/rdpieces

The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images

Primary LanguagePerlGNU Lesser General Public License v3.0LGPL-3.0

BriMor Labs

RDPieces.pl

This script will parse extracted RDP Bitmap Cache directory(ies) and attempt to rebuild some of the screenshots automatically. A user is required to extract the bmp files already, best done by using the script from https://github.com/ANSSI-FR/bmc-tools

(NOTE November 15, 2020: There is a bug with the "bmc-tools" script in that the data within the header of the output bitmap file size is four bytes too small. A modified version of the bmc-tools script that fixes this issue will be uploaded here, I recommend using this version until the bmc-tools script is updated)

Usage example: rdpieces.pl -source "RDPBitmapFiles" -output "Rebuilt Images"

SUPPORTED PLATFORMS:

  • Windows
  • macOS
  • *nix

REQUIREMENTS:

  • Needs output from ANSSI bmc-tools Python script (use Python 2)
  • May require some additional Perl modules
  • On Windows, highly suggest using Strawberry Perl
  • Users must have Imagemagick installed on their system, as that program does most of the heavy lifting. Please visit https://imagemagick.org and install imagemagick if you have not done so already

Test-Cache-Files.zip

This contains a total of three RDP Bitmap Cache file that you can use for testing. Many thanks to Kat Hedley (https://twitter.com/4enzikat0r) for providing them!