Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support importing new NIST NSRL RDS version 3 format #1461

Closed
LuizFerrazBrazil opened this issue Dec 22, 2022 · 8 comments · Fixed by #1496
Closed

Support importing new NIST NSRL RDS version 3 format #1461

LuizFerrazBrazil opened this issue Dec 22, 2022 · 8 comments · Fixed by #1496
Assignees
@wladimirleite
Labels
enhancement
Projects
4.1

Comments

@LuizFerrazBrazil
Copy link

Dear Nassif, hello! How are you?

I would like your help about the use of the NIST/NSRL with the IPED (version >= 4.0.0). I read the https://github.com/sepinf-inc/IPED/wiki/User-Manual#hashes-database-version--400, but I yet have some doubts.

First, I downloaded the "RDS_2022.03.1_modern.zip (microcomputer applications from 2010 to present)" database. After, I updated this database with the SQL scripts published from NIST. Ok!

Questions:

a) Can I use directly in IPED the database NIST KFF (SQlite database)? Or first do I have to import that database to "iped-hashes.db"?

b) Considering that I need to import the database NIST (SQlite database) to "iped-hashes.db".
In Wiki, We have: "The main file "NSRLFile.txt" and the product file "NSRLProd.txt" must be present in the same folder to allow importing of this hash set."
What would the files "NSRLFile.txt" and "NSRLProd.txt". Sorry, I didn't understand that part.
@lfcnassif
Copy link
Member

Seems NIST changed the NSRL format from TXT files (RDS v2) to a SQLITE database (RDS v3):
https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/RDSv3_Docs/RDSv3.pdf

It was a recent change and it is still not supported by us (actually I just discovered it now).

I'm updating the title to track adding the new support to RDS v3.

@lfcnassif lfcnassif changed the title Questions about NIST/NSRL dabase with the IPED Support importing new NIST NSRL RDS version 3 format Dec 22, 2022
@LuizFerrazBrazil
Copy link
Author

Perfect! So, now, I will use the RDS v2.
Thanks for the quick answer!

@lfcnassif
Copy link
Member

From PDF above:

With the RDSv3 publication, it will also be possible for users to construct an RDSv2 like
publication from data included in the RDSv3 format. Data in the four core NSRL files in RDSv2,
NSRLFile.txt, NSRLMfg.txt, NSRLOS.txt, and NSRLProd.txt, will be stored in a set of four VIEWS in
the RDSv3 SQLite publication, known as FILE, MFG, OS, and PKG (these views are defined bellow
in the included RDSv3 database schema). The NSRL plans to provide a method for users to
convert an RDSv3 publication into an RDSv2 like publication, for those who are interested

So it seems quite easy to convert RDS v3 to old v2 format and import the newer NSRL hashset into the tool before we implement direct support for it.

@wladimirleite
Copy link
Member

It was a recent change and it is still not supported by us (actually I just discovered it now).
I'm updating the title to track adding the new support to RDS v3.

I was aware about this change.
It was announced a few months ago and currently the same data sets are available in the usual (v2) format.
From March/2023 only the SQLite (v3) format will be available, so there is still some time to implement this.

I can work in this issue.
My idea would be adding the NSRL SQLite as another format that can be imported in IPED's hashes DB.
Accessing it directly would be another possible solution, but I think it goes in the opposite direction of having a unified hashes DB.

@wladimirleite wladimirleite self-assigned this Dec 22, 2022
@lfcnassif
Copy link
Member

lfcnassif commented Dec 22, 2022
edited

Thank you @tc-wleite! I also think this is not urgent.

My idea would be adding the NSRL SQLite as another format that can be imported in IPED's hashes DB.

I totally agree.

currently the same data sets are available in the usual (v2) format.

Just found them now. @Winiciusf you can download the v2 format from UDF images of RDS 2.79 CDs section at https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl/nsrl-download/current-rds

@LuizFerrazBrazil
Copy link
Author

So it seems quite easy to convert RDS v3 to old v2 format and import the newer NSRL hashset into the tool before we implement direct support for it.

Great! I will try to perform this conversion this week.

@wladimirleite
Copy link
Member

Great! I will try to perform this conversion this week.

Hi @Winiciusf!
Not sure if it was already clear, but you don't need to do any conversion.
Just download and import the NSRL hash sets in the usual (v2) format:
https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/RDS_modern.iso
https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/RDS_android.iso
https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/current/RDS_ios.iso

@LuizFerrazBrazil
Copy link
Author

LuizFerrazBrazil commented Dec 22, 2022 via email

wladimirleite added a commit that referenced this issue Jan 27, 2023
@wladimirleite
'#1461: Identify NSRL V3 SQLite DB.
ceef6e4
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Adjust method names to use camel case.
ad9790b
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Read NSRL V3 SQLite records and insert into IPED hashes DB.
ecef531
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Minor fix handling invalid hashes.
bbd7262
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Combine sequential records with same hashes to speed up.
50815e9
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Include missing newline in the end of the file.
c93ae3c
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Fix a type in usage text.
36ca578
wladimirleite added a commit that referenced this issue Jan 28, 2023
@wladimirleite
'#1461: Do not add new (not very useful) properties, to avoid DB growth.
c48f710
@wladimirleite wladimirleite mentioned this issue Jan 28, 2023
Merged
@lfcnassif lfcnassif linked a pull request Jan 28, 2023 that will close this issue
Support NIST NSRL RDS v3 (#1461) #1496
Merged
@lfcnassif lfcnassif added this to To do in 4.1 via automation Feb 2, 2023
@lfcnassif lfcnassif moved this from To do to In progress in 4.1 Feb 2, 2023
4.1 automation moved this from In progress to Done Feb 3, 2023
wladimirleite added a commit that referenced this issue Feb 3, 2023
@wladimirleite
'#1461: Fix the progress bar for RDS V3 Full version.
c2bdf81
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wladimirleite wladimirleite

Labels
enhancement
Projects
No open projects
4.1
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support NIST NSRL RDS v3 (#1461) sepinf-inc/IPED
3 participants
@wladimirleite @lfcnassif @LuizFerrazBrazil