Releases: laura240406/ruminant
Releases · laura240406/ruminant
Release list
v0.0.37
Full Changelog: v0.0.36...v0.0.37
Highlights:
- added 3DS files support, specifically support for:
- NCSD files
- NCCH files
- SMDH files
- DARC files
- added MIDI file support
- added binary STL file support
- added EFI signature lists support (look into /sys/firmware/efi/efivars for db or dbx)
- added qoi image file support
- fixed the project URLs
- reformatted the whole code base to a 128 character line length
- wrote doc strings for Buf
- added types to most of the code
- fixed the 7/8 chance that the bzip2 module crashes
- added android boot image version 0 support
- made the zeroes module faster
- added Google 3D stuff to MP4 and MKV
- added Samsung Voice Recorder metadata support
- yeeted the GUI module
- fixed a tempfile bug on Windows
- added Dirac support
- reworked the MP4 mdat extraction to actually decode the first frame of each stream
- this currently includes H.264 and AV1 streams
- various bug fixes
v0.0.36
Full Changelog: v0.0.35...v0.0.36
Highlights:
- added argon2-cffi as a recommended dependency
- currently only used in the KDBX module but could be used in the LUKS module
- a fallback in Python would be insanely slow
- fixed multiple mmap bugs
- now it just retries without it
- added more DNSSEC related stuff thanks to the DENIC fuckup
- added KDBX decryption support
- added PE Valve header detection
- more ISOBMFF boxes support
- reworked AVC and HEVC boxes a bit
- added ESDS parsing to ISOBMFF
v0.0.35
Full Changelog: v0.0.34...v0.0.35
This is a small bugfix release as one commit seems to have broken a lot of code.
Also, the OTS files are kinda redundant as PyPI releases cannot be changed so I'll stop adding them.
v0.0.34
Full Changelog: v0.0.33...v0.0.34
Highlights:
- added ICO file support
- added MP3 file support
- including the ID3v1/ID3v1.1 metadata trailer
- removed a redundant recommended dependency
- added IPv4 packet reassembly support
- added subsystem to parse UDP packets
- added DNS support as a test
- it can parse the following RRs: A, OPT, SOA, AAAA, MX, TXT, CAA, DNSKEY, RRSIG, HTTPS, NS, SSHFP, OPENPGPKEY and SRV
- this includes DNSSEC keys :D
- also, the OPENPGPKEY stuff is also chewed again
- added DNS support as a test
- added the Filter attribute to the pcapng module
- added "Destination Unreachable" types to the ICMP parser
- added more types to the ICMPv6 parser
- added some Canon specific ISOBMFF boxes support
- this is silly since Canon embeds a JPEG image with Exif metadata inside MOV files that then contain a MakerNote
- added sigstore OIDs
- fixed a typo in the tests
- make all unraws short
v0.0.33
Full Changelog: v0.0.32...v0.0.33
We're at 30k LoC now 🥳
Highlights:
- added pcapng file support
- including many protocols like:
- IPv4
- IPv6
- ARP
- UDP
- TCP
- ICMP
- ICMPv6
- LLDP
- IGMP
- including many protocols like:
- added OpenStreetMap protobuf file support
- still kinda rough but it should be able to parse most of the hull
- changed name of the dependency extra from recommended to full
- running
pip install ruminant[full]installs all optional dependencies
- running
- added cryptography functions
- AES
- AES-XTS-PLAIN64 mode
- Poly1305
- ChaCha20
- ChaCha20-Poly1305
- HKDF
- Bech32
- Curve25519
- added --slim mode that doesn't output unnecessary whitespace in the JSON
- added the secret subsystem to supply passwords/keys
- added age decryption support
- specifically the scrypt and x25519 stanzas
- added Apple CgBI PNG support
- added cryptography tests
- added LUKS aes-xts-plain64 decryption support
- added ZipCrypto decryption support
- added IWA file support (found in Apple Pages files)
v0.0.32
Full Changelog: v0.0.31...v0.0.32
Highlights:
- some PS3/PS4 SELF stuff support
- Microsoft cabinet support
- btrfs stream support
- Duck IVF video support
- Apple binary plist support
- GGUF support
- added guard against failed GUI module import if tkinter is missing
- fixed silly bug in the vbmeta alignment logic
- added guard against broken PDF files with invalid object sizes
- fixed PDF value reading
- added PE resources support
- fixed MS-DOS stub detection and added the non-newline version
- added PE import/export table support
- added PE TLS table support
- removed blend module again as it's not stable
- added more audio/video formats to ISOBMFF
v0.0.31
Full Changelog: v0.0.30...v0.0.31
Highlights:
- ZIP encryption support
- Java jmod support
- xz file support
- UF2 file support
- Android adb backup file support
- Java serialization data file support
- Safetensors file support
- moar comments
- added RUMINANT_DEBUG_MODE environment flag
- code restructuring
- --version argument
v0.0.30
Yes, I may have been stupid and typed 30 instead of 20.
Oh well, too late.
Full Changelog: v0.0.19...v0.0.30
Highlights:
- PDP-11 a.out file support
- OpenTimestamps proof file support
- there will be OTS proofs attached to releases starting from this one
- code formatting is now done using a custom ruff
- added GUI mode with
--gui- the tkinter part was written by a clanka, I know, I'm sorry
- new ID3v2 tag support
- Java module support
- more ZIP field support
- added new OIDs
- added test subsystem
- run with
--self-test
- run with
- we're at 25k LoC now yay
v0.0.19
Full Changelog: v0.0.18...v0.0.19
Highlights:
- APK signature block (v2+) parsing in ZIP files
- Intel microcode public key and signature detection and extraction
- EXR/OpenEXR file support
- Android vbmeta support
- vbmeta partition images
- vbmeta partition footers
- wrote more usage information in README.md
- added built-in downloader so you don't need to do
curl ... | ruminantanymore- also added option to automatically strip URLs of things that might harm metadata (e.g.
&format=webp)
- also added option to automatically strip URLs of things that might harm metadata (e.g.
- Android boot image support
- FLAC seek table support
- HTTP framed mjpeg stream support
- more PEM key formats support
- age drand tlock support
- LUKS v1 support
- PDF fixes so less valid files crash
- also finally support UTF-16 string extraction
- more Adobe Photoshop support
- e.g. paths, which I found in an image published by the DPRK (i.e. North Korea)
- small side note: I've only ever encountered image from one specific Hasselblad camera, it seems like they really only have one professional camera besides some phone cameras
- fixed obscure ICC profile edge case for one curve formula
- I've only found one file so far that uses a color profile with that formula
- it was a scan of the blueprints of the AK-47 published by The Gatalog, which was scanned on some obscure scanner
- fixed early-terminated XMP XML parsing where ruminant would hang if the XML wasn't closed properly
- fixed a bunch of the Java class parsing code
- it can now fully disassemble Minecraft JARs
- created the
utils.unpack_flagsfunction to more cleanly unpack bit vectors of flags - added Minecraft chunk data cleaning that removes the raw block section data and heightmaps
- added the extra_ctx infrastructure so the Minecraft region file module can signal that the NBT data is a chunk
- added Minecraft server list icon parsing
- you can now run
ruminant servers.datin your Minecraft directory and it will parse the cached PNG icons
- you can now run
- fixed huge performance problem with the Git module
- it did
buf.rzs()in theidentifyfunction, which sucks if you run ruminant on something like/dev/sda1, where it could end up reading the whole drive into memory if it doesn't contain any zero bytes - the walk mode was also insanely slow
- it did
- added more OIDs
- added Android keybox XML parsing to the generic XML parser
- added Android attestation CBOR parsing to the generic DER parser
Merry Christmas!
v0.0.18
Full Changelog: v0.0.17...v0.0.18
Highlights:
- new file formats:
- zstd streams
- unpacking requires Python 3.14+ or the pyzstd or the backports.zstd package
- zlib streams
- ar archives
- cpio archives
- age encrypted files
- both armored and raw
- also supports the tlock extensions (see https://timevault.drand.love/)
- LUKS v2 headers
- this is why I added the proper file detection code so I can do
ruminant /dev/sda1to dump my LUKS parameters
- this is why I added the proper file detection code so I can do
- SSH signatures
- DICOM files
- Java class files
- this includes a whole Java bytecode disassembler :D
- you can actually fully disassemble a Minecraft JAR now, which is cool imo
- ELF files
- including various sections and symbol demangling
- the demangling code actually comes from the WASM module btw
- PE files
- including Authenticode signature extraction and Grub 2 modules from Grub 2 EFI images made with
grub-mkstandalone
- including Authenticode signature extraction and Grub 2 modules from Grub 2 EFI images made with
- Minecraft NBT files
- Minecraft region files (the .mca ones)
- Grub 2 modules
- SPIR-V shader binary files
- basic support for Blender files (very incomplete but doesn't crash randomly so it doesn't have the dev flag)
- Git object files
- Intel microcode files
- zstd streams
- new
--print-modulesargument to print all registered modules - all modules now have a description associated with them that describes what they handle
- all modules have an optional
devflag that only enables them if theRUMINANT_DEV_MODEenvironment variable is defined if the dev flag is True- this is for modules that are in development and most likely broken, here be dragons
- the file detection logic now relies on exceptions so you can do stuff like
ruminant /dev/sda - fixed gzip source field for the generic case
- fixed gzip crash when the crc was missing
- PDF fix for when all pointers are offset by a constant amount
- this is an actual issue, see the PDF of Signal's statement on chat control: https://signal.org/blog/pdfs/germany-chat-control.pdf
- added Apple-specific annotation metadata support for PDFs
- added proper detection for blobs that are empty and blobs that contain only zeroes
- added more OIDs related to DICOM and DSA
- added more PGP packet types
- made the style script a lot faster by only running it on changed files