MOST CURRENT VERSIONS: +# https:// +# +# CREATED: +# 21.03.2020 +# +# COPYRIGHT (C): +# 2015-2020 - Patrick Neumann +# +# LICENSE: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# WARRANTY: +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# TODO: +# ---- +# +# HISTORY: +# 0.9 - Patrick Neumann - Initial (public) release +# +#=============================================================================== + +#------------------------------------------------------------------------------- +# Additional supported Distribution(s) (add before Library!). +#------------------------------------------------------------------------------- +SUPPORTED_OSR="arch" + +#------------------------------------------------------------------------------- +# Check for library (casualscripter_nautilus-scripts_functions.sh). +#------------------------------------------------------------------------------- +readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh" +if [ ! -f "${LIBRARY}" ] ; then + zenity --error \ + --text \ + "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!" + exit 1 +fi + +source "${LIBRARY}" + +#------------------------------------------------------------------------------- +# Checks (see library "casualscripter_nautilus-scripts_functions.sh"). +#------------------------------------------------------------------------------- +check_dep "${AWK_BIN}" "awk" +check_dep "${FSSTAT_BIN}" "sleuthkit" +check_dep "${GREP_BIN}" "grep" +check_dep "${HIVEXGET_BIN}" "libhivex-bin" +check_dep "${ICAT_BIN}" "sleuthkit" +check_dep "${IFIND_BIN}" "sleuthkit" +check_dep "${MMLS_BIN}" "sleuthkit" + +check_ext "${SOURCE}" "[eE]01|dd|DD|raw|RAW|img|IMG" + +check_tmp + +#------------------------------------------------------------------------------- +# A little bit of configuration before the looping. +#------------------------------------------------------------------------------- +readonly SOFTWARE_HIVE="${TMP}/SOFTWARE.hive" +readonly WINDOWSVERSION="${TMP}/windowsversion.txt" + +#------------------------------------------------------------------------------- +# "The" loop... +#------------------------------------------------------------------------------- +if [ ! -f "${WINDOWSVERSION}" ] ; then + for offset in $( ${MMLS_BIN} -aM "${SOURCE}" \ + | ${GREP_BIN} --extended-regexp "^[[:digit:]]+:.*" \ + | ${AWK_BIN} '{ print $3; }' ) ; do + + echo -e -n "Partition (mmls line):\n " >> "${WINDOWSVERSION}" + ${MMLS_BIN} -aM "${SOURCE}" \ + | ${AWK_BIN} '$3=="'"${offset}"'" { print $0; }' \ + >> "${WINDOWSVERSION}" + + if ${FSSTAT_BIN} -o "${offset}" "${SOURCE}" > /dev/null 2>&1 ; then + software="$( ${IFIND_BIN} -o "${offset}" \ + -n "/Windows/System32/config/SOFTWARE" \ + "${SOURCE}" )" + if [ "${software}" != "File not found" ] ; then + if [ ! -f "${SOFTWARE_HIVE}" ] ; then + if ! ${ICAT_BIN} -o "${offset}" "${SOURCE}" "${software}" > "${SOFTWARE_HIVE}" ; then + echo " During the execution of icat an error occurred." >> "${WINDOWSVERSION}" + fi + fi + + echo -n " " >> "${WINDOWSVERSION}" + ${HIVEXGET_BIN} "${SOFTWARE_HIVE}" \ + 'Microsoft\Windows NT\CurrentVersion' \ + 'ProductName' >> "${WINDOWSVERSION}" + + # 32-Bit: "7601.17713.x86fre.win7sp1_gdr.111025-1505" + # 64-Bit: "7601.18247.amd64fre.win7sp1_gdr.130828-1532" + if ${HIVEXGET_BIN} "${SOFTWARE_HIVE}" \ + 'Microsoft\Windows NT\CurrentVersion' \ + 'BuildLabEx' \ + | ${GREP_BIN} --fixed-strings "amd64" > /dev/null 2>&1 ; then + echo " 64-Bit" >> "${WINDOWSVERSION}" + else + echo " 32-Bit" >> "${WINDOWSVERSION}" + fi + + echo -n " " >> "${WINDOWSVERSION}" + ${HIVEXGET_BIN} "${SOFTWARE_HIVE}" \ + 'Microsoft\Windows NT\CurrentVersion' \ + 'CSDVersion' >> "${WINDOWSVERSION}" 2>/dev/null + echo >> "${WINDOWSVERSION}" + else + echo -e " SOFTWARE hive not found.\n" >> "${WINDOWSVERSION}" + fi + else + echo -e " ? (The Sleuth Kit does not support the filesystem!)\n" >> "${WINDOWSVERSION}" + fi + done | ${ZENITY_BIN} --progress \ + --title="find_windows_installation_and_version" \ + --text="Please wait..." \ + --pulsate +fi + +#------------------------------------------------------------------------------- +# Display content of the resultfile "windowsversion.txt". +#------------------------------------------------------------------------------- +display_resultfile "${WINDOWSVERSION}" + +exit 0 diff --git a/home/lucifer/.local/share/nautilus/scripts/05b-macOS/01-E01-find-installation-and-version b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/01-E01-find-installation-and-version new file mode 100755 index 0000000..14ef2f4 --- /dev/null +++ b/home/lucifer/.local/share/nautilus/scripts/05b-macOS/01-E01-find-installation-and-version @@ -0,0 +1,211 @@ +#!/bin/bash +#=============================================================================== +# +# DIRECTORY: +# /home/*/.local/share/nautilus/scripts/05b-macOS/ +# OR +# /home/*/.gnome2/nautilus-sctipts/05b-macOS/ (deprecated) +# +# FILE: +# 01-E01-find-installation-and-version +# +# USAGE: +# Right klick on an EWF image (.E01) and +# choose this nautilus script from the context menu. +# +# OPTIONS: +# none +# +# DESCRIPTION: +# Shows/stores partition with macOS installation inkl. version. +# +# REQUIREMENTS: +# bash, zenity, awk, sleuthkit, grep and (my own) print_plist_entry.py +# +# BUGS: +# --- +# +# NOTES: +# Tested on +# - Debian 8+ +# - Arch Linux +# +# AUTHOR: +# Patrick Neumann, patrick@neumannsland.de +# +# COMPANY: +# (privately) +# +# VERSION: +# 0.9 (beta) +# +# LINK TO THE MOST CURRENT VERSIONS: +# https:// +# +# CREATED: +# 16.11.2020 +# +# COPYRIGHT (C): +# 2015-2020 - Patrick Neumann +# +# LICENSE: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# WARRANTY: +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# TODO: +# - ServerVersion.plist +# +# HISTORY: +# 0.9 - Patrick Neumann - Initial (public) release +# +#=============================================================================== + +#------------------------------------------------------------------------------- +# Additional supported Distribution(s) (add before Library!). +#------------------------------------------------------------------------------- +SUPPORTED_OSR="arch" + +#------------------------------------------------------------------------------- +# Check for library (casualscripter_nautilus-scripts_functions.sh). +#------------------------------------------------------------------------------- +readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh" +if [ ! -f "${LIBRARY}" ] ; then + zenity --error \ + --text \ + "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!" + exit 1 +fi + +source "${LIBRARY}" + +#------------------------------------------------------------------------------- +# Checks (see library "casualscripter_nautilus-scripts_functions.sh"). +#------------------------------------------------------------------------------- +check_dep "${AWK_BIN}" "awk" +check_dep "${FSSTAT_BIN}" "sleuthkit" +check_dep "${GREP_BIN}" "grep" +check_dep "${ICAT_BIN}" "sleuthkit" +check_dep "${IFIND_BIN}" "sleuthkit" +check_dep "${MMLS_BIN}" "sleuthkit" + +# https://raw.githubusercontent.com/casualscripter/debian-stuff +check_dep "${PPEPY_BIN}" "print_plist_entry.py" + +check_ext "${SOURCE}" "[eE]01" + +check_tmp + +#------------------------------------------------------------------------------- +# A little bit of configuration before the looping. +#------------------------------------------------------------------------------- +readonly SYSTEMVERSION_PLIST="${TMP}/SystemVersion.plist" +readonly MACOSVERSION="${TMP}/macOS-version.txt" + +#------------------------------------------------------------------------------- +# "The" loop... +#------------------------------------------------------------------------------- +if [ ! -f "${MACOSVERSION}" ] ; then + for offset in $( ${MMLS_BIN} -aM "${SOURCE}" \ + | ${GREP_BIN} --extended-regexp "^[[:digit:]]+:.*" \ + | ${AWK_BIN} '{ print $3; }' ) ; do + + echo -e -n "Partition (mmls line):\n " >> "${MACOSVERSION}" + ${MMLS_BIN} -aM "${SOURCE}" \ + | ${AWK_BIN} '$3=="'"${offset}"'" { print $0; }' \ + >> "${MACOSVERSION}" + + fsstat1="$( ${FSSTAT_BIN} -o "${offset}" "${SOURCE}" 2>/dev/null )" + ${FSSTAT_BIN} -o "${offset}" "${SOURCE}" + + # if file system type is known = hfs+ + if [ -n "${fsstat1}" ] ; then + # OS X and macOS (new) + systemversion="$( ${IFIND_BIN} -o "${offset}" \ + -n "/System/Library/CoreServices/SystemVersion.plist" \ + "${SOURCE}" )" + if [ "${systemversion}" = "File not found" ] ; then + # Mac OS X (older) + systemversion="$( ${IFIND_BIN} -o "${offset}" \ + -n "/System/CoreServices/SystemVersion.plist" \ + "${SOURCE}" )" + fi + + if [ "${systemversion}" != "File not found" ] ; then + if [ ! -f "${SYSTEMVERSION_PLIST}" ] ; then + if ! ${ICAT_BIN} -o "${offset}" "${SOURCE}" "${systemversion}" > "${SYSTEMVERSION_PLIST}" ; then + echo "During the execution of icat an error occurred." >> "${MACOSVERSION}" + fi + fi + + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductName >> "${MACOSVERSION}" + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductVersion >> "${MACOSVERSION}" + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductBuildVersion >> "${MACOSVERSION}" + echo >> "${MACOSVERSION}" + + else + echo -e " SystemVersion.plist not found.\n" >> "${MACOSVERSION}" + fi + + else + for block in $( ${PSTAT_BIN} -o "${offset}" "${SOURCE}" 2>/dev/null | ${AWK_BIN} '/APSB Block Number:/ { print $NF; }' ) ; do + fsstat11="$( ${FSSTAT_BIN} -o "${offset}" -B "${block}" "${SOURCE}" 2>/dev/null )" + # if file system type of a pool is known = apfs + ### TODO: short info about part of container instead of partition + if [ -n "${fsstat11}" ] ; then + + systemversion="$( ${IFIND_BIN} -o "${offset}" \ + -B "${block}" \ + -n "/System/Library/CoreServices/SystemVersion.plist" \ + "${SOURCE}" )" + + if [ "${systemversion}" != "File not found" ] ; then + if [ ! -f "${SYSTEMVERSION_PLIST}" ] ; then + if ! ${ICAT_BIN} -o "${offset}" -B "${block}" "${SOURCE}" "${systemversion}" > "${SYSTEMVERSION_PLIST}" ; then + echo "During the execution of icat an error occurred." >> "${MACOSVERSION}" + fi + fi + + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductName >> "${MACOSVERSION}" + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductVersion >> "${MACOSVERSION}" + echo -n " " >> "${MACOSVERSION}" + ${PPEPY_BIN} "${SYSTEMVERSION_PLIST}" ProductBuildVersion >> "${MACOSVERSION}" + echo >> "${MACOSVERSION}" + + else + echo -e " SystemVersion.plist not found.\n" >> "${MACOSVERSION}" + fi + + else + # file system is unknown! :-( + echo -e " ? (The Sleuth Kit does not support the filesystem!)\n" >> "${MACOSVERSION}" + fi + done + fi + done | ${ZENITY_BIN} --progress \ + --title="find-installation-and-version" \ + --text="Please wait..." \ + --pulsate +fi + +#------------------------------------------------------------------------------- +# Display content of the resultfile "macOS-version.txt". +#------------------------------------------------------------------------------- +display_resultfile "${MACOSVERSION}" + +exit 0 diff --git a/home/lucifer/.local/share/nautilus/scripts/05c-Linux/01-RAW-find-installation-and-version b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/01-RAW-find-installation-and-version new file mode 100755 index 0000000..19052e0 --- /dev/null +++ b/home/lucifer/.local/share/nautilus/scripts/05c-Linux/01-RAW-find-installation-and-version @@ -0,0 +1,202 @@ +#!/bin/bash +#=============================================================================== +# +# DIRECTORY: +# /home/*/.local/share/nautilus/scripts/05c-Linux/ +# OR +# /home/*/.gnome2/nautilus-sctipts/05c-Linux/ (deprecated) +# +# FILE: +# 01_RAW-find-installation-and-version +# +# USAGE: +# Right klick on a RAW image (.dd) and +# choose this nautilus script from the context menu. +# +# OPTIONS: +# none +# +# DESCRIPTION: +# Shows/stores partition with linux installation inkl. version. +# +# REQUIREMENTS: +# bash, zenity, coreutils, policykit-1|polkit, mount, grep and parted +# +# BUGS: +# --- +# +# NOTES: +# Tested on +# - Debian 8+ +# - Arch Linux +# +# AUTHOR: +# Patrick Neumann, patrick@neumannsland.de +# +# COMPANY: +# (privately) +# +# VERSION: +# 0.9 (beta) +# +# LINK TO THE MOST CURRENT VERSIONS: +# https:// +# +# CREATED: +# 06.06.2020 +# +# COPYRIGHT (C): +# 2015-2020 - Patrick Neumann +# +# LICENSE: +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# WARRANTY: +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# TODO: +# --- +# +# HISTORY: +# 0.9 - Patrick Neumann - Initial (public) release +# +#=============================================================================== + +#------------------------------------------------------------------------------- +# Additional supported Distribution(s) (add before Library!). +#------------------------------------------------------------------------------- +SUPPORTED_OSR="arch" + +#------------------------------------------------------------------------------- +# Check for library (casualscripter_nautilus-scripts_functions.sh). +#------------------------------------------------------------------------------- +readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh" +if [ ! -f "${LIBRARY}" ] ; then + zenity --error \ + --text \ + "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!" + exit 1 +fi + +source "${LIBRARY}" + +#------------------------------------------------------------------------------- +# Checks (see library "casualscripter_nautilus-scripts_functions.sh"). +#------------------------------------------------------------------------------- +# Because The Sleuth Kit does not support XFS and some other rare but important +# filesystems, the only choice is: +check_dep "${CAT_BIN}" "coreutils" +check_dep "${PKEXEC_BIN}" "policykit-1 (Debian) or polkit (Arch)" +check_dep "${MOUNT_BIN}" "mount" +check_dep "${UMOUNT_BIN}" "mount" +check_dep "${GREP_BIN}" "grep" +check_dep "${MKDIR_BIN}" "coreutils" +check_dep "${PARTED_BIN}" "parted" +check_dep "${CUT_BIN}" "coreutils" +check_dep "${RMDIR_BIN}" "coreutils" + +check_ext "${SOURCE}" "dd" + +check_tmp + +#------------------------------------------------------------------------------- +# Disable automount in gnome. +#------------------------------------------------------------------------------- +disable_gnome_automount +echo 1 +#------------------------------------------------------------------------------- +# Disable tracker (may interfere with later umount). +#------------------------------------------------------------------------------- +kill_all_tracker_processes +echo 2 +#------------------------------------------------------------------------------- +# Avoid unintended changes to the Image. +#------------------------------------------------------------------------------- +check_if_pwd_is_used_as_mountpoint +echo 3 +#------------------------------------------------------------------------------- +# A little bit of configuration before calling the shell script. +#------------------------------------------------------------------------------- +readonly LINUXVERSION="${TMP}/linuxversion.txt" +readonly MOUNTPOINT="${TMP}/singlepartition" +if [ ! -d "${MOUNTPOINT}" ] ; then + ${MKDIR_BIN} "${MOUNTPOINT}" +fi +echo 4 +#------------------------------------------------------------------------------- +# Take over the configuration from the wrapper. +#------------------------------------------------------------------------------- +readonly DISTRIBUTIONFILES="os-release \ +debian_version \ +slackware-version \ +arch-release \ +gentoo-release \ +fedora-release \ +redhat-release \ +SuSE-release \ +frugalware-release \ +altlinux-release \ +mandriva-release \ +meego-release \ +angstrom-version \ +mageia-release \ +lsb-release" + +#------------------------------------------------------------------------------- +# "The" loop... +#------------------------------------------------------------------------------- +while read PARTITION ; do + if echo "${PARTITION}" | ${GREP_BIN} --extended-regexp "^[[:digit:]]:.*" \ + > /dev/null 2>&1 ; then + OFFSETB="$( echo "${PARTITION}" | cut -d ":" -f 2 )" + OFFSET="${OFFSETB%B}" + if ${PKEXEC_BIN} ${MOUNT_BIN} --options loop,ro,offset="${OFFSET}" "${SOURCE}" "${MOUNTPOINT}" > /dev/null 2>&1 ; then + if [ -f "${MOUNTPOINT}/fstab" -a -f "${MOUNTPOINT}/hosts" -a -f "${MOUNTPOINT}/passwd" ] ; then + echo "/etc (partition) of a linux installation found in partition $( echo "${PARTITION}" | ${CUT_BIN} -d ":" -f 1 ):" >> "${LINUXVERSION}" + for FILE in ${DISTRIBUTIONFILES} ; do + if [ -f "${MOUNTPOINT}/${FILE}" ] ; then + echo "${FILE}:">> "${LINUXVERSION}" + ${CAT_BIN} "${MOUNTPOINT}/${FILE}" >> "${LINUXVERSION}" + echo >> "${LINUXVERSION}" + fi + done + fi + if [ -f "${MOUNTPOINT}/etc/fstab" -a -f "${MOUNTPOINT}/etc/hosts" -a -f "${MOUNTPOINT}/etc/passwd" ] ; then + echo "Linux installation (root) found in partition $( echo "${PARTITION}" | cut -d ":" -f 1 ):" >> "${LINUXVERSION}" + for FILE in ${DISTRIBUTIONFILES} ; do + if [ -f "${MOUNTPOINT}/etc/${FILE}" ] ; then + echo "/etc/${FILE}:" >> "${LINUXVERSION}" + ${CAT_BIN} "${MOUNTPOINT}/etc/${FILE}" >> "${LINUXVERSION}" + echo >> "${LINUXVERSION}" + fi + done + fi + ${PKEXEC_BIN} ${UMOUNT_BIN} "${MOUNTPOINT}" 2>/dev/null + fi + fi +done < <( ${PARTED_BIN} --script --machine "${SOURCE}" unit b print ) +echo 5 +#------------------------------------------------------------------------------- +# Unmount one partition after another... +#------------------------------------------------------------------------------- +while ${GREP_BIN} --fixed-strings "${MOUNTPOINT}" /proc/mounts > /dev/null 2>&1 ; do + ${PKEXEC_BIN} ${UMOUNT_BIN} "${MOUNTPOINT}" 2>/dev/null +done +echo 6 +${RMDIR_BIN} "${MOUNTPOINT}" +echo 7 +#------------------------------------------------------------------------------- +# Display content of the resultfile "osxversion.txt". +#------------------------------------------------------------------------------- +display_resultfile "${LINUXVERSION}" + +exit 0