mirrors
/
qira
mirror of https://github.com/geohot/qira
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This one is more clean and fixes some issues on the old commit, arm/arch64 can be detected now, need more clean up and print the exact cpu_subtype

This commit is contained in:
Yahya Lmallas 2016-02-01 20:31:10 +01:00
parent abf4e1adea
commit b43491cf49
1 changed files with 45 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
middleware/qira_program.py
View File

@ -90,6 +90,31 @@ class Program:
# pmaps is global, but updated by the traces # pmaps is global, but updated by the traces
progdat = open(self.program, "rb").read(0x800) progdat = open(self.program, "rb").read(0x800)
# 12: CPU_TYPE_ARM
# 0 : CPU_SUBTYPE_ARM_ALL
# 5 : CPU_SUBTYPE_ARM_V4T
# 6 : CPU_SUBTYPE_ARM_V6
# 7 : CPU_SUBTYPE_ARM_V5TEJ
# 8 : CPU_SUBTYPE_ARM_XSCALE
# 9 : CPU_SUBTYPE_ARM_V7
CPU_TYPE_ARM = "\x0C"
CPU_SUBTYPE_ARM_ALL = "\x00"
CPU_SUBTYPE_ARM_V4T = "\x05"
CPU_SUBTYPE_ARM_V6 = "\x06"
CPU_SUBTYPE_ARM_V5TEJ = "\x07"
CPU_SUBTYPE_ARM_XSCALE = "\x08"
CPU_SUBTYPE_ARM_V7 = "\x09"
MACHO_MAGIC = "\xFE\xED\xFA\xCE"
MACHO_CIGAM = "\xCE\xFA\xED\xFE"
MACHO_MAGIC_64 = "\xFE\xED\xFA\xCF"
MACHO_CIGAM_64 = "\xCF\xFA\xED\xFE"
MACHO_FAT_MAGIC = "\xCA\xFE\xBA\xBE"
MACHO_FAT_CIGAM = "\xBE\xBA\xFE\xCA"
MACHO_P200_FAT_MAGIC = "\xCA\xFE\xD0\x0D"
MACHO_P200_FAT_CIGAM = "\x0D\xD0\xFE\xCA"
# Linux binaries # Linux binaries
if progdat[0:4] == "\x7FELF": if progdat[0:4] == "\x7FELF":
# get file type # get file type
@ -157,32 +182,28 @@ class Program:
else: else:
raise Exception("windows binary with machine "+hex(wh)+" not supported") raise Exception("windows binary with machine "+hex(wh)+" not supported")
# Mach-O FAT binaries # MACHO FAT binaries
elif progdat[0:4] in ("\xCA\xFE\xBA\xBE", "\xBE\xBA\xFE\xCA", "\xCA\xFE\xD0\x0D", "\x0D\xD0\xFE\xCA"): elif progdat[0:4] in (MACHO_FAT_MAGIC, MACHO_FAT_CIGAM, MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM):
print "**** Mach-O FAT (Universal) binary detected" print "**** Mach-O FAT (Universal) binary detected"
# 0 : CPU_SUBTYPE_ARM_ALL
# 5 : CPU_SUBTYPE_ARM_V4T #if progdat[4:5] == CPU_TYPE_ARM:
# 6 : CPU_SUBTYPE_ARM_V6 if progdat[8:9] in (CPU_SUBTYPE_ARM_ALL, CPU_SUBTYPE_ARM_V4T, CPU_SUBTYPE_ARM_V6, CPU_SUBTYPE_ARM_V5TEJ, CPU_SUBTYPE_ARM_XSCALE, CPU_SUBTYPE_ARM_V7):
# 7 : CPU_SUBTYPE_ARM_V5TEJ
# 8 : CPU_SUBTYPE_ARM_XSCALE
# 9 : CPU_SUBTYPE_ARM_V7
if progdat[8:9] in ("\x00", "\x05", "\x06", "\x07", "\x08", "\x09"):
print "**** Mach-O ARM architecture detected" print "**** Mach-O ARM architecture detected"
self.macharch = "ARM" self.macharch = "ARM"
else: else:
self.macharch = "" self.macharch = ""
print "**** Mach-O X86/64 architecture detected" print "**** Mach-O X86/64 architecture detected"
if progdat[0:4] in ("\xCA\xFE\xD0\x0D", "\x0D\xD0\xFE\xCA"): if progdat[0:4] in (MACHO_P200_FAT_MAGIC, MACHO_P200_FAT_CIGAM):
raise Exception("Pack200 compressed files are not supported") raise Exception("Pack200 compressed files are not supported")
elif progdat[0:4] == "\xCA\xFE\xBA\xBE": elif progdat[0:4] == MACHO_FAT_MAGIC:
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.ARMREGS
self.pintool = "" self.pintool = ""
else: else:
self.tregs = arch.X86REGS self.tregs = arch.X86REGS
self.pintool = pin_dir + "obj-ia32/qirapin.dylib" self.pintool = pin_dir + "obj-ia32/qirapin.dylib"
elif progdat[0:4] == "\xBE\xBA\xFE\xCA": # big endian... elif progdat[0:4] == MACHO_FAT_CIGAM: # big endian...
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.ARMREGS
self.pintool = "" self.pintool = ""
@ -196,44 +217,40 @@ class Program:
exit() exit()
self.runnable = True self.runnable = True
# Mach-O binaries # MACHO binaries
elif progdat[0:4] in ("\xCF\xFA\xED\xFE", "\xFE\xED\xFA\xCF", "\xCE\xFA\xED\xFE", "\xFE\xED\xFA\xCE"): elif progdat[0:4] in (MACHO_MAGIC_64, MACHO_CIGAM_64, MACHO_MAGIC, MACHO_CIGAM):
print "**** Mach-O binary detected" print "**** Mach-O binary detected"
# 0 : CPU_SUBTYPE_ARM_ALL
# 5 : CPU_SUBTYPE_ARM_V4T #if progdat[4:5] == CPU_TYPE_ARM:
# 6 : CPU_SUBTYPE_ARM_V6 if progdat[8:9] in (CPU_SUBTYPE_ARM_ALL, CPU_SUBTYPE_ARM_V4T, CPU_SUBTYPE_ARM_V6, CPU_SUBTYPE_ARM_V5TEJ, CPU_SUBTYPE_ARM_XSCALE, CPU_SUBTYPE_ARM_V7):
# 7 : CPU_SUBTYPE_ARM_V5TEJ print "**** Mach-O ARM/Aarch64 architecture detected"
# 8 : CPU_SUBTYPE_ARM_XSCALE
# 9 : CPU_SUBTYPE_ARM_V7
if progdat[8:9] in ("\x00", "\x05", "\x06", "\x07", "\x08", "\x09"):
print "**** Mach-O ARM architecture detected"
self.macharch = "ARM" self.macharch = "ARM"
else: else:
self.macharch = "" self.macharch = ""
print "**** Mach-O X86/64 architecture detected" print "**** Mach-O X86/64 architecture detected"
if progdat[0:4] == "\xCF\xFA\xED\xFE": if progdat[0:4] == MACHO_CIGAM_64: # big endian...
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.AARCH64REGS
self.pintool = "" self.pintool = ""
else: else:
self.tregs = arch.X64REGS self.tregs = arch.X64REGS
self.pintool = pin_dir + "obj-intel64/qirapin.dylib" self.pintool = pin_dir + "obj-intel64/qirapin.dylib"
elif progdat[0:4] == "\xFE\xED\xFA\xCF": # big endian... elif progdat[0:4] == MACHO_MAGIC_64:
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.AARCH64REGS
self.pintool = "" self.pintool = ""
else: else:
self.tregs = arch.X64REGS self.tregs = arch.X64REGS
self.pintool = pin_dir + "obj-intel64/qirapin.dylib" self.pintool = pin_dir + "obj-intel64/qirapin.dylib"
elif progdat[0:4] == "\xCE\xFA\xED\xFE": elif progdat[0:4] == MACHO_CIGAM: # big endian...
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.ARMREGS
self.pintool = "" self.pintool = ""
else: else:
self.tregs = arch.X86REGS self.tregs = arch.X86REGS
self.pintool = pin_dir + "obj-ia32/qirapin.dylib" self.pintool = pin_dir + "obj-ia32/qirapin.dylib"
elif progdat[0:4] == "\xFE\xED\xFA\xCE": # big endian... elif progdat[0:4] == MACHO_MAGIC:
if self.macharch == "ARM": if self.macharch == "ARM":
self.tregs = arch.ARMREGS self.tregs = arch.ARMREGS
self.pintool = "" self.pintool = ""