Good Ol' Oledump

Nothing quite like getting a Microsoft file to inspect and using a good old faithful tool, but in some cases it take more than a couple commands to get what you want. 

So I happened upon a request recently where I needed to quickly extract all the Macros from an XLSM file. One way would be to open the file in excel and just copy all the scripts out of it one by one using good old copy/paste, but I wanted something a little more elegant and it's been a while since I had to use any of my scripting skills so I went to work. Now keep in mind, I'm not much of a developer so I just wanted something to automate the macro extractions quickly and dirtily.  

Oledump only requires a couple steps to inspect a typical MS excel file:

1. Inspect the file to find the interesting contents:
2. Extract each interesting content to a file that can be inspected further
3. Profit! (or review and edit!)

But if there's 80+ macros in the file, we can use some simple bash scripting techniques to extract the files automatically. 

oledump.py <pathToFile/.xlsm> > oledump-summary.txt

Once you have the summary file, review it to find any contents with Macros (denoted with an M). Results may look similar to this:

• A: xl/vbaProject.bin
•  A1:        97 'FormSelectDate/\x01CompObj'
•  A2:       260 'FormSelectDate/\x03VBFrame'
•  A3:       263 'FormSelectDate/f'
•  A4:       364 'FormSelectDate/o'
•  A5:      1929 'PROJECT'
•  A6:       785 'PROJECTwm'
•  A7: M   30019 'VBA/SomeScript'

Then you can rifle through those items quickly with some simple bash scripting

for x in {2..6}; do python3 oledump.py -s A$x <pathToFile/.xlsm>  > <pathToResults>/oledump-A$x.txt; done  

(include -v for VBA compression - i.e. if there are VB Macros)

Now you should have a folder full of excel macros that you can safely review using your favorite file editor

Here's a list of some of the oledump parameters - it's useful for way more filetypes than just Excel

(run python3 oledump.py --help to get a full list)

•   -s SELECT, --select=SELECT
•                         select item nr for dumping (a for all)
•   -d, --dump            perform dump
•   -x, --hexdump         perform hex dump
•   -a, --asciidump       perform ascii dump
•   -A, --asciidumprle    perform ascii dump with RLE
•   -S, --strings         perform strings dump
•   -T, --headtail        do head & tail
•   -v, --vbadecompress   VBA decompression

I have done other weird stuff in the past with oledump to inspect and decompile outlook messages, but this simple script was still fun.  

Look forward to more technical posts in the future, but for now stay warm and keep learning!

Cheers

Null Modem Cables in a pinch

Ever have that issue where you are trying to connect to a serial device with a USB serial to console cable but the ends don't connect - if you're smart you might have adapters in your serial kit to get around this issue.  But if you're like me and a little less than prepared, you might be out of luck ... that is unless you hoard cables and happen to have a couple old Cisco terminal cables and some ethernet jacks laying around

Introducing the over engineered Null Modem Cisco cable adapter!

The way it works is pretty simple math:

A standard Serial DB9 to RJ45 Null modem connection requires the following pin mapping. 

DB9	RJ45
1	not used
2	3
3	6
4	7
5	4 & 5
6	2
7	8
8	1
9	not used

Each Cisco cable is wired this way but when you connect two of them together the pinouts cancel each other out which technically makes it a standard straight through serial connection, so in order for this hack to work the RJ45 ends needs to re-enable this pinout.  

So I went to work and carefully mapped the RJ45 ethernet jacks as shown, then connected each end of the Cisco cable to the USB to serial adapter connected to my computer and serial port on the target device. I was amazed to discover it worked, I now had local console access and could interact with the device.   

In the meantime I was looking on line and there are several inexpensive serial adapters available for order from the local electronics store that are intended to avoid all this hassle, but it wasn't really an option as I had limited time to complete the necessary work and couldn't leave my desk to go get them.  

This was a super fun project that helped me solve a work problem and let me think outside the box a little. I would recommend trying this hack out only if you're in a similar pinch and happen to have old cisco cables and ethernet jacks kicking around. I ended up purchasing the correct adapters after the fact, and who knows when I'll need them again, but chances are I'll never forget to keep them handy in case I do.

Money

 

Seems like the price of everything is going up and I don't know what to make of it. There's only so much of it we can make and I've never seen it grow on trees before, but wow I sure wish it did!

Start the year off with a positive attitude and make the most of the money you got because it goes faster than it comes.

Cheers

Love

As the Sublime song goes....

Lovin' is what I got
I said, remember that
Lovin' is what I got
And remember that
Lovin' is what I got
I said, remember that
Lovin' is what I got
(I got, I got, I got)

I don't have much to say this month but I think this says it all, we got to be nice to each other, and keep love in our hearts.  The holiday season always helps me stay more positive but listening to music like this masterpiece can bring me back anytime of the year.

Well, life is too short, so love the one you got
'Cause you might get run over, or you might get shot
Never start no static, I just get it off my chest
Never had to battle with no bulletproof vest
Take a small example, take a tip from me
Take all of your money, give it all to charity

Peace out and Happy New Year!