mirrors
/
qira
mirror of https://github.com/geohot/qira
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

superficial stuff, porting to python3

This commit is contained in:
George Hotz 2019-03-23 14:49:07 -07:00
parent 7cd21feb98
commit 119245a0e2
11 changed files with 126 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
middleware/qira.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python2.7 #!/usr/bin/env python2.7
from __future__ import print_function
import os import os
import sys import sys
basedir = os.path.dirname(os.path.realpath(__file__)) basedir = os.path.dirname(os.path.realpath(__file__))
@ -51,7 +52,7 @@ if __name__ == '__main__':
# handle arguments # handle arguments
if sys.platform == "darwin": if sys.platform == "darwin":
print "*** running on darwin, defaulting to --pin" print("*** running on darwin, defaulting to --pin")
qira_config.USE_PIN = True qira_config.USE_PIN = True
else: else:
qira_config.USE_PIN = args.pin qira_config.USE_PIN = args.pin
@ -66,11 +67,11 @@ if __name__ == '__main__':
qira_config.TRACE_LIBRARIES = True qira_config.TRACE_LIBRARIES = True
if args.static: if args.static:
print "*** using static" print("*** using static")
qira_config.WITH_STATIC = True qira_config.WITH_STATIC = True
qira_config.STATIC_ENGINE = args.engine qira_config.STATIC_ENGINE = args.engine
if args.flush_cache: if args.flush_cache:
print "*** flushing caches" print("*** flushing caches")
os.system("rm -rfv /tmp/qira*") os.system("rm -rfv /tmp/qira*")
# qemu args from command line # qemu args from command line
@ -89,14 +90,14 @@ if __name__ == '__main__':
raise Exception("can't run as server if QIRA is already running") raise Exception("can't run as server if QIRA is already running")
except: except:
is_qira_running = 0 is_qira_running = 0
print "no qira server found, starting it" print("no qira server found, starting it")
program.clear() program.clear()
# start the binary runner # start the binary runner
if args.server: if args.server:
qira_socat.start_bindserver(program, qira_config.SOCAT_PORT, -1, 1, True) qira_socat.start_bindserver(program, qira_config.SOCAT_PORT, -1, 1, True)
else: else:
print "**** running "+program.program print("**** running",program.program)
program.execqira(shouldfork=not is_qira_running) program.execqira(shouldfork=not is_qira_running)
if not is_qira_running: if not is_qira_running:

30
middleware/qira_analysis.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python2.7 #!/usr/bin/env python2.7
from __future__ import print_function
import qira_config import qira_config
import qira_program import qira_program
import arch import arch
@ -6,6 +7,14 @@ import time
import math import math
import sys import sys
import struct import struct
from PIL import Image
import base64
try:
import StringIO
except ImportError:
from io import BytesIO as StringIO
sys.path.append(qira_config.BASEDIR+"/static2") sys.path.append(qira_config.BASEDIR+"/static2")
import static2 import static2
@ -17,7 +26,7 @@ def ghex(a):
def draw_multigraph(blocks): def draw_multigraph(blocks):
import pydot import pydot
print "generating traces" print("generating traces")
arr = [] arr = []
trace = [] trace = []
@ -36,7 +45,7 @@ def draw_multigraph(blocks):
graph = pydot.Dot(graph_type='digraph') graph = pydot.Dot(graph_type='digraph')
print "adding nodes" print("adding nodes")
nodes = [] nodes = []
for a in arr: for a in arr:
n = pydot.Node(a, shape="box") n = pydot.Node(a, shape="box")
@ -46,8 +55,8 @@ def draw_multigraph(blocks):
edges = [] edges = []
cnts = [] cnts = []
print "trace size",len(trace) print("trace size",len(trace))
print "realblock count",len(arr) print("realblock count",len(arr))
# coalesce loops # coalesce loops
""" """
@ -75,12 +84,12 @@ def draw_multigraph(blocks):
graph.add_edge(e) graph.add_edge(e)
""" """
print "adding edges" print("adding edges")
for i in range(0, len(trace)-1): for i in range(0, len(trace)-1):
e = pydot.Edge(nodes[trace[i]], nodes[trace[i+1]], label=str(cls[i+1]), headport="n", tailport="s") e = pydot.Edge(nodes[trace[i]], nodes[trace[i+1]], label=str(cls[i+1]), headport="n", tailport="s")
graph.add_edge(e) graph.add_edge(e)
print "drawing png @ /tmp/graph.png" print("drawing png @ /tmp/graph.png")
graph.write_png('/tmp/graph.png') graph.write_png('/tmp/graph.png')
@ -235,7 +244,7 @@ def do_loop_analysis(blocks):
# remove the loop from the blocks # remove the loop from the blocks
bb = bb[0:i] + bb[i:i+j] + bb[i+j*loopcnt:] bb = bb[0:i] + bb[i:i+j] + bb[i+j*loopcnt:]
ab = ab[0:i] + ab[i:i+j] + ab[i+j*loopcnt:] ab = ab[0:i] + ab[i:i+j] + ab[i+j*loopcnt:]
print loop print(loop)
loops.append(loop) loops.append(loop)
did_update = True did_update = True
break break
@ -465,9 +474,6 @@ def get_vtimeline_picture(trace, minclnum, maxclnum):
r = maxclnum-minclnum r = maxclnum-minclnum
sampling = int(math.ceil(r/50000.0)) sampling = int(math.ceil(r/50000.0))
from PIL import Image # sudo pip install pillow
import base64
import StringIO
im_y = int(maxclnum/sampling) im_y = int(maxclnum/sampling)
im = Image.new( 'RGB', (1, im_y), "black") im = Image.new( 'RGB', (1, im_y), "black")
px = im.load() px = im.load()
@ -560,7 +566,7 @@ if __name__ == "__main__":
trace = program.add_trace("/tmp/qira_logs/0", 0) trace = program.add_trace("/tmp/qira_logs/0", 0)
while not trace.db.did_update(): while not trace.db.did_update():
time.sleep(0.1) time.sleep(0.1)
print "loaded" print("loaded")
program.qira_asm_file = open("/tmp/qira_asm", "r") program.qira_asm_file = open("/tmp/qira_asm", "r")
qira_program.Program.read_asm_file(program) qira_program.Program.read_asm_file(program)
@ -569,7 +575,7 @@ if __name__ == "__main__":
flow = get_instruction_flow(trace, program, trace.db.get_minclnum(), trace.db.get_maxclnum()) flow = get_instruction_flow(trace, program, trace.db.get_minclnum(), trace.db.get_maxclnum())
blocks = get_blocks(flow, True) blocks = get_blocks(flow, True)
print slice(trace, 124) print(slice(trace, 124))
#print analyze(t, program) #print analyze(t, program)
#print blocks #print blocks

2
middleware/qira_log.py
View File

@ -61,5 +61,5 @@ if __name__ == "__main__":
import sys import sys
# standalone this can dump a log # standalone this can dump a log
for (address, data, clnum, flags) in read_log(open(sys.argv[1])): for (address, data, clnum, flags) in read_log(open(sys.argv[1])):
print "%4d: %X -> %X %X" % (clnum, address, data, flags) print("%4d: %X -> %X %X" % (clnum, address, data, flags))

104
middleware/qira_program.py
View File

@ -1,3 +1,4 @@
from __future__ import print_function
from qira_base import * from qira_base import *
import qira_config import qira_config
import qira_analysis import qira_analysis
@ -50,7 +51,7 @@ class Program:
self.program = which(prog) self.program = which(prog)
self.args = args self.args = args
self.proghash = sha1(open(self.program, "rb").read()).hexdigest() self.proghash = sha1(open(self.program, "rb").read()).hexdigest()
print "*** program is",self.program,"with hash",self.proghash print("*** program is",self.program,"with hash",self.proghash)
# this is always initted, as it's the tag repo # this is always initted, as it's the tag repo
self.static = static2.Static(self.program) self.static = static2.Static(self.program)
@ -90,21 +91,21 @@ class Program:
# pmaps is global, but updated by the traces # pmaps is global, but updated by the traces
progdat = open(self.program, "rb").read(0x800) progdat = open(self.program, "rb").read(0x800)
CPU_TYPE_ARM = "\x0C" CPU_TYPE_ARM = b"\x0C"
CPU_TYPE_ARM64 = "\x01\x00\x00\x0C" CPU_TYPE_ARM64 = b"\x01\x00\x00\x0C"
CPU_SUBTYPE_ARM_ALL = "\x00" CPU_SUBTYPE_ARM_ALL = b"\x00"
CPU_SUBTYPE_ARM_V4T = "\x05" CPU_SUBTYPE_ARM_V4T = b"\x05"
CPU_SUBTYPE_ARM_V6 = "\x06" CPU_SUBTYPE_ARM_V6 = b"\x06"
CPU_SUBTYPE_ARM_V5TEJ = "\x07" CPU_SUBTYPE_ARM_V5TEJ = b"\x07"
CPU_SUBTYPE_ARM_XSCALE = "\x08" CPU_SUBTYPE_ARM_XSCALE = b"\x08"
CPU_SUBTYPE_ARM_V7 = "\x09" CPU_SUBTYPE_ARM_V7 = b"\x09"
CPU_SUBTYPE_ARM_V7F = "\x0A" CPU_SUBTYPE_ARM_V7F = b"\x0A"
CPU_SUBTYPE_ARM_V7S = "\x0B" CPU_SUBTYPE_ARM_V7S = b"\x0B"
CPU_SUBTYPE_ARM_V7K = "\x0C" CPU_SUBTYPE_ARM_V7K = b"\x0C"
CPU_SUBTYPE_ARM_V6M = "\x0E" CPU_SUBTYPE_ARM_V6M = b"\x0E"
CPU_SUBTYPE_ARM_V7M = "\x0F" CPU_SUBTYPE_ARM_V7M = b"\x0F"
CPU_SUBTYPE_ARM_V7EM = "\x10" CPU_SUBTYPE_ARM_V7EM = b"\x10"
CPU_SUBTYPE_ARM = [ CPU_SUBTYPE_ARM = [
CPU_SUBTYPE_ARM_V4T, CPU_SUBTYPE_ARM_V4T,
@ -124,17 +125,17 @@ class Program:
CPU_SUBTYPE_ARM_V7S CPU_SUBTYPE_ARM_V7S
] ]
MACHO_MAGIC = "\xFE\xED\xFA\xCE" MACHO_MAGIC = b"\xFE\xED\xFA\xCE"
MACHO_CIGAM = "\xCE\xFA\xED\xFE" MACHO_CIGAM = b"\xCE\xFA\xED\xFE"
MACHO_MAGIC_64 = "\xFE\xED\xFA\xCF" MACHO_MAGIC_64 = b"\xFE\xED\xFA\xCF"
MACHO_CIGAM_64 = "\xCF\xFA\xED\xFE" MACHO_CIGAM_64 = b"\xCF\xFA\xED\xFE"
MACHO_FAT_MAGIC = "\xCA\xFE\xBA\xBE" MACHO_FAT_MAGIC = b"\xCA\xFE\xBA\xBE"
MACHO_FAT_CIGAM = "\xBE\xBA\xFE\xCA" MACHO_FAT_CIGAM = b"\xBE\xBA\xFE\xCA"
MACHO_P200_FAT_MAGIC = "\xCA\xFE\xD0\x0D" MACHO_P200_FAT_MAGIC = b"\xCA\xFE\xD0\x0D"
MACHO_P200_FAT_CIGAM = "\x0D\xD0\xFE\xCA" MACHO_P200_FAT_CIGAM = b"\x0D\xD0\xFE\xCA"
# Linux binaries # Linux binaries
if progdat[0:4] == "\x7FELF": if progdat[0:4] == b"\x7FELF":
# get file type # get file type
self.fb = struct.unpack("H", progdat[0x12:0x14])[0] # e_machine self.fb = struct.unpack("H", progdat[0x12:0x14])[0] # e_machine
@ -142,7 +143,7 @@ class Program:
maybe_path = lib_dir+arch+"/" maybe_path = lib_dir+arch+"/"
if 'QEMU_LD_PREFIX' not in os.environ and os.path.exists(maybe_path): if 'QEMU_LD_PREFIX' not in os.environ and os.path.exists(maybe_path):
os.environ['QEMU_LD_PREFIX'] = os.path.realpath(maybe_path) os.environ['QEMU_LD_PREFIX'] = os.path.realpath(maybe_path)
print "**** set QEMU_LD_PREFIX to",os.environ['QEMU_LD_PREFIX'] print("**** set QEMU_LD_PREFIX to",os.environ['QEMU_LD_PREFIX'])
if self.fb == 0x28: if self.fb == 0x28:
if '/lib/ld-linux.so.3' in progdat: if '/lib/ld-linux.so.3' in progdat:
@ -182,21 +183,21 @@ class Program:
raise Exception("binary type "+hex(self.fb)+" not supported") raise Exception("binary type "+hex(self.fb)+" not supported")
self.qirabinary = os.path.realpath(self.qirabinary) self.qirabinary = os.path.realpath(self.qirabinary)
print "**** using",self.qirabinary,"for",hex(self.fb) print("**** using",self.qirabinary,"for",hex(self.fb))
self.runnable = True self.runnable = True
# Windows binaries # Windows binaries
elif progdat[0:2] == "MZ": elif progdat[0:2] == b"MZ":
print "**** windows binary detected, only running the server" print("**** windows binary detected, only running the server")
pe = struct.unpack("I", progdat[0x3c:0x40])[0] pe = struct.unpack("I", progdat[0x3c:0x40])[0]
wh = struct.unpack("H", progdat[pe+4:pe+6])[0] wh = struct.unpack("H", progdat[pe+4:pe+6])[0]
if wh == 0x14c: if wh == 0x14c:
print "*** 32-bit windows" print("*** 32-bit windows")
self.tregs = arch.X86REGS self.tregs = arch.X86REGS
self.fb = 0x03 self.fb = 0x03
elif wh == 0x8664: elif wh == 0x8664:
print "*** 64-bit windows" print("*** 64-bit windows")
self.tregs = arch.X64REGS self.tregs = arch.X64REGS
self.fb = 0x3e self.fb = 0x3e
else: else:
@ -204,17 +205,17 @@ class Program:
# MACHO FAT binaries # MACHO FAT binaries
elif progdat[0x0:0x04] in (MACHO_FAT_MAGIC, MACHO_FAT_CIGAM, MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM): elif progdat[0x0:0x04] in (MACHO_FAT_MAGIC, MACHO_FAT_CIGAM, MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM):
print "**** Mach-O FAT (Universal) binary detected" print("**** Mach-O FAT (Universal) binary detected")
if progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM: if progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM:
print "**** Mach-O ARM architecture detected" print("**** Mach-O ARM architecture detected")
self.macharch = "arm" self.macharch = "arm"
elif (progdat[0x08:0x0c] == CPU_TYPE_ARM64) or (progdat[0x1c:0x20] == CPU_TYPE_ARM64) or (progdat[0x30:0x34] == CPU_TYPE_ARM64): elif (progdat[0x08:0x0c] == CPU_TYPE_ARM64) or (progdat[0x1c:0x20] == CPU_TYPE_ARM64) or (progdat[0x30:0x34] == CPU_TYPE_ARM64):
print "**** Mach-O Aarch64 architecture detected" print("**** Mach-O Aarch64 architecture detected")
self.macharch = "aarch64" self.macharch = "aarch64"
else: else:
self.macharch = "" self.macharch = ""
print "**** Mach-O X86/64 architecture detected" print("**** Mach-O X86/64 architecture detected")
if progdat[0x0:0x04] in (MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM): if progdat[0x0:0x04] in (MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM):
raise NotImplementedError("Pack200 compressed files are not supported yet") raise NotImplementedError("Pack200 compressed files are not supported yet")
@ -236,24 +237,24 @@ class Program:
if self.macharch == "arm" or self.macharch == "aarch64": if self.macharch == "arm" or self.macharch == "aarch64":
raise NotImplementedError("ARM/Aarch64 Support is not implemented") raise NotImplementedError("ARM/Aarch64 Support is not implemented")
if not os.path.isfile(self.pintool): if not os.path.isfile(self.pintool):
print "Running a Mach-O FAT (Universal) binary requires PIN support. See tracers/pin_build.sh" print("Running a Mach-O FAT (Universal) binary requires PIN support. See tracers/pin_build.sh")
exit() exit()
raise NotImplementedError("Mach-O FAT (Universal) binary not supported") raise NotImplementedError("Mach-O FAT (Universal) binary not supported")
self.runnable = True self.runnable = True
# MACHO binaries # MACHO binaries
elif progdat[0x0:0x04] in (MACHO_MAGIC_64, MACHO_CIGAM_64, MACHO_MAGIC, MACHO_CIGAM): elif progdat[0x0:0x04] in (MACHO_MAGIC_64, MACHO_CIGAM_64, MACHO_MAGIC, MACHO_CIGAM):
print "**** Mach-O binary detected" print("**** Mach-O binary detected")
if progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM: if progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM:
print "**** Mach-O ARM architecture detected" print("**** Mach-O ARM architecture detected")
self.macharch = "arm" self.macharch = "arm"
elif progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM64: elif progdat[0x04:0x05] == CPU_TYPE_ARM and progdat[0x08:0x09] in CPU_SUBTYPE_ARM64:
print "**** Mach-O Aarch64 architecture detected" print("**** Mach-O Aarch64 architecture detected")
self.macharch = "aarch64" self.macharch = "aarch64"
else: else:
self.macharch = "" self.macharch = ""
print "**** Mach-O X86/64 architecture detected" print("**** Mach-O X86/64 architecture detected")
if progdat[0x0:0x04] in (MACHO_MAGIC_64, MACHO_CIGAM_64): if progdat[0x0:0x04] in (MACHO_MAGIC_64, MACHO_CIGAM_64):
if progdat[0x0:0x04] == MACHO_CIGAM_64: if progdat[0x0:0x04] == MACHO_CIGAM_64:
@ -278,7 +279,7 @@ class Program:
if self.macharch == "arm" or self.macharch == "aarch64": if self.macharch == "arm" or self.macharch == "aarch64":
raise NotImplementedError("ARM/Aarch64 Support is not implemented") raise NotImplementedError("ARM/Aarch64 Support is not implemented")
if not os.path.isfile(self.pintool): if not os.path.isfile(self.pintool):
print "Running a Mach-O binary requires PIN support. See tracers/pin_build.sh" print("Running a Mach-O binary requires PIN support. See tracers/pin_build.sh")
exit() exit()
self.runnable = True self.runnable = True
else: else:
@ -286,7 +287,7 @@ class Program:
def clear(self): def clear(self):
# probably always good to do except in development of middleware # probably always good to do except in development of middleware
print "*** deleting old runs" print("*** deleting old runs")
self.delete_old_runs() self.delete_old_runs()
# getting asm from qemu # getting asm from qemu
@ -481,13 +482,12 @@ class Trace:
# is it safe to assume 4096 byte pages? # is it safe to assume 4096 byte pages?
st = "*** mapping %s %s sz:0x%x off:0x%x @ 0x%X" % (sha1(alldat).hexdigest(), files[fil], sz, off, return_code) st = "*** mapping %s %s sz:0x%x off:0x%x @ 0x%X" % (sha1(alldat).hexdigest(), files[fil], sz, off, return_code)
print st, print(st,)
dat = alldat[off:off+sz] dat = alldat[off:off+sz]
self.program.static.add_memory_chunk(return_code, dat) self.program.static.add_memory_chunk(return_code, dat)
print "done" except Exception as e:
except Exception, e: print(e)
print e
except: except:
pass pass
@ -532,10 +532,10 @@ class Trace:
try: try:
forkbase = get_forkbase_from_log(self.forknum) forkbase = get_forkbase_from_log(self.forknum)
print "*** using base %d for %d" % (forkbase, self.forknum) print("*** using base %d for %d" % (forkbase, self.forknum))
f = open(qira_config.TRACE_FILE_BASE+str(forkbase)+"_base") f = open(qira_config.TRACE_FILE_BASE+str(forkbase)+"_base")
except Exception, e: except Exception as e:
print "*** base file issue",e print("*** base file issue",e)
# done # done
return return
@ -564,8 +564,8 @@ class Trace:
for offset in os.listdir(images_dir+"/"+image): for offset in os.listdir(images_dir+"/"+image):
off_map[int(offset, 16)] = images_dir+"/"+image+"/"+offset off_map[int(offset, 16)] = images_dir+"/"+image+"/"+offset
img_map[unquote(image)] = off_map img_map[unquote(image)] = off_map
except Exception, e: except Exception as e:
print "Exception while dealing with _images/:", e print("Exception while dealing with _images/:", e)
for ln in f.read().split("\n"): for ln in f.read().split("\n"):
ln = ln.split(" ") ln = ln.split(" ")
@ -587,7 +587,7 @@ class Trace:
with open(fn) as f: with open(fn) as f:
f.seek(offset) f.seek(offset)
dat = f.read(se-ss) dat = f.read(se-ss)
except Exception, e: except Exception as e:
print "Failed to get", fn, "offset", offset, ":", e print("Failed to get", fn, "offset", offset, ":", e)
continue continue
self.program.static.add_memory_chunk(ss, dat) self.program.static.add_memory_chunk(ss, dat)

5
middleware/qira_socat.py
View File

@ -1,3 +1,4 @@
from __future__ import print_function
import os import os
import socket import socket
import signal import signal
@ -27,7 +28,7 @@ def start_bindserver(program, port, parent_id, start_cl, loop = False):
return return
# bindserver runs in a fork # bindserver runs in a fork
while 1: while 1:
print "**** listening on",myss print("**** listening on",myss)
(cs, address) = myss.accept() (cs, address) = myss.accept()
# fork off the child if we are looping # fork off the child if we are looping
@ -36,7 +37,7 @@ def start_bindserver(program, port, parent_id, start_cl, loop = False):
cs.close() cs.close()
continue continue
run_id = get_next_run_id() run_id = get_next_run_id()
print "**** ID",run_id,"CLIENT",cs, address, cs.fileno() print("**** ID",run_id,"CLIENT",cs, address, cs.fileno())
fd = cs.fileno() fd = cs.fileno()
# python nonblocking is a lie... # python nonblocking is a lie...

21
middleware/qira_webserver.py
View File

@ -1,3 +1,4 @@
from __future__ import print_function
from qira_base import * from qira_base import *
import qira_config import qira_config
import os import os
@ -14,7 +15,7 @@ def socket_method(func):
# before things are initted in the js, we get this # before things are initted in the js, we get this
for i in args: for i in args:
if i == None: if i == None:
#print "BAD ARGS TO %-20s" % (func.func_name), "with",args #print "BAD ARGS TO %-20s" % (func.__name__), "with",args
return return
try: try:
start = time.time() start = time.time()
@ -23,10 +24,10 @@ def socket_method(func):
# print slow calls, slower than 50ms # print slow calls, slower than 50ms
if tm > 50 or qira_config.WEBSOCKET_DEBUG: if tm > 50 or qira_config.WEBSOCKET_DEBUG:
print "SOCKET %6.2f ms in %-20s with" % (tm, func.func_name), args print("SOCKET %6.2f ms in %-20s with" % (tm, func.__name__), args)
return ret return ret
except Exception, e: except Exception as e:
print "ERROR",e,"in",func.func_name,"with",args print("ERROR",e,"in",func.__name__,"with",args)
return func_wrapper return func_wrapper
import qira_socat import qira_socat
@ -113,7 +114,7 @@ def mwpoller():
@socket_method @socket_method
def forkat(forknum, clnum, pending): def forkat(forknum, clnum, pending):
global program global program
print "forkat",forknum,clnum,pending print("forkat",forknum,clnum,pending)
REGSIZE = program.tregs[1] REGSIZE = program.tregs[1]
dat = [] dat = []
@ -147,7 +148,7 @@ def forkat(forknum, clnum, pending):
@socket_method @socket_method
def deletefork(forknum): def deletefork(forknum):
global program global program
print "deletefork", forknum print("deletefork", forknum)
os.unlink(qira_config.TRACE_FILE_BASE+str(int(forknum))) os.unlink(qira_config.TRACE_FILE_BASE+str(int(forknum)))
del program.traces[forknum] del program.traces[forknum]
push_updates() push_updates()
@ -157,7 +158,7 @@ def deletefork(forknum):
def slice(forknum, clnum): def slice(forknum, clnum):
trace = program.traces[forknum] trace = program.traces[forknum]
data = qira_analysis.slice(trace, clnum) data = qira_analysis.slice(trace, clnum)
print "slice",forknum,clnum, data print("slice",forknum,clnum, data)
emit('slice', forknum, data); emit('slice', forknum, data);
@socketio.on('doanalysis', namespace='/qira') @socketio.on('doanalysis', namespace='/qira')
@ -173,7 +174,7 @@ def analysis(forknum):
@socket_method @socket_method
def connect(): def connect():
global program global program
print "client connected", program.get_maxclnum() print("client connected", program.get_maxclnum())
push_updates() push_updates()
@socketio.on('getclnum', namespace='/qira') @socketio.on('getclnum', namespace='/qira')
@ -429,11 +430,11 @@ def run_server(largs, lprogram):
import qira_webstatic import qira_webstatic
qira_webstatic.init(lprogram) qira_webstatic.init(lprogram)
print "****** starting WEB SERVER on %s:%d" % (qira_config.HOST, qira_config.WEB_PORT) print("****** starting WEB SERVER on %s:%d" % (qira_config.HOST, qira_config.WEB_PORT))
threading.Thread(target=mwpoller).start() threading.Thread(target=mwpoller).start()
try: try:
socketio.run(app, host=qira_config.HOST, port=qira_config.WEB_PORT, log_output=False) socketio.run(app, host=qira_config.HOST, port=qira_config.WEB_PORT, log_output=False)
except KeyboardInterrupt: except KeyboardInterrupt:
print "*** User raised KeyboardInterrupt" print("*** User raised KeyboardInterrupt")
exit() exit()

5
middleware/qira_webstatic.py
View File

@ -1,6 +1,7 @@
# eventually, this can live in a different process # eventually, this can live in a different process
# or we can break the boundary at static2 # or we can break the boundary at static2
# these calls don't have to be included for qira to work # these calls don't have to be included for qira to work
from __future__ import print_function
import qira_config import qira_config
@ -150,7 +151,7 @@ if qira_config.WITH_STATIC:
for i in sorted(b.addresses): for i in sorted(b.addresses):
bbb = {'address': ghex(i)} bbb = {'address': ghex(i)}
copy_fields(bbb, program.static[i]) copy_fields(bbb, program.static[i])
bbb['dests'] = map(lambda (x,y): (ghex(x), y), program.static[i]['instruction'].dests()) bbb['dests'] = map(lambda x: (ghex(x[0]), x[1]), program.static[i]['instruction'].dests())
bb.append(bbb) bb.append(bbb)
blocks.append(bb) blocks.append(bb)
@ -160,7 +161,7 @@ if qira_config.WITH_STATIC:
@socket_method @socket_method
def make(typ, iaddr): def make(typ, iaddr):
iaddr = fhex(iaddr) iaddr = fhex(iaddr)
print "*** make",typ,"at",ghex(iaddr) print("*** make",typ,"at",ghex(iaddr))
if typ == 'function': if typ == 'function':
program.static.analyzer.make_function_at(program.static, iaddr) program.static.analyzer.make_function_at(program.static, iaddr)
elif typ == 'code': elif typ == 'code':

5
static2/builtin/analyzer.py
View File

@ -1,4 +1,7 @@
import Queue try:
import Queue
except ImportError:
import queue as Queue
from model import Function, Block, DESTTYPE from model import Function, Block, DESTTYPE
import byteweight import byteweight
import time import time

17
static2/builtin/loader.py
View File

@ -1,3 +1,4 @@
from __future__ import print_function
from elftools.elf.elffile import ELFFile from elftools.elf.elffile import ELFFile
from elftools.elf.sections import SymbolTableSection from elftools.elf.sections import SymbolTableSection
from elftools.elf.relocation import RelocationSection from elftools.elf.relocation import RelocationSection
@ -23,13 +24,13 @@ def get_arch(fb):
def load_binary(static): def load_binary(static):
try: try:
elf = ELFFile(open(static.path)) elf = ELFFile(open(static.path, "rb"))
except ELFError: except ELFError:
print "*** loader error: non-ELF detected" print("*** loader error: non-ELF detected")
return return
# TODO: replace with elf['e_machine'] # TODO: replace with elf['e_machine']
progdat = open(static.path).read(0x20) progdat = open(static.path, "rb").read(0x20)
fb = struct.unpack("H", progdat[0x12:0x14])[0] # e_machine fb = struct.unpack("H", progdat[0x12:0x14])[0] # e_machine
static['arch'] = get_arch(fb) static['arch'] = get_arch(fb)
static['entry'] = elf['e_entry'] static['entry'] = elf['e_entry']
@ -39,11 +40,11 @@ def load_binary(static):
addr = segment['p_vaddr'] addr = segment['p_vaddr']
if segment['p_type'] == 'PT_LOAD': if segment['p_type'] == 'PT_LOAD':
memsize = segment['p_memsz'] memsize = segment['p_memsz']
static.add_memory_chunk(addr, segment.data().ljust(memsize, "\x00")) static.add_memory_chunk(addr, segment.data().ljust(memsize, b"\x00"))
for section in elf.iter_sections(): for section in elf.iter_sections():
if static.debug >= 1: if static.debug >= 1:
print "** found section", section.name, type(section) print("** found section", section.name, type(section))
if isinstance(section, RelocationSection): if isinstance(section, RelocationSection):
symtable = elf.get_section(section['sh_link']) symtable = elf.get_section(section['sh_link'])
@ -53,7 +54,7 @@ def load_binary(static):
for rel in section.iter_relocations(): for rel in section.iter_relocations():
symbol = symtable.get_symbol(rel['r_info_sym']) symbol = symtable.get_symbol(rel['r_info_sym'])
if static.debug >= 1: #suppress output for testing if static.debug >= 1: #suppress output for testing
print "Relocation",rel, symbol.name print("Relocation",rel, symbol.name)
if rel['r_offset'] != 0 and symbol.name != "": if rel['r_offset'] != 0 and symbol.name != "":
static[rel['r_offset']]['name'] = "__"+symbol.name static[rel['r_offset']]['name'] = "__"+symbol.name
ncount += 1 ncount += 1
@ -85,12 +86,12 @@ def load_binary(static):
#print symbol['st_info'], symbol.name, hex(symbol['st_value']) #print symbol['st_info'], symbol.name, hex(symbol['st_value'])
if symbol['st_value'] != 0 and symbol.name != "" and symbol['st_info']['type'] == "STT_FUNC": if symbol['st_value'] != 0 and symbol.name != "" and symbol['st_info']['type'] == "STT_FUNC":
if static.debug >= 1: if static.debug >= 1:
print "Symbol",hex(symbol['st_value']), symbol.name print("Symbol",hex(symbol['st_value']), symbol.name)
static[symbol['st_value']]['name'] = symbol.name static[symbol['st_value']]['name'] = symbol.name
ncount += 1 ncount += 1
# parse the DynamicSection to get the libraries # parse the DynamicSection to get the libraries
#if isinstance(section, DynamicSection): #if isinstance(section, DynamicSection):
if static.debug >= 1: if static.debug >= 1:
print "** found %d names" % ncount print("** found %d names" % ncount)

15
static2/model.py
View File

@ -1,3 +1,4 @@
from __future__ import print_function
from capstone import * from capstone import *
import capstone # for some unexported (yet) symbols in Capstone 3.0 import capstone # for some unexported (yet) symbols in Capstone 3.0
import qira_config import qira_config
@ -25,7 +26,7 @@ class Instruction(object):
try: try:
return BapInsn(*args, **kwargs) return BapInsn(*args, **kwargs)
except Exception as exn: except Exception as exn:
print "bap failed", type(exn).__name__, exn print("bap failed", type(exn).__name__, exn)
return CsInsn(*args, **kwargs) return CsInsn(*args, **kwargs)
else: else:
return CsInsn(*args, **kwargs) return CsInsn(*args, **kwargs)
@ -208,7 +209,7 @@ if qira_config.WITH_BAP:
else: else:
if offset != offset & 0xFFFFFFFF: if offset != offset & 0xFFFFFFFF:
if debug_level >= 1: if debug_level >= 1:
print "[!] Warning: supplied offset 0x{:x} is not 32 bits.".format(offset) print("[!] Warning: supplied offset 0x{:x} is not 32 bits.".format(offset))
offset = offset & 0xFFFFFFFF offset = offset & 0xFFFFFFFF
if (offset >> 31) & 1 == 1: if (offset >> 31) & 1 == 1:
offset_fixed = -(0xFFFFFFFF-offset+1) offset_fixed = -(0xFFFFFFFF-offset+1)
@ -227,7 +228,7 @@ if qira_config.WITH_BAP:
v_prime = calc_offset(*k) v_prime = calc_offset(*k)
if v_prime != v: if v_prime != v:
k_fmt = (k[0],hex(k[1]),k[2]) k_fmt = (k[0],hex(k[1]),k[2])
print "{0} -> {1:x} expected, got {0} -> {2:x}".format(k_fmt,v,v_prime) print("{0} -> {1:x} expected, got {0} -> {2:x}".format(k_fmt,v,v_prime))
class UnknownRegister(Exception): class UnknownRegister(Exception):
def __init__(self, reg): def __init__(self, reg):
@ -504,10 +505,10 @@ class CsInsn(object):
try: try:
fmt, ref = self._get_ref_square_bracket() fmt, ref = self._get_ref_square_bracket()
except AssertionError: except AssertionError:
print "*** Warning: assumption in _get_ref_square_bracket violated" print("*** Warning: assumption in _get_ref_square_bracket violated")
return self.i.op_str return self.i.op_str
except Exception as e: except Exception as e:
print "unknown exception in _get_operand_s" print("unknown exception in _get_operand_s")
return self.i.op_str return self.i.op_str
try: try:
@ -516,9 +517,9 @@ class CsInsn(object):
except IgnoredRegister as e: except IgnoredRegister as e:
pass pass
except UnknownRegister as e: except UnknownRegister as e:
print "_get_operand_s: unknown register {} at clnum {}".format(e.reg, clnum) print("_get_operand_s: unknown register {} at clnum {}".format(e.reg, clnum))
except Exception as e: except Exception as e:
print "unknown exception in _get_operand_s", e print("unknown exception in _get_operand_s", e)
return self.i.op_str return self.i.op_str

21
static2/static2.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python2.7 #!/usr/bin/env python2.7
from __future__ import print_function
# NO MORE RADARE # NO MORE RADARE
# tags should be dynamically generated # tags should be dynamically generated
@ -98,7 +99,7 @@ class Static:
@staticmethod @staticmethod
def analyze_functions(x): def analyze_functions(x):
dat = ida.fetch_tags() dat = ida.fetch_tags()
print dat print(dat)
else: else:
# run the elf loader # run the elf loader
sys.path.append(os.path.join(qira_config.BASEDIR, "static2", "builtin")) sys.path.append(os.path.join(qira_config.BASEDIR, "static2", "builtin"))
@ -108,7 +109,7 @@ class Static:
loader.load_binary(self) loader.load_binary(self)
if self.debug >= 1: if self.debug >= 1:
print "*** elf loaded" print("*** elf loaded")
""" """
# check the cache # check the cache
@ -252,7 +253,7 @@ class Static:
for (laddress, llength) in self.base_memory: for (laddress, llength) in self.base_memory:
if address == laddress: if address == laddress:
if self.base_memory[(laddress, llength)] != dat: if self.base_memory[(laddress, llength)] != dat:
print "*** WARNING, changing segment",hex(laddress),llength print("*** WARNING, changing segment",hex(laddress),llength)
return return
# segments should have an idea of segment permission # segments should have an idea of segment permission
@ -262,14 +263,14 @@ class Static:
def process(self): def process(self):
self.analyzer.analyze_functions(self) self.analyzer.analyze_functions(self)
if self.debug >= 1: if self.debug >= 1:
print "*** found %d functions" % len(self['functions']) print("*** found %d functions" % len(self['functions']))
# *** STATIC TEST STUFF *** # *** STATIC TEST STUFF ***
if __name__ == "__main__": if __name__ == "__main__":
static = Static(sys.argv[1],debug=1) static = Static(sys.argv[1],debug=1)
print "arch:",static['arch'] print("arch:",static['arch'])
# find main # find main
static.process() static.process()
@ -285,18 +286,18 @@ if __name__ == "__main__":
# function printer # function printer
for f in sorted(static['functions']): for f in sorted(static['functions']):
print static[f.start]['name'] or hex(f.start), f print(static[f.start]['name'] or hex(f.start), f)
for b in sorted(f.blocks): for b in sorted(f.blocks):
print " ",b print(" ",b)
for a in sorted(b.addresses): for a in sorted(b.addresses):
print " ",hex(a),static._insert_names(static[a]['instruction']) print(" ",hex(a),static._insert_names(static[a]['instruction']))
# print symbols # print symbols
print "symbols" print("symbols")
names = static.get_tags(['name']) names = static.get_tags(['name'])
for addr in names: for addr in names:
print "%8x: %s" % (addr, names[addr]['name']) print("%8x: %s" % (addr, names[addr]['name']))
#print static['functions'] #print static['functions']