prehistory
Ho ile ha etsahala hore seva se hlasetsoe ke kokoana-hloko ea ransomware, eo, ka "kotsi ea lehlohonolo," karolo e 'ngoe e ileng ea siea lifaele tsa .ibd (lifaele tse tala tsa data tsa litafole tsa innodb) li sa sebetse, empa ka nako e ts'oanang li kentse lifaele tsa .fpm ka ho feletseng ( sebopeho lifaele). Tabeng ena, .idb e ka aroloa ka:
- e itšetlehile ka ho tsosolosoa ka lisebelisoa tse tloaelehileng le litataiso. Bakeng sa maemo a joalo, ho na le e ntle haholo ;
- litafole tse kentsoeng ka mokhoa o itseng. Haholo-holo tsena ke litafole tse kholo, tseo (joalokaha ke utloisisa) bahlaseli ba ne ba se na RAM e lekaneng bakeng sa ho kenyelletsa ka botlalo;
- Hantle, litafole tse patiloeng ka botlalo tse ke keng tsa khutlisoa.
Ho ne ho ka khonahala ho tseba hore na litafole ke tsa khetho efe ka ho e bula feela ho mohlophisi ofe kapa ofe oa mongolo tlas'a khouto e lakatsehang (tabeng ea ka ke UTF8) le ho sheba feela faele bakeng sa boteng ba likarolo tsa mongolo, mohlala:
Hape, qalong ea faele u ka bona palo e kholo ea li-byte tse 0, 'me likokoana-hloko tse sebelisang algorithm ea "block encryption" (e tloaelehileng ka ho fetisisa) hangata li ama le tsona.
Tabeng ea ka, bahlaseli ba siile khoele ea 4-byte (1, 0, 0, 0) qetellong ea faele e 'ngoe le e' ngoe e patiloeng, e leng se nolofalitseng mosebetsi. Ho batla lifaele tse se nang tšoaetso, sengoloa se ne se lekane:
def opened(path):
files = os.listdir(path)
for f in files:
if os.path.isfile(path + f):
yield path + f
for full_path in opened("C:somepath"):
file = open(full_path, "rb")
last_string = ""
for line in file:
last_string = line
file.close()
if (last_string[len(last_string) -4:len(last_string)]) != (1, 0, 0, 0):
print(full_path)Kahoo, ho ile ha fumaneha hore lifaele tsa mofuta oa pele li fumaneha. Ea bobeli e akarelletsa mosebetsi o mongata oa matsoho, empa se fumanoeng se ne se se se lekane. Tsohle li ne li tla loka, empa u hloka ho tseba sebopeho se nepahetseng ka botlalo 'me (ehlile) ho ile ha hlaha nyeoe ea hore ke tlameha ho sebetsa le tafole e fetohang khafetsa. Ha ho motho ea neng a hopola hore na mofuta oa tšimo o fetotsoe kapa ho kentsoe kholomo e ncha.
Wilds City, ka bomalimabe, ha e khone ho thusa nyeoeng e joalo, ke ka lebaka leo sehlooho sena se ngotsoeng.
Fumana ntlha
Ho na le sebopeho sa tafole ho tloha likhoeling tse 3 tse fetileng se sa lumellaneng le sa hajoale (mohlomong tšimo e le 'ngoe, mohlomong le ho feta). Sebopeho sa tafole:
CREATE TABLE `table_1` (
`id` INT (11),
`date` DATETIME ,
`description` TEXT ,
`id_point` INT (11),
`id_user` INT (11),
`date_start` DATETIME ,
`date_finish` DATETIME ,
`photo` INT (1),
`id_client` INT (11),
`status` INT (1),
`lead__time` TIME ,
`sendstatus` TINYINT (4)
); Tabeng ena, o hloka ho kenyelletsa:
id_pointint(11);id_userint(11);date_startDATETIME;date_finishDATETIME.
Bakeng sa ho hlaphoheloa, tlhahlobo ea byte-byte ea faele ea .ibd e sebelisoa, e lateloa ke ho e fetolela ho foromo e baloang haholoanyane. Kaha ho fumana seo re se hlokang, re hloka feela ho hlahloba mefuta ea data e kang int le datatime, sehlooho se tla hlalosa feela, empa ka linako tse ling re tla boela re bue ka mefuta e meng ea data, e ka thusang liketsahalong tse ling tse tšoanang.
Bothata 1: masimo a nang le mefuta DATETIME le TEXT e ne e e-na le litekanyetso tsa NULL, 'me li tlōtsoe feela faeleng, ka lebaka la sena, ho ne ho sa khonehe ho fumana hore na mohaho o tla tsosolosoa joang tabeng ea ka. Likholomong tse ncha, boleng ba kamehla bo ne bo sa sebetse, 'me karolo ea transaction e ka lahleha ka lebaka la tlhophiso innodb_flush_log_at_trx_commit = 0, kahoo ho tla tlameha ho sebelisoa nako e eketsehileng ho fumana sebopeho.
Bothata 2: ho lokela ho hopoloa hore mela e hlakotsoeng ka DELETE kaofela e tla ba faeleng ea ibd, empa ka ALTER TABLE sebopeho sa bona se ke ke sa nchafatsoa. Ka lebaka leo, sebopeho sa data se ka fapana ho tloha qalong ea faele ho ea qetellong ea eona. Haeba hangata u sebelisa OPTIMIZE TABLE, ha ho na monyetla oa ho kopana le bothata bo joalo.
Ela hloko, mofuta oa DBMS o ama tsela eo data e bolokoang ka eona, 'me mohlala ona o kanna oa se sebetse liphetolelong tse ling tse kholo. Tabeng ea ka, ho ile ha sebelisoa phetolelo ea lifensetere ea mariadb 10.1.24. Hape, leha ho mariadb o sebetsa le litafole tsa InnoDB, ha e le hantle li joalo , e sa kenyelletseng ho sebetsa ha mokhoa ka InnoDB mysql.
Tlhahlobo ea faele
Ho python, mofuta oa data e bonts'a data ea Unicode sebakeng sa linomoro tse tloaelehileng. Leha o ka sheba faele ka foromo ena, molemong oa ho fetolela li-byte hore e be sebopeho sa linomoro ka ho fetolela lethathamo la li-byte hore e be tse tloaelehileng (lenane (mohlala_byte_array)). Leha ho le joalo, mekhoa ka bobeli e loketse ho hlahlojoa.
Kamora ho sheba lifaele tse 'maloa tsa ibd, u ka fumana tse latelang:
Ho feta moo, haeba u arola faele ka mantsoe ana a bohlokoa, u tla fumana boholo ba li-blocks tsa data. Re tla sebelisa infimum joalo ka karohano.
table = table.split("infimum".encode())Tlhokomeliso e khahlisang: bakeng sa litafole tse nang le data e nyane, lipakeng tsa infimum le supremum ho na le pointer ho palo ea mela e ka har'a block.
- tafole ea teko e nang le mola oa 1
- tafole ea teko e nang le mela e 2
Tafole ea mola [0] e ka tlokoa. Kamora ho e sheba, ke ne ke ntse ke sa khone ho fumana data e tala ea tafole. Mohlomong, block ena e sebelisetsoa ho boloka li-index le linotlolo.
Ho qala ka tafole[1] le ho e fetolela lethathamong la linomoro, u ka se u hlokometse lipaterone tse ling, e leng:
Tsena ke boleng ba int bo bolokiloeng ka khoele. Byte ea pele e bontša hore na palo e ntle kapa e mpe. Tabeng ea ka, lipalo tsohle li ntle. Ho tsoa ho li-byte tse 3 tse setseng, u ka tseba palo u sebelisa ts'ebetso e latelang. Script:
def find_int(val: str): # example '128, 1, 2, 3'
val = [int(v) for v in val.split(", ")]
result_int = val[1]*256**2 + val[2]*256*1 + val[3]
return result_intKa mohlala, 128, 0, 0, 1 = 1kapa 128, 0, 75, 108 = 19308.
Tafole e ne e e-na le senotlolo sa mantlha se nang le increment, 'me e ka fumanoa le mona
Kamora ho bapisa lintlha tse tsoang litafoleng tsa liteko, ho ile ha senoloa hore ntho ea DATETIME e na le li-byte tse 5 mme e qalile ka 153 (mohlomong e bonts'a linako tsa selemo). Kaha mefuta ea DATTIME ke '1000-01-01' ho '9999-12-31', ke nahana hore palo ea li-byte e ka fapana, empa tabeng ea ka, data e oela nakong ea 2016 ho isa 2019, kahoo re tla nahana. hore li-byte tse 5 tse lekaneng.
Ho fumana nako ntle le metsotsoana, mesebetsi e latelang e ngotsoe. Script:
day_ = lambda x: x % 64 // 2 # {x,x,X,x,x }
def hour_(x1, x2): # {x,x,X1,X2,x}
if x1 % 2 == 0:
return x2 // 16
elif x1 % 2 == 1:
return x2 // 16 + 16
else:
raise ValueError
min_ = lambda x1, x2: (x1 % 16) * 4 + (x2 // 64) # {x,x,x,X1,X2}Ho ne ho sa khonehe ho ngola mosebetsi o sebetsang bakeng sa selemo le khoeli, kahoo ke ile ka tlameha ho o senya. Script:
ym_list = {'2016, 1': '153, 152, 64', '2016, 2': '153, 152, 128',
'2016, 3': '153, 152, 192', '2016, 4': '153, 153, 0',
'2016, 5': '153, 153, 64', '2016, 6': '153, 153, 128',
'2016, 7': '153, 153, 192', '2016, 8': '153, 154, 0',
'2016, 9': '153, 154, 64', '2016, 10': '153, 154, 128',
'2016, 11': '153, 154, 192', '2016, 12': '153, 155, 0',
'2017, 1': '153, 155, 128', '2017, 2': '153, 155, 192',
'2017, 3': '153, 156, 0', '2017, 4': '153, 156, 64',
'2017, 5': '153, 156, 128', '2017, 6': '153, 156, 192',
'2017, 7': '153, 157, 0', '2017, 8': '153, 157, 64',
'2017, 9': '153, 157, 128', '2017, 10': '153, 157, 192',
'2017, 11': '153, 158, 0', '2017, 12': '153, 158, 64',
'2018, 1': '153, 158, 192', '2018, 2': '153, 159, 0',
'2018, 3': '153, 159, 64', '2018, 4': '153, 159, 128',
'2018, 5': '153, 159, 192', '2018, 6': '153, 160, 0',
'2018, 7': '153, 160, 64', '2018, 8': '153, 160, 128',
'2018, 9': '153, 160, 192', '2018, 10': '153, 161, 0',
'2018, 11': '153, 161, 64', '2018, 12': '153, 161, 128',
'2019, 1': '153, 162, 0', '2019, 2': '153, 162, 64',
'2019, 3': '153, 162, 128', '2019, 4': '153, 162, 192',
'2019, 5': '153, 163, 0', '2019, 6': '153, 163, 64',
'2019, 7': '153, 163, 128', '2019, 8': '153, 163, 192',
'2019, 9': '153, 164, 0', '2019, 10': '153, 164, 64',
'2019, 11': '153, 164, 128', '2019, 12': '153, 164, 192',
'2020, 1': '153, 165, 64', '2020, 2': '153, 165, 128',
'2020, 3': '153, 165, 192','2020, 4': '153, 166, 0',
'2020, 5': '153, 166, 64', '2020, 6': '153, 1, 128',
'2020, 7': '153, 166, 192', '2020, 8': '153, 167, 0',
'2020, 9': '153, 167, 64','2020, 10': '153, 167, 128',
'2020, 11': '153, 167, 192', '2020, 12': '153, 168, 0'}
def year_month(x1, x2): # {x,X,X,x,x }
for key, value in ym_list.items():
key = [int(k) for k in key.replace("'", "").split(", ")]
value = [int(v) for v in value.split(", ")]
if x1 == value[1] and x2 // 64 == value[2] // 64:
return key
return 0, 0Ke na le bonnete ba hore haeba u qeta nako e ngata, ho se utloisisane hona ho ka lokisoa.
Ka mor'a moo, ts'ebetso e khutlisetsang ntho ea datetime ho tloha khoele. Script:
def find_data_time(val:str):
val = [int(v) for v in val.split(", ")]
day = day_(val[2])
hour = hour_(val[2], val[3])
minutes = min_(val[3], val[4])
year, month = year_month(val[1], val[2])
return datetime(year, month, day, hour, minutes)E khona ho bona litekanyetso tse phetoang khafetsa ho tloha ho int, int, datetime, datetime , ho bonahala eka sena ke seo u se hlokang. Ho feta moo, tatellano e joalo ha e phetoa habeli ka mola.
Re sebelisa polelo e tloaelehileng, re fumana lintlha tse hlokahalang:
fined = re.findall(r'128, d*, d*, d*, 128, d*, d*, d*, 153, 1[6,5,4,3]d, d*, d*, d*, 153, 1[6,5,4,3]d, d*, d*, d*', int_array)Ka kopo elelloa hore ha u batla ho sebelisa polelo ena, ho ke ke ha khoneha ho tseba boleng ba NULL masimong a hlokahalang, empa molemong oa ka sena ha se bohlokoa. Ebe re feta ka seo re se fumaneng ka loop. Script:
result = []
for val in fined:
pre_result = []
bd_int = re.findall(r"128, d*, d*, d*", val)
bd_date= re.findall(r"(153, 1[6,5,4,3]d, d*, d*, d*)", val)
for it in bd_int:
pre_result.append(find_int(bd_int[it]))
for bd in bd_date:
pre_result.append(find_data_time(bd))
result.append(pre_result)Haele hantle, ke phetho, datha tse tsoang sehlopheng sa sephetho ke data eo re e hlokang. ###PS.###
Kea utloisisa hore mokhoa ona ha o loketse motho e mong le e mong, empa sepheo se seholo sa sehlooho ke ho potlakela ho nka khato ho e-na le ho rarolla mathata ohle a hau. Ke nahana hore tharollo e nepahetseng ka ho fetisisa e ka ba ho qala ho ithuta khoutu ea mohloli ka bouena , empa ka lebaka la nako e lekanyelitsoeng, mokhoa oa hona joale o ne o bonahala o le lebelo ka ho fetisisa.
Maemong a mang, ka mor'a ho hlahloba faele, u tla khona ho tseba hore na mohaho o batla o le hokae le ho o tsosolosa o sebelisa e 'ngoe ea mekhoa e tloaelehileng ho tloha lihokelong tse ka holimo. Sena se tla ba se nepahetseng haholoanyane mme se baka mathata a fokolang.
Source: www.habr.com