[Bro] binpac to bro script types

Bortoli, Tomas tomas.bortoli at sit.fraunhofer.de
Thu Jun 1 04:57:25 PDT 2017

Thank you very much Vlad!
I finally also solve it in a very similar way in the end (conversion + offset)

From: Vlad Grigorescu [vladg at illinois.edu]
Sent: Wednesday, May 31, 2017 9:13 PM
To: Bortoli, Tomas; bro at bro.org
Subject: RE: [Bro] binpac to bro script types

Well, that's protocol specific, but I did some digging:

> 11644473600
> >>> hex(filetime)
> '0x01d238cc0f66a007'
> >>> filetime/10000000.
> 13122978809.960194
> 1478505209.9601936
> >>> datetime.datetime.fromtimestamp(1478505209.9601936).strftime('%Y-%m-%d %H:%M:%S')
> '2016-11-07 01:53:29'

This is already implemented in smb-time.pac:

You could try just adding this to your PAC file and then you'll be able
to use that function:

> %include ../smb/smb-time.pac

Check out krb-asn1.pac for an example of including another PAC file:


More information about the Bro mailing list