Post Empire Hacking commit to make sure app matches what was demoed

pmarkowsky · Aug 10, 2016 · 3b2c696 · 3b2c696
1 parent dded29b
commit 3b2c696
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 16 deletions.
diff --git a/app/assembler.py b/app/assembler.py
@@ -10,6 +10,7 @@
 import capstone
 import keystone
 
+
 # constants
 LITTLE_ENDIAN = 0
 BIG_ENDIAN = 1
@@ -80,8 +81,7 @@ def SetArchAndMode(self, arch_mode, endianess):
                                                        keystone.KS_MODE_32|keystone.KS_MODE_LITTLE_ENDIAN),
                                                       (capstone.CS_ARCH_X86,
                                                        capstone.CS_MODE_32|capstone.CS_MODE_LITTLE_ENDIAN)),
-                            (X86_64, LITTLE_ENDIAN): ((keystone.KS_ARCH_X86, 
-                                                       keystone.KS_MODE_64|keystone.KS_MODE_LITTLE_ENDIAN),
+                            (X86_64, LITTLE_ENDIAN): ((keystone.KS_ARCH_X86, keystone.KS_MODE_64),
                                                       (capstone.CS_ARCH_X86,
                                                        capstone.CS_MODE_64|capstone.CS_MODE_LITTLE_ENDIAN)),
                             (ARM_16, BIG_ENDIAN): ((keystone.KS_ARCH_ARM, 
@@ -104,11 +104,11 @@ def SetArchAndMode(self, arch_mode, endianess):
                                                        keystone.KS_MODE_LITTLE_ENDIAN),
                                                       (capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN)),
                             (MIPS_32, BIG_ENDIAN): ((keystone.KS_ARCH_MIPS, 
-                                                     keystone.KS_MODE_32|keystone.KS_MODE_BIG_ENDIAN),
+                                                     keystone.KS_MODE_32|keystone.KS_MODE_BIG_ENDIAN|keystone.KS_MODE_MIPS32),
                                                     (capstone.CS_ARCH_MIPS,
                                                      capstone.CS_MODE_32|capstone.CS_MODE_BIG_ENDIAN)),
                             (MIPS_32, LITTLE_ENDIAN): ((keystone.KS_ARCH_MIPS, 
-                                                        keystone.KS_MODE_32|keystone.KS_MODE_LITTLE_ENDIAN),
+                                                        keystone.KS_MODE_32|keystone.KS_MODE_LITTLE_ENDIAN|keystone.KS_MODE_MIPS32),
                                                        (capstone.CS_ARCH_MIPS,
                                                         capstone.CS_MODE_32|capstone.CS_MODE_LITTLE_ENDIAN))
                             }
@@ -448,9 +448,55 @@ def DisassembleAll(self, store):
 
         insts = self.disassembler.disasm(byte_buffer, starting_address)
         index = 0
-        for inst in insts:
-            store.CreateRowFromCapstoneInst(index, inst)
-            index += 1
+        byte_len = 0
+
+        while byte_len < len(byte_buffer):
+            insts = self.disassembler.disasm(byte_buffer[byte_len:], starting_address)
+
+            for inst in insts:
+                store.CreateRowFromCapstoneInst(index, inst)
+                index += 1
+                byte_len += len(inst.bytes)
+                starting_address += len(inst.bytes)
+
+            # if we hit instructions we can't decode
+            if byte_len < len(byte_buffer):
+                # try and consume the minimum instruction size worth of data as 
+                # a dq,dd or db
+                if self.arch_mode in (X86_16, X86_32, X86_64):
+                    store.InsertDBRowAt(starting_address, index, 
+                                        byte_buffer[byte_len:byte_len + 1])
+                    byte_len += 1
+                    starting_address += 1
+                elif self.arch_mode == ARM_16:
+                    # grab two bytes
+                    if (len(byte_buffer) - byte_len) >= 2:
+                        store.InsertDHRowAt(starting_address, index, 
+                                            byte_buffer[byte_len:byte_len + 2],
+                                            self.endianess)
+                        byte_len += 2
+                        starting_address += 2
+                    else:
+                        store.InsertDbRowAt(starting_address, index, 
+                                            byte_buffer[byte_len:byte_len+1])
+                        byte_len += 1
+                        starting_address += 1
+                elif self.arch_mode in (ARM_32, MIPS_32, ARM_64):
+                    # grab four bytes
+                    if len(byte_buffer) - byte_len >= 4:
+                        store.InsertDDRowAt(starting_address, index, 
+                                            byte_buffer[byte_len:byte_len + 4], 
+                                            self.endianess)
+                        byte_len += 4
+                        starting_address += 4
+                    else:
+                        # use db for the remainder
+                        new_len += store.InsertDbMultibyteRow(starting_address, index, 
+                                                              byte_buffer[byte_len:])
+                        byte_len += new_len
+                        starting_address += new_len
+
+                index += 1
 
 
     def Disassemble(self, index, store):

diff --git a/app/assembly_store.py b/app/assembly_store.py
@@ -6,6 +6,7 @@
 """
 import binascii
 import cPickle
+import struct
 
 X86 = 'x86'
 X64 = 'x64'
@@ -263,6 +264,42 @@ def CreateRowFromCapstoneInst(self, index, inst):
         # it's target to address plus length of instructionBytes
         self.InsertRowAt(index, row)
         self.UpdateOffsetsAndAddresses()
+
+    def InsertDBRowAt(self, address, index, byte):
+        mnemonic = "db 0x%02x" % ord(byte)
+        row = RowData(0, '', address, byte, mnemonic, '',
+                      index, in_use=True)
+        self.InsertRowAt(index, row)
+
+    def InsertDBMultibyteRowAt(self, address, index, bytes_vals):
+        mnemonic = "db " + ", ".join(map(lambda x: "0x%02x" % ord(x), byte_vals))
+        row = RowData(0, '', address, chr(byte), mnemonic, '',
+                      index, in_use=True)
+        self.InsertRowAt(index, row)
+        return len(byte_vals)
+
+
+    def InsertDHRowAt(self, address, index, byte_vals, big_endian=False):
+        if big_endian:
+            val = struct.unpack(">H")[0]
+        else:
+            val = struct.unpack("<H", byte_vals)[0]
+        mnemonic = "dh 0x%04x" % val
+
+        row = RowData(0, '', address, byte_vals, mnemonic, '',
+                      index, in_use=True)
+        self.InsertRowAt(index, row)
+
+    def InsertDDRowAt(self, address, index, byte_vals, big_endian=False):
+        if big_endian:
+            val = struct.unpack(">I")[0]
+        else:
+            val = struct.unpack("<I", byte_vals)[0]
+        mnemonic = "dd 0x%08x" % val
+
+        row = RowData(0, '', address, byte_vals, mnemonic, '',
+                      index, in_use=True)
+        self.InsertRowAt(index, row)
 
     def InsertRowAt(self, index, row):
         """

diff --git a/app/rest_api.py b/app/rest_api.py
@@ -55,18 +55,29 @@ def InsertMultipleRowsByMnemonic(self, current_row, mnemonics):
         Insert multiple instructions at once using the mnemonic field.
         """
         #update current row
-        mnemonic_fields = mnemonics[0].split() 
+        mnemonic_fields = mnemonics[0].split()
         operation_str = mnemonic_fields[0].upper()
         current_row.SetMnemonic(operation_str + ' ' + ' '.join(mnemonic_fields[1:]))
         ASSEMBLY_STORE.UpdateRow(current_row.index, current_row)
 
         for i in xrange(1, len(mnemonics)):
             mnemonic_fields = mnemonics[i].split() 
+            # if we had accidental ; ; ignore it
+            if not mnemonic_fields:
+                continue
+
             operation_str = mnemonic_fields[0].upper()
             mnemonic_str = operation_str + ' ' + ' '.join(mnemonic_fields[1:])
             row = RowData(0, "", 0, "", mnemonic_str, "", 
                           index=current_row.index + i, in_use=True)
-            ASSEMBLY_STORE.InsertRowAt(i, row)
+            ASSEMBLY_STORE.InsertRowAt(row.index, row)
+
+    def delete(self, row_index):
+        """
+        Delete a row at a given index
+        """
+        ASSEMBLY_STORE.DeleteRow(row_index)
+        return jsonify(success=1)
 
     @marshal_with(TABLE_ROW_FIELDS)
     def put(self, row_index):
@@ -114,9 +125,14 @@ def put(self, row_index):
             ASSEMBLER.Disassemble(row.index, ASSEMBLY_STORE)
         else:
 
-            if args.mnemonic != row.mnemonic:
-                new_mnemonics = args.mnemonic.split(';')
-                self.InsertMultipleRowsByMnemonic(row, new_mnemonics)
+            if args.mnemonic != row.mnemonic or args.mnemonic == '':
+                if args.mnemonic == '':
+                   # delete the row. 
+                    ASSEMBLY_STORE.DeleteRow(row_index)
+                    return row.ToDict()
+                else:
+                    new_mnemonics = args.mnemonic.split(';')
+                    self.InsertMultipleRowsByMnemonic(row, new_mnemonics)
             else:
                 ASSEMBLY_STORE.UpdateRow(row.index, row)
             ASSEMBLER.Assemble(ASSEMBLY_STORE)
@@ -182,6 +198,7 @@ def get(self):
         endianess = ASSEMBLER.endianess
         return jsonify(arch_mode=arch_mode, endianess=endianess)
 
+
 class AssemblyStoreFilterBytes(Resource):
     """
     REST calls for changing assembler arch settings.

diff --git a/app/static/js/save.js b/app/static/js/save.js
@@ -8,6 +8,6 @@ function save_shellcode() {
       dataType: 'text',
       async:false
     });
-  $("#asm-str").text(asm_str);
+  $("#asm-str").val(asm_str);
   $("#saveModal").modal('show');
 }
diff --git a/app/templates/layout.tpl b/app/templates/layout.tpl
@@ -10,6 +10,7 @@
     <script src="{{url_for('static', filename='js/bootstrap.min.js')}}"></script>
     <script src="{{url_for('static', filename="js/save.js")}}"></script>
     <script src="{{url_for('static', filename="js/filter.js")}}"></script>
+    <script src="{{url_for('static', filename="js/delete.js")}}"></script>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
 </head>
 
@@ -69,10 +70,11 @@
   <div class="form-group">
     <label class="sr-only" for="exampleInputAmount"></label>
     <div class="input-group">
-      <div class="input-group-btn"><button id="filter-btn" type="button" class="btn btn-danger"><span class="glyphicon glyphicon-filter"></span>Filter</button></div>
-      <input id="filter-bytes" type="text" class="form-control" id="exampleInputAmount" placeholder="Bytes to filter">
-      </div>
+      <div class="input-group-btn"><button id="filter-btn" type="button" class="btn btn-danger">Filter</button></div>
+        <input id="filter-bytes" type="text" class="form-control" id="exampleInputAmount" placeholder="Bytes to filter">
       </div>
+    </div>
+    </div>
 </form>
 </div>
 </div>