Added math keyword; added BSD2.x file system signature.

src/bin/binwalk

@@ -517,8 +517,8 @@ def main():
 		pass
 	except IOError:
 		pass
-	except Exception as e:
-		print("Unexpected error: %s" % str(e))
+#	except Exception as e:
+#		print("Unexpected error: %s" % str(e))
 
 	bwalk.cleanup()
 

src/binwalk/magic/binwalk

@@ -1648,12 +1648,24 @@
 0       string        KDMV             VMware4 disk image
 
 #--------------------------------------------------------------------
-# Qemu Emulator Images
+# Qemu Emulator Image
 # Lines written by Friedrich Schwittay ([email protected])
 # Updated by Adam Buchbinder ([email protected])
 # Made by reading sources, reading documentation, and doing trial and error
 # on existing QCOW files
-0       string        QFI\xFB QEMU QCOW Image
+0       string		QFI\xFB QEMU QCOW Image
+
+# BSD 2.x file system image; used in RetroBSD for PIC32.
+0		string		FS\x3C\x3C		BSD 2.x filesystem,
+>1020	string		!\x3E\x3EFS		invalid (missing FSMAGIC2),
+>8		lelong		x				size: {math:%d*1024} bytes,
+>8		lelong		x				\b{file-size:%d*1024}
+>8		lelong		x				\b{jump-to-offset:%d*1024}
+>8		lelong		x				total blocks: %d,
+>972	lelong		x				free blocks: %d,
+>968	ledate		x				last modified: %s
+>980	byte		!0
+>>980	string		x				\b, last mounted on: "%s"
 
 
 #--------------------------Firmware Formats---------------------------

src/binwalk/smartsignature.py

@@ -28,6 +28,7 @@ class SmartSignature:
 		'delay'			: '%sextract-delay:' % KEYWORD_DELIM_START,
 		'year'			: '%sfile-year:' % KEYWORD_DELIM_START,
 		'epoch'			: '%sfile-epoch:' % KEYWORD_DELIM_START,
+		'math'		: '%smath:' % KEYWORD_DELIM_START,
 
 		'raw-replace'		: '%sraw-replace%s' % (KEYWORD_DELIM_START, KEYWORD_DELIM_END),
 		'one-of-many'		: '%sone-of-many%s' % (KEYWORD_DELIM_START, KEYWORD_DELIM_END),
@@ -77,6 +78,9 @@ def parse(self, data):
 		if self.ignore_smart_signatures or not self._is_valid(data):
 			results['description'] = data
 		else:
+			# Calculate and replace math keyword values
+			data = self._replace_maths(data)
+
 			# Parse the offset-adjust value. This is used to adjust the reported offset at which 
 			# a signature was located due to the fact that MagicParser.match expects all signatures
 			# to be located at offset 0, which some wil not be.
@@ -216,6 +220,22 @@ def _jump(self, data):
 
 		return offset
 
+	def _replace_maths(self, data):
+		'''
+		Replace math keywords with the requested values.
+			
+		@data - String result data.
+
+		Returns the modified string result data.
+		'''
+		while self.KEYWORDS['math'] in data:
+			arg = self._get_keyword_arg(data, 'math')
+			v = '%s%s%s' % (self.KEYWORDS['math'], arg, self.KEYWORD_DELIM_END)
+			math_value = "%d" % self._get_math_arg(data, 'math')
+			data = data.replace(v, math_value)
+
+		return data
+
 	def _parse_raw_strings(self, data):
 		'''
 		Process strings that aren't NULL byte terminated, but for which we know the string length.

src/magic/filesystems

@@ -550,10 +550,22 @@
 0       string        KDMV             VMware4 disk image
 
 #--------------------------------------------------------------------
-# Qemu Emulator Images
+# Qemu Emulator Image
 # Lines written by Friedrich Schwittay ([email protected])
 # Updated by Adam Buchbinder ([email protected])
 # Made by reading sources, reading documentation, and doing trial and error
 # on existing QCOW files
-0       string        QFI\xFB QEMU QCOW Image
+0       string		QFI\xFB QEMU QCOW Image
+
+# BSD 2.x file system image; used in RetroBSD for PIC32.
+0		string		FS\x3C\x3C		BSD 2.x filesystem,
+>1020	string		!\x3E\x3EFS		invalid (missing FSMAGIC2),
+>8		lelong		x				size: {math:%d*1024} bytes,
+>8		lelong		x				\b{file-size:%d*1024}
+>8		lelong		x				\b{jump-to-offset:%d*1024}
+>8		lelong		x				total blocks: %d,
+>972	lelong		x				free blocks: %d,
+>968	ledate		x				last modified: %s
+>980	byte		!0
+>>980	string		x				\b, last mounted on: "%s"