Getchoo is a tool for parsing and extracting Cisco ASDM SGZ files. The SGZ file is hosted on the Cisco ASA's HTTP server and is downloaded/executed by the ASDM launcher at runtime. Researchers can either download the SGZ from an ASA at http://address/admin/pdm.sgz or extract the file from an ASDM binary package using theway.
The SGZ contains a lot of files. For example, the following file types are found in the pdm.sgz from 7.18.1:
albinolobster@ubuntu:~/getchoo/build/tmp$ find . -type f | sed -n 's/..*\.//p' | sort | uniq -c
13472 class
6 jar
1 prop
4 properties
3 txtBelow is an example of parsing the pdm.sgz from 7.18.1 that was extracted by theway:
albinolobster@ubuntu:~/getchoo/build$ ./getchoo ~/theway/build/output/pdm.sgz
MM'"""""`MM dP dP
M' .mmm. `M 88 88
M MMMMMMMM .d8888b. d8888P .d8888b. 88d888b. .d8888b. .d8888b.
M MMM `M 88ooood8 88 88' `"" 88' `88 88' `88 88' `88
M. `MMM' .M 88. ... 88 88. ... 88 88 88. .88 88. .88
MM. .MM `88888P' dP `88888P' dP dP `88888P' `88888P'
MMMMMMMMMMM
jbaines-r7 🦞
[+] File read. Size: 35855937
[+] Fingerprint: 2021CF9700264C3B20F18ACADA5AD950
[+] Unpacking to out.lzma
[+] End of lzma file extraction
[+] Decompressing to out
[+] Loading the decompressed file
[+] Creating ./tmp/ to write files into
[+] Creating tmp/SIGNATURE
[+] Creating tmp/env.properties
[+] Creating tmp/com/cisco/pdm/PDMApplet.class
[+] Creating tmp/hp.class
[+] Creating tmp/je.class
[+] Creating tmp/hu.class
[+] Creating tmp/go.class
[+] Creating tmp/hv.class
[+] Creating tmp/a4j.class
[+] Creating tmp/a4k.class
[+] Creating tmp/com/cisco/dmcommon/util/DMCommonEnv.class
[+] Creating tmp/org/apache/log4j/Category.class
[+] Creating tmp/f3.class
[+] Creating tmp/f2.class
[+] Creating tmp/f5.class
[+] Creating tmp/dfh.class
[+] Creating tmp/gb.class
[+] Creating tmp/dfi.class
[+] Creating tmp/f4.class
[+] Creating tmp/gc.class
[+] Creating tmp/dfj.class
[+] Creating tmp/b81.class
[+] Creating tmp/dij.class
... truncated ...