Skip to content

Releases: laura240406/ruminant

v0.0.37

Choose a tag to compare

@laura240406 laura240406 released this 14 Jun 19:24
4addcb3

Full Changelog: v0.0.36...v0.0.37

Highlights:

  • added 3DS files support, specifically support for:
    • NCSD files
    • NCCH files
    • SMDH files
    • DARC files
  • added MIDI file support
  • added binary STL file support
  • added EFI signature lists support (look into /sys/firmware/efi/efivars for db or dbx)
  • added qoi image file support
  • fixed the project URLs
  • reformatted the whole code base to a 128 character line length
  • wrote doc strings for Buf
  • added types to most of the code
  • fixed the 7/8 chance that the bzip2 module crashes
  • added android boot image version 0 support
  • made the zeroes module faster
  • added Google 3D stuff to MP4 and MKV
  • added Samsung Voice Recorder metadata support
  • yeeted the GUI module
  • fixed a tempfile bug on Windows
  • added Dirac support
  • reworked the MP4 mdat extraction to actually decode the first frame of each stream
    • this currently includes H.264 and AV1 streams
  • various bug fixes

v0.0.36

Choose a tag to compare

@laura240406 laura240406 released this 08 May 16:10
96e73ec

Full Changelog: v0.0.35...v0.0.36

Highlights:

  • added argon2-cffi as a recommended dependency
    • currently only used in the KDBX module but could be used in the LUKS module
    • a fallback in Python would be insanely slow
  • fixed multiple mmap bugs
    • now it just retries without it
  • added more DNSSEC related stuff thanks to the DENIC fuckup
  • added KDBX decryption support
  • added PE Valve header detection
  • more ISOBMFF boxes support
  • reworked AVC and HEVC boxes a bit
  • added ESDS parsing to ISOBMFF

v0.0.35

Choose a tag to compare

@laura240406 laura240406 released this 26 Apr 20:00
79dbfda

Full Changelog: v0.0.34...v0.0.35

This is a small bugfix release as one commit seems to have broken a lot of code.
Also, the OTS files are kinda redundant as PyPI releases cannot be changed so I'll stop adding them.

v0.0.34

Choose a tag to compare

@laura240406 laura240406 released this 25 Apr 10:11
eb44847

Full Changelog: v0.0.33...v0.0.34

Highlights:

  • added ICO file support
  • added MP3 file support
    • including the ID3v1/ID3v1.1 metadata trailer
  • removed a redundant recommended dependency
  • added IPv4 packet reassembly support
  • added subsystem to parse UDP packets
    • added DNS support as a test
      • it can parse the following RRs: A, OPT, SOA, AAAA, MX, TXT, CAA, DNSKEY, RRSIG, HTTPS, NS, SSHFP, OPENPGPKEY and SRV
      • this includes DNSSEC keys :D
      • also, the OPENPGPKEY stuff is also chewed again
  • added the Filter attribute to the pcapng module
  • added "Destination Unreachable" types to the ICMP parser
  • added more types to the ICMPv6 parser
  • added some Canon specific ISOBMFF boxes support
    • this is silly since Canon embeds a JPEG image with Exif metadata inside MOV files that then contain a MakerNote
  • added sigstore OIDs
  • fixed a typo in the tests
  • make all unraws short

v0.0.33

Choose a tag to compare

@laura240406 laura240406 released this 12 Apr 20:28
f24a3c0

Full Changelog: v0.0.32...v0.0.33

We're at 30k LoC now 🥳

Highlights:

  • added pcapng file support
    • including many protocols like:
      • IPv4
      • IPv6
      • ARP
      • UDP
      • TCP
      • ICMP
      • ICMPv6
      • LLDP
      • IGMP
  • added OpenStreetMap protobuf file support
    • still kinda rough but it should be able to parse most of the hull
  • changed name of the dependency extra from recommended to full
    • running pip install ruminant[full] installs all optional dependencies
  • added cryptography functions
    • AES
    • AES-XTS-PLAIN64 mode
    • Poly1305
    • ChaCha20
    • ChaCha20-Poly1305
    • HKDF
    • Bech32
    • Curve25519
  • added --slim mode that doesn't output unnecessary whitespace in the JSON
  • added the secret subsystem to supply passwords/keys
  • added age decryption support
    • specifically the scrypt and x25519 stanzas
  • added Apple CgBI PNG support
  • added cryptography tests
  • added LUKS aes-xts-plain64 decryption support
  • added ZipCrypto decryption support
  • added IWA file support (found in Apple Pages files)

v0.0.32

Choose a tag to compare

@laura240406 laura240406 released this 23 Mar 06:37
93719dc

Full Changelog: v0.0.31...v0.0.32

Highlights:

  • some PS3/PS4 SELF stuff support
  • Microsoft cabinet support
  • btrfs stream support
  • Duck IVF video support
  • Apple binary plist support
  • GGUF support
  • added guard against failed GUI module import if tkinter is missing
  • fixed silly bug in the vbmeta alignment logic
  • added guard against broken PDF files with invalid object sizes
  • fixed PDF value reading
  • added PE resources support
  • fixed MS-DOS stub detection and added the non-newline version
  • added PE import/export table support
  • added PE TLS table support
  • removed blend module again as it's not stable
  • added more audio/video formats to ISOBMFF

v0.0.31

Choose a tag to compare

@laura240406 laura240406 released this 20 Feb 21:37
a11cc63

Full Changelog: v0.0.30...v0.0.31

Highlights:

  • ZIP encryption support
  • Java jmod support
  • xz file support
  • UF2 file support
  • Android adb backup file support
  • Java serialization data file support
  • Safetensors file support
  • moar comments
  • added RUMINANT_DEBUG_MODE environment flag
  • code restructuring
  • --version argument

v0.0.30

Choose a tag to compare

@laura240406 laura240406 released this 09 Jan 19:31
d6c9155

Yes, I may have been stupid and typed 30 instead of 20.
Oh well, too late.

Full Changelog: v0.0.19...v0.0.30

Highlights:

  • PDP-11 a.out file support
  • OpenTimestamps proof file support
    • there will be OTS proofs attached to releases starting from this one
  • code formatting is now done using a custom ruff
  • added GUI mode with --gui
    • the tkinter part was written by a clanka, I know, I'm sorry
  • new ID3v2 tag support
  • Java module support
  • more ZIP field support
  • added new OIDs
  • added test subsystem
    • run with --self-test
  • we're at 25k LoC now yay

v0.0.19

Choose a tag to compare

@laura240406 laura240406 released this 23 Dec 12:10
f9424d0

Full Changelog: v0.0.18...v0.0.19

Highlights:

  • APK signature block (v2+) parsing in ZIP files
  • Intel microcode public key and signature detection and extraction
  • EXR/OpenEXR file support
  • Android vbmeta support
    • vbmeta partition images
    • vbmeta partition footers
  • wrote more usage information in README.md
  • added built-in downloader so you don't need to do curl ... | ruminant anymore
    • also added option to automatically strip URLs of things that might harm metadata (e.g. &format=webp)
  • Android boot image support
  • FLAC seek table support
  • HTTP framed mjpeg stream support
  • more PEM key formats support
  • age drand tlock support
  • LUKS v1 support
  • PDF fixes so less valid files crash
    • also finally support UTF-16 string extraction
  • more Adobe Photoshop support
    • e.g. paths, which I found in an image published by the DPRK (i.e. North Korea)
    • small side note: I've only ever encountered image from one specific Hasselblad camera, it seems like they really only have one professional camera besides some phone cameras
  • fixed obscure ICC profile edge case for one curve formula
    • I've only found one file so far that uses a color profile with that formula
    • it was a scan of the blueprints of the AK-47 published by The Gatalog, which was scanned on some obscure scanner
  • fixed early-terminated XMP XML parsing where ruminant would hang if the XML wasn't closed properly
  • fixed a bunch of the Java class parsing code
    • it can now fully disassemble Minecraft JARs
  • created the utils.unpack_flags function to more cleanly unpack bit vectors of flags
  • added Minecraft chunk data cleaning that removes the raw block section data and heightmaps
    • added the extra_ctx infrastructure so the Minecraft region file module can signal that the NBT data is a chunk
  • added Minecraft server list icon parsing
    • you can now run ruminant servers.dat in your Minecraft directory and it will parse the cached PNG icons
  • fixed huge performance problem with the Git module
    • it did buf.rzs() in the identify function, which sucks if you run ruminant on something like /dev/sda1, where it could end up reading the whole drive into memory if it doesn't contain any zero bytes
    • the walk mode was also insanely slow
  • added more OIDs
  • added Android keybox XML parsing to the generic XML parser
  • added Android attestation CBOR parsing to the generic DER parser

Merry Christmas!

v0.0.18

Choose a tag to compare

@laura240406 laura240406 released this 06 Nov 03:47
30e89ce

Full Changelog: v0.0.17...v0.0.18

Highlights:

  • new file formats:
    • zstd streams
      • unpacking requires Python 3.14+ or the pyzstd or the backports.zstd package
    • zlib streams
    • ar archives
    • cpio archives
    • age encrypted files
    • LUKS v2 headers
      • this is why I added the proper file detection code so I can do ruminant /dev/sda1 to dump my LUKS parameters
    • SSH signatures
    • DICOM files
    • Java class files
      • this includes a whole Java bytecode disassembler :D
      • you can actually fully disassemble a Minecraft JAR now, which is cool imo
    • ELF files
      • including various sections and symbol demangling
      • the demangling code actually comes from the WASM module btw
    • PE files
      • including Authenticode signature extraction and Grub 2 modules from Grub 2 EFI images made with grub-mkstandalone
    • Minecraft NBT files
    • Minecraft region files (the .mca ones)
    • Grub 2 modules
    • SPIR-V shader binary files
    • basic support for Blender files (very incomplete but doesn't crash randomly so it doesn't have the dev flag)
    • Git object files
    • Intel microcode files
  • new --print-modules argument to print all registered modules
  • all modules now have a description associated with them that describes what they handle
  • all modules have an optional dev flag that only enables them if the RUMINANT_DEV_MODE environment variable is defined if the dev flag is True
    • this is for modules that are in development and most likely broken, here be dragons
  • the file detection logic now relies on exceptions so you can do stuff like ruminant /dev/sda
  • fixed gzip source field for the generic case
  • fixed gzip crash when the crc was missing
  • PDF fix for when all pointers are offset by a constant amount
  • added Apple-specific annotation metadata support for PDFs
  • added proper detection for blobs that are empty and blobs that contain only zeroes
  • added more OIDs related to DICOM and DSA
  • added more PGP packet types
  • made the style script a lot faster by only running it on changed files