Chrysalide

Module pychrysalide.plugins.kaitai

Documentation

kaitai is a module trying to reverse some of the effects produced by ProGuard.

Its action is focused on reverting name obfuscation by running binary diffing against OpenSource packages from the AOSP.

Sub modules

Classes

KaitaiArray
KaitaiParser
KaitaiScope
KaitaiStream
MatchRecord

Class KaitaiArray

KaitaiArray defines an array for collecting various Kaitai items.

Instances can be created using following constructor:

KaitaiArray()

In this implementation, arrays do not have to carry items all belonging to the same type. Access and conversions to bytes are handled and checked at runtime.

Hierarchy

builtins.object
 ╰── gi._gi.GObject
      ╰── pychrysalide.plugins.kaitai.KaitaiArray

Methods

__bytes__(self)

Provide a bytes representation of the array, when possible and without implementing the Python buffer protocol.

THe result is bytes or a TypeError exception is raised if the array is not suitable for a conversion to bytes.

Class KaitaiParser

KaitaiParser is the class providing support for parsing binary contents using a special declarative language.

It is the Python bindings for a C implementation of the specifications described at http://kaitai.io/.

Hierarchy

builtins.object
 ╰── gi._gi.GObject
      ╰── pychrysalide.plugins.kaitai.KaitaiParser

Known subclasses:

Class KaitaiScope

The KaitaiScope object stores a local environment which freezes a particular state of the Kaitai parser. It allows the dynamic resolving of values contained in a Kaitai expression.

Instances can be created using the following constructor:

KaitaiScope(meta)

Where meta is a KaitaiMeta instance pointing to global information about the Kaitai definition.

Hierarchy

builtins.object
 ╰── pychrysalide.plugins.kaitai.KaitaiScope

Methods

find_sub_type(self, name)

Retrieve the type structure linked to a given name.

This name has to be a string.

The result is a known KaitaiType instance or None if the name has not been registered during the parsing.

remember_last_record(self, record)

Store a record as the last parsed record.

This record is expected to be a MatchRecord instance.

Attributes

last_record

Provide the last createdrecord for a parsed content.

The result is a MatchRecord instance or None.

parent_record

Provide the current parent record for a parsed content.

The result is a MatchRecord instance or None.

root_record

Provide the first record for a parsed content.

The result is a MatchRecord instance or None.

Class KaitaiStream

KaitaiStream collects all the information useful for the processing of binary data.

Instances can be created using following constructor:

KaitaiStream(content, pos)

Where content is a BinContent instance providing the processed data and pos defines the current reading location, as a vmpa value.

Hierarchy

builtins.object
 ╰── gi._gi.GObject
      ╰── pychrysalide.plugins.kaitai.KaitaiStream

Attributes

eof

Boolean value stating if the end of the stream has been reached or not.

Class MatchRecord

MatchRecord is an abstract class providing mainly location and raw data of an area which has matched a part of a binary content.

Hierarchy

builtins.object
 ╰── gi._gi.GObject
      ╰── pychrysalide.plugins.kaitai.MatchRecord

Known subclasses:

Attributes

content

BinContent instance linked to the match record.

creator

Provide or define the KaitaiParser instance which has created the record.

This field should not be defined after the record creation in most cases.

range

Area of the matched data for the parsed attribute against a given binary content.

This property is a mrange instance.

raw_bytes

Raw bytes from the area covered by the record.