PluginCommand.register( "Ethersplay-4byte\\update cashed function hashes", "Re-do lookup of all hash signatures on 4byte.directory, which are stored in the local cache.", update_cache_bn, is_valid=is_valid_evm) PluginCommand.register_for_address( "Ethersplay-4byte\\Lookup 4byte hash", "Perform lookup of one hash signature on 4byte.directory", lookup_one_inst, is_valid=is_valid_evm) PluginCommand.register_for_function( "Ethersplay-4byte\\Lookup 4byte hash for all PUSH4", "Perform lookup of one hash signature on 4byte.directory", lookup_all_push4, is_valid=is_valid_evm) PluginCommand.register_for_address( "Ethersplay\\Lookup 4byte hash (4byte.directory)", "Perform lookup of one hash signature on 4byte.directory", lookup_one_inst, is_valid=is_valid_evm) PluginCommand.register_for_address("Ethersplay-contrib\\Dump CODECOPY to file", "Dump the result of a codecopy to a file", dump_codecopy_data, is_valid=is_valid_evm) PluginCommand.register_for_function(
import os import json from binaryninja import PluginCommand import winapi PluginCommand.register_for_function( "WinAPI Annotator", "Annotate Windows API functions with arguments", winapi.run_plugin)
if bb.start <= idx < bb.end) return bb_cache[idx] def run(func, il: MediumLevelILInstruction): source_function = il.function.source_function view = source_function.view view.begin_undo_actions() target = func(il) view.commit_undo_actions() if 'next' in source_function.session_data: target_queue = source_function.session_data['next'] else: target_queue = list() if isinstance(target, int): target_queue.append(target) elif isinstance(target, list): target_queue += target source_function.session_data['next'] = target_queue def run_unlock(view, function): u = UnlockTaskThread(function, function.start) u.start() PluginCommand.register_for_function( 'Run unlock', 'Run unlock', run_unlock, is_valid=lambda v, f: 'obfuscated' in v.file.filename)
dot_count = 0 start = time.time() while not u.finished: time.sleep(1) print( f'[{timedelta(seconds=(time.time() - start))}] Running{"."*dot_count:<4s}\r', end="", ) dot_count = (dot_count + 1) % 4 u.join() print(f"{view.functions}") PluginCommand.register_for_function( r"Unlock\Run unlock", "Run unlock", run_unlock, is_valid=lambda v, f: "obfuscated" in v.file.filename, ) def generate_graphs(view: BinaryView): for func in view.functions: bbs = {} g = FlowGraph() g.function = func n = FlowGraphNode(g) for bb in func.basic_blocks: if bb.start not in bbs: print(f"bbs[{bb.start:x}] = n") bbs[bb.start] = n else:
#!/usr/bin/env python # author: carstein <*****@*****.**> # Syscaller - decoreate syscall with arguments from binaryninja import PluginCommand from .modules import syscaller # register plugin PluginCommand.register_for_function( "Syscaller\Decorate syscalls in current function", "Annotate syscalls with arguments in current function", syscaller.run_plugin_current) PluginCommand.register( "Syscaller\Decorate syscalls in all functions", "Annotate syscalls with arguments in all defined functions", syscaller.run_plugin_all)
PluginCommand.register( "Ethersplay-4byte\\update cashed function hashes", "Re-do lookup of all hash signatures on 4byte.directory, which are stored in the local cache.", update_cache_bn, is_valid=is_valid_evm) PluginCommand.register_for_address( "Ethersplay-4byte\\Lookup 4byte hash", "Perform lookup of one hash signature on 4byte.directory", lookup_one_inst, is_valid=is_valid_evm) PluginCommand.register_for_function( "Ethersplay-4byte\\Lookup 4byte hash for all PUSH4", "Perform lookup of one hash signature on 4byte.directory", lookup_all_push4, is_valid=is_valid_evm) PluginCommand.register_for_address( "Ethersplay\\Lookup 4byte hash (4byte.directory)", "Perform lookup of one hash signature on 4byte.directory", lookup_one_inst, is_valid=is_valid_evm) PluginCommand.register_for_address("Ethersplay-contrib\\Dump CODECOPY to file", "Dump the result of a codecopy to a file", dump_codecopy_data, is_valid=is_valid_evm) EVM.register()
def markModifiableCode(bv, func): # Loop over all instructions in the function for t in (t for bb in func.basic_blocks for t in bb.disassembly_text): # Find our sub tokens if not t.tokens[0].text.startswith('sub '): continue addr = t.tokens[2].value # Check if the address is in a basic block bbs = bv.get_basic_blocks_at(addr) if len(bbs) == 0: continue # Check that this address really is an instruction for tt in bbs[0].disassembly_text: if addr - tt.address >= 3 or addr - tt.address < 0: continue # Highlight it and add comments bbs[0].function.set_user_instr_highlight( tt.address, HighlightStandardColor.RedHighlightColor) bbs[0].function.set_comment_at(tt.address, "Modified by 0x%x" % t.address) func.set_comment_at(t.address, "Modifies code at 0x%x" % tt.address) break PluginCommand.register_for_function('Subleq check modifiable code', 'subleq', markModifiableCode)
#!/usr/bin/env python # author: Michal Melewski <*****@*****.**> # FSS similarity search plugin - version 1 from binaryninja import PluginCommand import sys sys.path.append('/home/thomasdullien/.binaryninja/plugins/fss') from modules import main plugin = main.Plugin() # register plugin PluginCommand.register_for_function( "[FSS] Save hash", "Add function to search index", plugin.save_hash) PluginCommand.register_for_function( "[FSS] Save all hashes", "Add all function to search index", plugin.save_all_functions) # register plugin PluginCommand.register_for_function( "[FSS] Search for similar functions", "Run similarity search based on current function hash", plugin.find_hash) PluginCommand.register_for_function( "[FSS] Find similar functions for ALL functions",
param_str: str = get_text_line_input("enter name of parameter", "parameter name").decode('utf-8') try: param = next(p for p in self.func.parameter_vars if p.name == param_str) parami: int = self.func.parameter_vars.vars.index(param) except StopIteration: log_error(f'arg {param_str} not found') return # for commercial users with ThreadPoolExecutor(16) as t: log_info(f'processing {len(self.func.callers)} callers') # so i would filter for f.auto # but the flag is extremely unreliable for c in self.func.callers: t.submit(rename_caller, self.func, c, parami) log_info('renaming done') def cancel(self): pass def finish(self): pass def rename(bv: BinaryView, func: Function): task = RenameTask(func) task.start() PluginCommand.register_for_function( "rename callers to arg", "rename all callers of this function to the specified string argument", rename)
from binaryninja import Architecture, PluginCommand, log from obfu_hook import ObfuArchHook from obfu_passes import fix_obfuscation from obfu_utils import RunInBackground def fix_obfuscation_command(view, func): task = RunInBackground('Remove Obfuscation', fix_obfuscation, view, func) task.start() def load_arch_hook_command(view): ObfuArchHook(view.arch).register() log.log_info('Loaded ObfuArchHook for {0}'.format(view.arch.name)) PluginCommand.register_for_function( 'Fix Obfuscation', 'Fix certain obfuscation methods', lambda view, func: fix_obfuscation_command(view, func), lambda view, func: type(view.arch) == ObfuArchHook) PluginCommand.register('Load ObfuArchHook', 'Loads ObfuArchHook', lambda view: load_arch_hook_command(view), lambda view: type(view.arch) != ObfuArchHook)
def run_plugin(bv, addr): func_start = addr.start #r2_path = '/home/username/bin/' #os.environ["PATH"] += os.pathsep + r2_path try: r2 = r2pipe.open(bv.file.original_filename) r2.cmd('aaa') r2.cmd('s ' + str(func_start)) decompiled_func = r2.cmd('pdd') if decompiled_func.startswith('Error: no data available'): r2.cmd('af @ ' + str(func_start)) decompiled_func = r2.cmd('pdd') show_output(bv, addr.symbol.name, decompiled_func) r2.quit() except Exception as err: if str(err) == "ERROR: Cannot find radare2 in PATH": print( "Please add the location of your radare2 binary to your PATH variable" ) else: print(err) PluginCommand.register_for_function("Decompile function", "Decompile function using r2dec", run_plugin)
from .display import display_all, display_highlight from .sort import sort_score, sort_size, sort_callee from .label import start_time_label, add_label, remove_label # Register plugin options PluginCommand.register( "DeepReflect\\Display\\1. Show ALL Functions", "Outputs all functions stored in database to BinaryNinja console", display_all) PluginCommand.register( "DeepReflect\\Display\\2. Show Highlighted Functions", "Outputs highlighted functions stored in database to BinaryNinja console", display_highlight) PluginCommand.register_for_function( "DeepReflect\\Label\\1. Start Time Function Label", "Add start time for this function", start_time_label) PluginCommand.register_for_function( "DeepReflect\\Label\\2. Add Function Label", "Add function's label", add_label) PluginCommand.register_for_function( "DeepReflect\\Label\\3. Remove Function Label", "Remove function's label", remove_label) PluginCommand.register("DeepReflect\\Sort\\1. Sort Function Score", "Sort highlighted functions by score", sort_score) PluginCommand.register("DeepReflect\\Sort\\2. Sort Function Size", "Sort highlighted functions by number of basic blocks", sort_size) PluginCommand.register("DeepReflect\\Sort\\3. Sort Function Callees", "Sort highlighted functions by number of callees",
class CallgraphThread(BackgroundTaskThread): def __init__(self, view, function, mode): super().__init__('Computing callgraph from {} [{}]...'.format( function.name, mode)) self.view = view self.function = function self.mode = mode def run(self): if self.mode == "reversed": callgraph_reversed(self.view, self.function) else: callgraph(self.view, self.function) def _wrapper(mode): def f(view, function): thread = CallgraphThread(view, function, mode) thread.start() return f PluginCommand.register_for_function("BNCallGraph\\Compute callgraph", "", _wrapper("normal")) PluginCommand.register_for_function("BNCallGraph\\Compute reversed callgraph", "", _wrapper("reversed"))
#!/usr/bin/env python # author: carstein <*****@*****.**> # 10k foot view on binary from binaryninja import PluginCommand from modules import function_report # register plugin PluginCommand.register_for_function( "[Keyhole] Function report", "Report about functions in binary", function_report.run_plugin)
#!/usr/bin/env python # author: Michal Melewski <*****@*****.**> # FSS similarity search plugin - version 1 from binaryninja import PluginCommand from modules import main plugin = main.Plugin() # register plugin PluginCommand.register_for_function("[FSS] Save hash", "Add function to search index", plugin.save_hash) # register plugin PluginCommand.register_for_function( "[FSS] Search for similar functions", "Run similarity search based on current function hash", plugin.find_hash)
notification = EditFunctionNotification(view, controller) view.register_notification(notification) UIAction.registerAction("Configure BinSync...") UIActionHandler.globalActions().bindAction("Configure BinSync...", UIAction(launch_binsync_configure)) Menu.mainMenu("Tools").addAction("Configure BinSync...", "BinSync") open_control_panel_id = "BinSync: Open control panel" UIAction.registerAction(open_control_panel_id) UIActionHandler.globalActions().bindAction(open_control_panel_id, UIAction(open_control_panel)) Menu.mainMenu("Tools").addAction(open_control_panel_id, "BinSync") # register the control panel dock widget dock_handler = DockHandler.getActiveDockHandler() dock_handler.addDockWidget( "BinSync: Control Panel", lambda n, p, d: create_widget(ControlPanelDockWidget, n, p, d, controller), Qt.RightDockWidgetArea, Qt.Vertical, True) PluginCommand.register_for_function("Push function upwards", "Push function upwards", controller.push_function) # TODO how can we avoid having users to click on this menu option? PluginCommand.register("Start Sharing Patches", "Start Sharing Patches", start_patch_monitor) PluginCommand.register("Start Sharing Functions", "Start Sharing Functions", start_function_monitor)
import os import json from binaryninja import PluginCommand from .annotate import * PluginCommand.register_for_function("Annotate", "Annotate functions with arguments", annotate.run_plugin)
bv = BinaryViewType["PE"].open(args.driver) if not bv: print("[-] Error loading file: {:s}".format(args.driver), file=sys.stderr) return 1 analysis = analyze.Analysis(bv) analysis.label_driver_dispatch_routines() if args.ioctls: analysis.find_ioctls() if __name__ == "__main__": cmdline_main() else: PluginCommand.register( "Label Driver Dispatch Routines", "Label driver dispatch routines for IRPs and other callbacks", action=label_driver_dispatch_routines) #PluginCommand.register( # "Label Callback Routines", "Label callback routines used in common kernel APIs", # action=label_callback_routines) PluginCommand.register( "Find IOCTLs [global]", "Find supported IOCTLs and generate CTL_CODE macros", action=find_ioctls) PluginCommand.register_for_function( "Find IOCTLs [current function]", "Find supported IOCTLs and generate CTL_CODE macros", action=find_ioctls)
#!/usr/bin/env python # author: carstein <*****@*****.**> # Annotate function with prototype import os import json from binaryninja import PluginCommand from modules import annotate # register plugin PluginCommand.register_for_function( "Annotate Functions", "Annotate standard libc functions with arguments", annotate.run_plugin)
#!/usr/bin/env python # author: carstein <*****@*****.**> # Annotate syscalls with prototype import os import json from binaryninja import PluginCommand from modules import syscaller # register plugin PluginCommand.register_for_function("[sysc] Decorate syscalls", "Annotate syscalls with arguments", syscaller.run_plugin)