Permalink
Browse files

Add initial r2script support

  • Loading branch information...
Maijin
Maijin committed May 30, 2016
1 parent 9229119 commit b68379c4b3e99c836cc7901581be2a1f23761efa
Showing with 47 additions and 5 deletions.
  1. +1 −0 .gitignore
  2. +46 −5 floss/main.py
@@ -10,6 +10,7 @@ __pycache__/
# Distribution / packaging
build/
dist/
floss.egg-info/
lib/
.cache
@@ -23,7 +23,7 @@
import plugins.function_meta_data_plugin
from interfaces import DecodingRoutineIdentifier
from decoding_manager import LocationType
from base64 import b64encode
floss_logger = logging.getLogger("floss")
@@ -127,6 +127,8 @@ def make_parser():
action="store_true")
parser.add_option("-i", "--ida", dest="ida_python_file",
help="create an IDAPython script to annotate the decoded strings in an IDB file")
parser.add_option("-r", "--radare", dest="radare2_script_file",
help="create a radare2 script to annotate the decoded strings in an .r2 file")
parser.add_option("-n", "--minimum-length", dest="min_length",
help="minimum string length (default is %d)" % MIN_STRING_LENGTH_DEFAULT)
parser.add_option("-p", "--plugins", dest="plugins",
@@ -357,7 +359,7 @@ def print_decoded_strings(decoded_strings, quiet=False, expert=False):
print(tabulate.tabulate(ss, headers=["Offset", "Called At", "String"]))
def create_script_content(sample_file_path, decoded_strings, stack_strings):
def create_ida_script_content(sample_file_path, decoded_strings, stack_strings):
"""
Create IDAPython script contents for IDB file annotations.
:param sample_file_path: input file path
@@ -435,16 +437,34 @@ def main():
""" % (len(decoded_strings) + ss_len, sample_file_path, "\n ".join(main_commands))
return script_content
def create_r2_script_content(sample_file_path, decoded_strings, stack_strings):
"""
Create r2script contents for r2 session annotations.
:param sample_file_path: input file path
:param decoded_strings: list of decoded strings ([DecodedString])
:param stack_strings: list of stack strings ([StackString])
:return: content of the r2script
"""
main_commands = []
for ds in decoded_strings:
if ds.s != "":
sanitized_string = b64encode("\"FLOSS: %s\"" % ds.s)
if ds.characteristics["location_type"] == LocationType.GLOBAL:
main_commands.append("CCu base64:%s @ %d" % (sanitized_string, ds.va))
else:
main_commands.append("CCu base64:%s @ %d" % (sanitized_string, ds.decoded_at_va))
return "\n".join(main_commands)
def create_script(sample_file_path, ida_python_file, decoded_strings, stack_strings):
def create_ida_script(sample_file_path, ida_python_file, decoded_strings, stack_strings):
"""
Create an IDAPython script to annotate an IDB file with decoded strings.
:param sample_file_path: input file path
:param ida_python_file: output file path
:param decoded_strings: list of decoded strings ([DecodedString])
:param stack_strings: list of stack strings ([StackString])
"""
script_content = create_script_content(sample_file_path, decoded_strings, stack_strings)
script_content = create_ida_script_content(sample_file_path, decoded_strings, stack_strings)
ida_python_file = os.path.abspath(ida_python_file)
with open(ida_python_file, 'wb') as f:
try:
@@ -454,6 +474,23 @@ def create_script(sample_file_path, ida_python_file, decoded_strings, stack_stri
raise e
# TODO return, catch exception in main()
def create_r2_script(sample_file_path, r2_script_file, decoded_strings, stack_strings):
"""
Create an r2script to annotate r2 session with decoded strings.
:param sample_file_path: input file path
:param r2script_file: output file path
:param decoded_strings: list of decoded strings ([DecodedString])
:param stack_strings: list of stack strings ([StackString])
"""
script_content = create_r2_script_content(sample_file_path, decoded_strings, stack_strings)
r2_script_file = os.path.abspath(r2_script_file)
with open(r2_script_file, 'wb') as f:
try:
f.write(script_content)
print("Wrote radare2script file to %s\n" % r2_script_file)
except Exception as e:
raise e
# TODO return, catch exception in main()
def print_static_strings(path, min_length, quiet=False):
"""
@@ -631,7 +668,11 @@ def main(argv=None):
if options.ida_python_file:
floss_logger.info("Creating IDA script...")
create_script(sample_file_path, options.ida_python_file, decoded_strings, stack_strings)
create_ida_script(sample_file_path, options.ida_python_file, decoded_strings, stack_strings)
if options.radare2_script_file:
floss_logger.info("Creating r2script...")
create_r2_script(sample_file_path, options.radare2_script_file, decoded_strings, stack_strings)
time1 = time()
if not options.quiet:

0 comments on commit b68379c

Please sign in to comment.