def discover_new_binaries(self):
"""
Discovers new binaries within the firmware sample that exchange data through the OS nvram with the
current binary
:return: a list of binaries
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for role, data_key, name_fun in zip(self._roles, self._data_keys,
self._name_funs):
if role == Role.SETTER and name_fun and data_key:
self._log.debug("New data key: " + str(data_key))
dual_fun = Nvram.case_sensitive_replace(
name_fun, M_SET_KEYWORD, M_GET_KEYWORD)
cmd = "for file in `grep -r '" + data_key + "' " + self._fw_path + \
" | grep Binary | awk '{print $3}'`; do grep " + dual_fun + \
" $file | grep Binary | awk '{print $3}'; done;"
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
self._log.debug("Checking binary %s " % b)
if LIB_KEYWORD in b:
continue
if self._is_getter_of(b, data_key):
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover other binaries within the firmware sample that have data dependencies with the current
one.
:return: None
"""
bins = []
seen_strs = []
for _, r_info in self._role_info.items():
for info in r_info:
if info[RoleInfo.ROLE] == Role.SETTER:
data_key = info[RoleInfo.DATAKEY]
if not data_key or data_key in seen_strs:
continue
seen_strs.append(data_key)
self._log.debug("New data key: " + str(data_key))
cmd = "grep -r '" + data_key + "' " + self._fw_path + " | grep Binary | awk '{print $3}'"
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b:
continue
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover new binaries within the firmware sample that have data dependency with the current one.
:return: a list of binaries
"""
bins = []
seen_strs = []
self._log.debug("Discovering new binaries.. this might take a while.. take a coffee.")
for role, data_key in zip(self._roles, self._data_keys):
if role == Role.SETTER and data_key:
self._log.debug("New data key: " + str(data_key))
if data_key in seen_strs:
continue
seen_strs.append(data_key)
for get_f in M_GET_KEYWORD:
cmd = "for file in `grep -r '" + data_key + "' " + self._fw_path + \
" | grep Binary | awk '{print $3}'`; do grep " + get_f + \
" $file | grep Binary | awk '{print $3}'; done;"
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b:
continue
if self._is_getter_of(b, data_key):
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Find other binaries within the firmware sample that have data dependencies with those associated
with a CPF object
:return: a list of binaries
"""
bins = []
seen_strs = []
for _, r_info in self._role_info.items():
for info in r_info:
data_key = info[RoleInfo.DATAKEY]
if data_key in seen_strs or not data_key:
continue
self._log.debug("New data key: " + str(data_key))
seen_strs.append(data_key)
cmd = "grep -r '" + data_key + "' " + self._fw_path + " | grep Binary | awk '{print $3}'"
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
# optimization: this is handle by angr anyway
if LIB_KEYWORD in b:
continue
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover other binaries within the firmware sample using the same data keys.
:return: a list of binaries.
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for role, data_key in zip(self._roles, self._data_keys):
if role == Role.SETTER and data_key:
for binding in self._bindings:
# write the port in the xxd tool format
if self._p.arch.bits == 32:
val = struct.pack('<I', binding[0]).encode('hex')
elif self._p.arch.bits == 64:
val = struct.pack('<Q', binding[0]).encode('hex')
else:
raise Exception("Unsupported number of bits")
counter = 0
to_look_val = ''
for v in val:
if counter % 4 == 0 and counter > 0:
to_look_val += ' '
to_look_val += v
counter += 1
cmd = "for file in `grep -r '" + binding[
1] + "' | grep Binary | awk '{print $3}'`; do "
cmd += "res=`xxd $file | grep '" + to_look_val + "'`; "
cmd += 'if [ -n "$res" ]; then echo $file; fi; done;'
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b:
continue
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))
def discover_new_binaries(self):
"""
Discover other binaries within the firmware sample using the same data keys.
:return: a list of binaries.
"""
bins = []
self._log.debug(
"Discovering new binaries.. this might take a while.. take a coffee."
)
for role, data_key, name_file in zip(self._roles, self._data_keys,
self._name_files):
if not name_file or not data_key:
continue
if role == Role.SETTER:
try:
cmd = "grep -r '" + name_file + "' " + self._fw_path + " | grep Binary | awk '{print $3}'"
except:
fp = open('/mnt/shared/eccolo_il_', 'w')
fp.write('namefile ' + str(name_file) + '\n')
fp.write('fw_path ' + str(self._fw_path) + '\n')
fp.close()
continue
o, e = run_command(cmd)
candidate_bins = list(set([x for x in o.split('\n') if x]))
for b in candidate_bins:
if LIB_KEYWORD in b:
continue
name = b.split('/')[-1]
self._log.debug("Adding " + str(name))
bins.append(b)
return list(set(bins))