├── README.md
└── pattern


/README.md:
--------------------------------------------------------------------------------
 1 | # Pattern - a reimplementation of pattern\_create/pattern\_offset in Python
 2 | Metasploit comes with multiple very convenient scripts and utilities. Among
 3 | the most valuable for me are pattern_create and pattern_offset. I found it
 4 | increasingly annoying that both have a relatively long startup time.
 5 | 
 6 | So after I overheard one of my colleagues complaining about this as well,
 7 | I quickly hacked together a Python version that basically does the same.
 8 | ## Usage
 9 | ```
10 | $ ./pattern
11 | Usage: pattern (create | offset) <value> <buflen>
12 | ```
13 | So, to create a 2048 byte pattern you run
14 | ```
15 | $ ./pattern create 2048
16 | Aa0Aa1Aa2[...snip...]p7Cp8Cp9Cq0Cq1Cq
17 | ```
18 | and it outputs a unique pattern of said length. To find an offset in the
19 | buffer, let's say f9Cg, you run
20 | ```
21 | $ ./pattern offset f9Cg
22 | 1738
23 | ```
24 | and the program returns the offset until the requested series. You can also
25 | look for memory values. The values need to be little-endian and prefixed
26 | with 0x:
27 | ```
28 | $ ./pattern offset 0x67433966
29 | 1738
30 | ```
31 | To make sure the program works as close to the Metasploit version as possible,
32 | the offset mode searches through a 8192 byte pattern, just like pattern_offset.
33 | If your pattern is longer than that, append the pattern length:
34 | ```
35 | $ ./pattern offset 9Mc0
36 | Not found
37 | $ ./pattern offset 9Mc0 10000
38 | 9419
39 | ```
40 | ## Todo
41 | - bad characters support for pattern creation
42 | - partial matches
43 | 
44 | 


--------------------------------------------------------------------------------
/pattern:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | import sys
 3 | import struct
 4 | 
 5 | def print_help():
 6 |     print 'Usage: %s (create | offset) <value> <buflen>' % sys.argv[0]
 7 | 
 8 | def pattern_create(length = 8192):
 9 |     pattern = ''
10 |     parts = ['A', 'a', '0']
11 |     try:
12 |         if not isinstance(length, (int, long)) and length.startswith('0x'):
13 |             length = int(length, 16)
14 |         elif not isinstance(length, (int, long)):
15 |             length = int(length, 10)
16 |     except ValueError:
17 |         print_help()
18 |         sys.exit(254)
19 |     while len(pattern) != length:
20 |         pattern += parts[len(pattern) % 3]
21 |         if len(pattern) % 3 == 0:
22 |             parts[2] = chr(ord(parts[2]) + 1)
23 |             if parts[2] > '9':
24 |                 parts[2] = '0'
25 |                 parts[1] = chr(ord(parts[1]) + 1)
26 |                 if parts[1] > 'z':
27 |                     parts[1] = 'a'
28 |                     parts[0] = chr(ord(parts[0]) + 1)
29 |                     if parts[0] > 'Z':
30 |                         parts[0] = 'A'
31 |     return pattern
32 | 
33 | def pattern_offset(value, length = 8192):
34 |     try:
35 |         if not isinstance(value, (int, long)) and value.startswith('0x'):
36 |             value = struct.pack('<I', int(value, 16)).strip('\x00')
37 |     except ValueError:
38 |         print_help()
39 |         sys.exit(254)
40 |     pattern = pattern_create(length)
41 |     try:
42 |         return pattern.index(value)
43 |     except ValueError:
44 |         return 'Not found'
45 | 
46 | def main():
47 |     if len(sys.argv) < 3 or sys.argv[1].lower() not in ['create', 'offset']:
48 |         print_help()
49 |         sys.exit(255)
50 | 
51 |     command = sys.argv[1].lower()
52 |     num_value = sys.argv[2]
53 | 
54 |     if command == 'create':
55 |         print pattern_create(num_value)
56 |     elif len(sys.argv) == 4:
57 |         print pattern_offset(num_value, sys.argv[3])  
58 | 
59 | if __name__ == '__main__':
60 |     main()
61 | 


--------------------------------------------------------------------------------