Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

radare2 find.py script #77

Merged
merged 1 commit into from Aug 2, 2018

Conversation

Projects
None yet
2 participants
@m-1-k-3
Copy link

commented Aug 1, 2018

Hi,

I have ported the IDA pro find.py script to radare2 (https://rada.re/r/). Most of the code is the original code from @commial . The small r2 part is new.

Binary used for testing:

blksz    0x0
block    0x100
fd       3
file     /opt/gdb/arm/bin/gdbserver
format   elf
iorw     false
mode     r-x
size     0x3e874
humansz  250.1K
type     EXEC (Executable file)
arch     arm
binsz    255473
bintype  elf
bits     32
canary   false
class    ELF32
crypto   false
endian   little
havecode true
lang     c
linenum  false
lsyms    false
machine  ARM
maxopsz  4
minopsz  4
nx       true
os       linux
pcalign  4
pic      false
relocs   false
rpath    NONE
static   true
stripped true
subsys   linux
va       true

And now the script:


[*] Found 402 functions
[*] Get already known functions via r2 command aflqj ...
[*] Architecture: arm / Endianess: little / Bits: 32
[*] Launch identification on 402 function(s)
[+] Found strcpy at 0x31804
[+] Found strncpy at 0x318bc
[+] Found atoi at 0x338cc
[+] Found strtok at 0x31914
[+] Found isspace at 0x10a7c
[+] Found strncmp at 0x3187c
[+] Found strpbrk at 0x37b64
[+] Found strspn at 0x37bcc
[+] Found atoi at 0x338c0
[+] Found memset at 0x31620
[+] Found atoi at 0x338d4
[+] Found strnlen at 0x318e8
[+] Found memmove at 0x31610
[+] Found strcmp at 0x316c0
[+] Found strlen at 0x316e0
[+] Found strcat at 0x317ac
[+] Found strchr at 0x317d8
[*] Current: 100.00% (sub_0x00038f64)| Estimated time remaining: 0.00s
[*] Finished ! Found 17 candidates in 16.43s

I have tested it on an ARM, MIPS and x86_32 binary. It should work on a default r2 installation.

Michael Messner

@commial commial merged commit 761d627 into cea-sec:master Aug 2, 2018

1 check failed

continuous-integration/travis-ci/pr The Travis CI build could not complete due to an error
Details
@commial

This comment has been minimized.

Copy link
Member

commented Aug 2, 2018

Thanks for the contrib!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.