Project structure

.gitignore

@@ -60,3 +60,4 @@ target/
 
 #Ipython Notebook
 .ipynb_checkpoints
+/.idea/

EasyROP.py

@@ -0,0 +1,3 @@
+import easyrop
+
+easyrop.main()

easyrop/__init__.py

@@ -0,0 +1,10 @@
+import easyrop.args
+import easyrop.binary
+import easyrop.core
+
+
+def main():
+    import sys
+    from easyrop.args import Args
+    from easyrop.core import Core
+    sys.exit(Core(Args().get_args()).analyze())

easyrop/args.py

@@ -0,0 +1,83 @@
+import argparse
+import sys
+
+from easyrop.version import *
+from capstone.x86_const import *
+
+
+class Args:
+    def __init__(self):
+        self.__args = None
+        arguments = sys.argv[1:]
+
+        self.__parse(arguments)
+
+    def __parse(self, arguments):
+        parser = argparse.ArgumentParser()
+
+        parser.add_argument("-v", "--version", action="store_true", help="Display EasyROP's version")
+        parser.add_argument("--binary", type=str, metavar="<path>", help="Specify a binary path to analyze")
+        parser.add_argument("--folder", type=str, metavar="<path>", help="Specify a folder path to analyze")
+        parser.add_argument("--depth", type=int, metavar="<bytes>", default=10, help="Depth for search engine (default 10 bytes)")
+        parser.add_argument("--op", type=str, metavar="<op>", help="Search for operation: [lc, move, load, store, xor, not, add, sub, and, or, cond]")
+        parser.add_argument("--reg", type=str, metavar="<reg>", help="Specify a reg base to operation")
+
+        self.__args = parser.parse_args(arguments)
+        self.__check_args()
+        self.__do_opcodes()
+
+    def __do_opcodes(self):
+        op = self.__args.op
+        if op == "lc":
+            self.__args.op = X86_INS_POP
+        elif op == "move":
+            self.__args.op = X86_INS_MOV
+        elif op == "load":
+            self.__args.op = X86_INS_LDS
+        elif op == "store":
+            self.__args.op = X86_INS_STD
+        elif op == "xor":
+            self.__args.op = X86_INS_XOR
+        elif op == "not":
+            self.__args.op = X86_INS_NOT
+        elif op == "add":
+            self.__args.op = X86_INS_ADD
+        elif op == "sub":
+            self.__args.op = X86_INS_SUB
+        elif op == "and":
+            self.__args.op = X86_INS_AND
+        elif op == "or":
+            self.__args.op = X86_INS_OR
+        elif op == "cond":
+            self.__args.op = X86_INS_CMP
+        else:
+            print("[Error] Unsupported operation. op must to be: [lc, move, load, store, xor, not, add, sub, and, or, cond]")
+            sys.exit(-1)
+
+    def __check_args(self):
+        if self.__args.version:
+            self.__print_version()
+            sys.exit(0)
+
+        elif not self.__args.binary and not self.__args.folder:
+            print("[Error] Need a binary/folder filename (--binary, --folder or --help)")
+            sys.exit(-1)
+
+        elif self.__args.depth < 2:
+            print("[Error] The depth must be >= 2")
+            sys.exit(-1)
+
+        elif not self.__args.op:
+            print("[Error] Need an operation (--op or --help)")
+            sys.exit(-1)
+
+        elif not self.__args.op and self.__args.reg:
+            print("[Error] reg specified without an opcode (--help)")
+            sys.exit(-1)
+
+    def __print_version(self):
+        print("Version: %s" % EASYROP_VERSION)
+        print("Author: Daniel Uroz Hinarejos (based in Jonathan Salwan's ROPgadget)")
+
+    def get_args(self):
+        return self.__args

easyrop/binary.py

@@ -0,0 +1,31 @@
+from easyrop.pe import Pe
+
+
+class Binary:
+    def __init__(self, options):
+        self.__fileName = options.binary
+        self.__binary = None
+
+        try:
+            self.__binary = Pe(self.__fileName)
+        except:
+            print("[Error] Can't open the binary or binary not found")
+            return None
+
+    def getFileName(self):
+        return self.__fileName
+
+    def getBinary(self):
+        return self.__binary
+
+    def getEntryPoint(self):
+        return self.__binary.getEntryPoint()
+
+    def getExecSections(self):
+        return self.__binary.getExecSections()
+
+    def getArch(self):
+        return self.__binary.getArch()
+
+    def getArchMode(self):
+        return self.__binary.getArchMode()

easyrop/core.py

@@ -0,0 +1,22 @@
+import cmd
+import os
+
+from easyrop.binary import Binary
+from easyrop.util.parser import Parser
+from capstone import *
+
+
+class Core(cmd.Cmd):
+    def __init__(self, options):
+        cmd.Cmd.__init__(self)
+        self.__options = options
+        self.__binary = None
+
+    def analyze(self):
+        parser = Parser(os.getcwd() + '\easyrop\gadgets\\turingOP.xml')
+        parser.parse()
+        self.__binary = Binary(self.__options)
+        md = Cs(self.__binary.getArch(), self.__binary.getArchMode())
+        for i in md.disasm(self.__binary.getExecSections(), self.__binary.getEntryPoint()):
+            if i.id == self.__options.op:
+                print('0x%x:\t%s\t%s (%x bytes)' % (i.address, i.mnemonic, i.op_str, i.size))

easyrop/gadget.py

@@ -0,0 +1,9 @@
+class Gadget:
+    def __init__(self):
+        self.__instructions = []
+
+    def addIntruction(self, instruction):
+        self.__instructions += instruction
+
+    def getInstructions(self):
+        return self.__instructions

easyrop/gadgets/nonturingOP.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE operations [
+        <!ELEMENT operations (operation)+>
+        <!ELEMENT operation (gadget)+>
+        <!ATTLIST operation
+                name CDATA #REQUIRED>
+        <!ELEMENT gadget (ins)+>
+        <!ATTLIST gadget
+                size CDATA #IMPLIED> <!-- size in bytes -->
+        <!ELEMENT ins (dest|src)*>
+        <!ATTLIST ins
+                mnemonic CDATA #REQUIRED>
+        <!ELEMENT dest (#PCDATA)>
+        <!ATTLIST dest
+                value CDATA #IMPLIED>
+        <!ELEMENT src (#PCDATA)>
+        ]>
+<operations>
+    <operation name="load_constant">
+        <gadget size="1">
+            <ins mnemonic="pop">
+                <dest>reg</dest>
+            </ins>
+        </gadget>
+        <gadget size="1">
+            <ins mnemonic="popad" />
+        </gadget>
+    </operation>
+</operations>