lain/YACBA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
YACBA/extract_dump.sh
Lain Iwakura 30f65e05d8
Some checks failed
Build YACBA ISO / build-iso (push) Failing after 1m10s
Details
added ci/cd + iso
2025-06-22 21:51:00 +03:00

76 lines
2.4 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
if [ $# -ne 1 ]; then
echo "Использование: $0 /dev/sdX"
echo "Где /dev/sdX - флешка с дампом"
exit 1
fi
DEVICE=$1
DATA_PARTITION="${DEVICE}2"
OUTPUT_FILE="memdump_$(date +%Y%m%d_%H%M%S).bin"
if [ ! -b "$DEVICE" ]; then
echo "[-] Устройство $DEVICE не найдено"
exit 1
fi
if [ ! -b "$DATA_PARTITION" ]; then
echo "[-] Раздел данных $DATA_PARTITION не найден"
echo "[*] Проверьте что флешка создана правильно"
exit 1
fi
echo "=== YACBA Dump Extractor ==="
echo "[*] Извлекаю дамп с $DATA_PARTITION"
echo "[*] Читаю заголовок дампа..."
HEADER_FILE=$(mktemp)
sudo dd if=$DATA_PARTITION of=$HEADER_FILE bs=512 count=1 2>/dev/null
# Проверяем магическую сигнатуру YACBA
if ! grep -q "YACBA" "$HEADER_FILE" 2>/dev/null; then
echo "[-] Неверная сигнатура дампа. Возможно флешка не использовалась."
rm -f "$HEADER_FILE"
exit 1
fi
DUMP_SIZE=$(hexdump -s 8 -n 4 -e '1/4 "%u"' "$HEADER_FILE" 2>/dev/null || echo "0")
SECTORS_COUNT=$(hexdump -s 12 -n 4 -e '1/4 "%u"' "$HEADER_FILE" 2>/dev/null || echo "2048")
rm -f "$HEADER_FILE"
echo "[*] Размер дампа: $DUMP_SIZE байт"
echo "[*] Секторов данных: $SECTORS_COUNT"
echo "[*] Копирую дамп памяти..."
sudo dd if=$DATA_PARTITION of=$OUTPUT_FILE bs=512 skip=1 count=$SECTORS_COUNT status=progress 2>/dev/null
if [ ! -f "$OUTPUT_FILE" ]; then
echo "[-] Ошибка извлечения дампа"
exit 1
fi
SIZE=$(stat -f%z "$OUTPUT_FILE" 2>/dev/null || stat -c%s "$OUTPUT_FILE" 2>/dev/null)
echo "[+] Дамп извлечен: $OUTPUT_FILE"
echo "[*] Размер: $SIZE байт"
echo ""
echo "=== Быстрый анализ ==="
echo "[*] Поиск текстовых строк..."
strings "$OUTPUT_FILE" | grep -E "(pass|login|key|token)" | head -10
echo ""
echo "[*] Поиск IP адресов..."
strings "$OUTPUT_FILE" | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | head -5
echo ""
echo "[*] Поиск email адресов..."
strings "$OUTPUT_FILE" | grep -E "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}" | head -5
echo ""
echo "=== Команды для анализа ==="
echo "hexdump -C $OUTPUT_FILE | less"
echo "strings $OUTPUT_FILE | grep -i password"
echo "binwalk $OUTPUT_FILE"
echo "file $OUTPUT_FILE"
Reference in New Issue View Git Blame Copy Permalink