Phoenix TDK Packer Extractor v2.0_a6

Dramatically increase TDK Packer base offset detection speed Applied regex pattern improvements
2025-05-13 06:34:42 -04:00 · 2022-05-24 14:36:46 +03:00 · 2022-05-24 14:36:46 +03:00 · aea54aeaad
commit aea54aeaad
parent 8b561640db
3 changed files with 29 additions and 15 deletions
--- a/common/patterns.py
+++ b/common/patterns.py
@ -7,13 +7,13 @@ Copyright (C) 2022 Plato Mavropoulos

 import re

-PAT_AMI_PFAT = re.compile(b'_AMIPFAT.AMI_BIOS_GUARD_FLASH_CONFIGURATIONS', re.DOTALL)
+PAT_AMI_PFAT = re.compile(br'_AMIPFAT.AMI_BIOS_GUARD_FLASH_CONFIGURATIONS', re.DOTALL)
 PAT_AMI_UCP = re.compile(br'@(UAF|HPU).{12}@', re.DOTALL)
 PAT_DELL_FTR = re.compile(br'\xEE\xAA\xEE\x8F\x49\x1B\xE8\xAE\x14\x37\x90')
 PAT_DELL_HDR = re.compile(br'\xEE\xAA\x76\x1B\xEC\xBB\x20\xF1\xE6\x51.\x78\x9C', re.DOTALL)
 PAT_DELL_PKG = re.compile(br'\x72\x13\x55\x00.{45}7zXZ', re.DOTALL)
 PAT_INTEL_ENG = re.compile(br'\x04\x00{3}[\xA1\xE1]\x00{3}.{8}\x86\x80.{9}\x00\$((MN2)|(MAN))', re.DOTALL)
 PAT_MICROSOFT_MZ = re.compile(br'MZ')
-PAT_MICROSOFT_PE = re.compile(br'PE\x00\x00')
+PAT_MICROSOFT_PE = re.compile(br'PE\x00{2}')
 PAT_PHOENIX_TDK = re.compile(br'\$PACK\x00{3}..\x00{2}.\x00{3}', re.DOTALL)
-PAT_PORTWELL_EFI = re.compile(br'<UU>')
+PAT_PORTWELL_EFI = re.compile(br'<U{2}>')