def process_imports(bin: lief.MachO.Binary, sym: lief.MachO.Symbol):
original_name = sym.binding_info.symbol.name
name = list(original_name)
random.shuffle(name)
new_name = "_" + "".join(name)
address = sym.binding_info.address - bin.imagebase
bin.add_local_symbol(address, new_name)
def get_tables_section(binary: lief.MachO.Binary):
"""Searches for the section containing the sandbox operations table and
the sandbox binary profiles for older versions of iOS.
Args:
binary: A sandbox profile in its binary form.
Returns:
A binary section.
"""
str_sect = get_section_from_segment(binary, "__TEXT", CSTRING_SECTION)
strs = str_sect.search_all('default\x00')
if len(strs) > 0:
vaddr_str = str_sect.virtual_address + strs[0]
xref_vaddrs = get_xref(binary, vaddr_str)
if len(xref_vaddrs) > 0:
sects = [
binary.section_from_virtual_address(x) for x in xref_vaddrs
]
sects = [s for s in sects if 'const' in s.name.lower()]
assert len(sects) >= 1 and all([sects[0] == s for s in sects])
return sects[0]
seg = binary.get_segment('__DATA')
if seg:
sects = [s for s in seg.sections if s.name == CONST_SECTION]
assert len(sects) <= 1
if len(sects) == 1:
return sects[0]
return binary.get_section(CONST_SECTION)
def process_exports(bin: lief.MachO.Binary, sym: lief.MachO.Symbol):
#print(sym.export_info.address)
original_name = sym.export_info.symbol.name
name = list(original_name)
random.shuffle(name)
new_name = "_" + "".join(name)
address = sym.export_info.address
bin.add_local_symbol(address, new_name)
def swap(target: lief.MachO.Binary, lhs: str, rhs: str):
lhs_sec = target.get_section(lhs)
if lhs_sec is None:
print(f"Can't find section '{lhs_sec}'")
return
rhs_sec = target.get_section(rhs)
if rhs_sec is None:
print(f"Can't find section '{rhs_sec}'")
return
tmp = lhs_sec.name
rhs_sec.name = tmp
def process(target: lief.MachO.Binary):
assert target.has(lief.MachO.LOAD_COMMAND_TYPES.DYLD_EXPORTS_TRIE)
exports = target.get(lief.MachO.LOAD_COMMAND_TYPES.DYLD_EXPORTS_TRIE)
assert exports.data_offset == 0x70278
entries = list(exports.exports)
entries = sorted(entries, key=lambda e: e.symbol.name)
assert len(entries) == 885
assert entries[1].symbol.name == "_main"
assert entries[1].address == 0x4550
assert entries[843].symbol.name == "_psa_its_remove"
assert entries[843].address == 0x3DACC
def fake_objc(bin: lief.MachO.Binary):
segment = lief.MachO.SegmentCommand("__DATA_LIEF")
__objc_classlist = lief.MachO.Section(
"__objc_classlist", [random.randint(0, 255) for _ in range(0x100)])
__objc_imageinfo = lief.MachO.Section(
"__objc_imageinfo", [random.randint(0, 255) for _ in range(0x100)])
__objc_const = lief.MachO.Section(
"__objc_const", [random.randint(0, 255) for _ in range(0x100)])
__objc_classrefs = lief.MachO.Section(
"__objc_classrefs", [random.randint(0, 255) for _ in range(0x100)])
__objc_classlist = segment.add_section(__objc_classlist)
__objc_imageinfo = segment.add_section(__objc_imageinfo)
__objc_const = segment.add_section(__objc_const)
__objc_classrefs = segment.add_section(__objc_classrefs)
objc_section = [
__objc_classlist, __objc_imageinfo, __objc_const, __objc_classrefs
]
section: lief.MachO.Section
for section in objc_section:
section.type = lief.MachO.SECTION_TYPES.REGULAR
section.flags = lief.MachO.SECTION_FLAGS.NO_DEAD_STRIP
section.alignment = 0x3
__data_lief: lief.MachO.SegmentCommand = bin.add(segment)
__data_lief.init_protection = 3
__data_lief.max_protection = 3
def shuffle(target: lief.MachO.Binary, name: str):
section = target.get_section(name)
if section is None:
return
print(f"[+] Shuffling '{name}'")
section_content = list(section.content)
random.shuffle(section_content)
section.content = section_content
def binary_get_string_from_address(binary: lief.MachO.Binary, vaddr: int):
"""Returns the string from a given MachO binary at a given virtual address.
Note: The virtual address must be in the CSTRING section.
Args:
binary: A sandbox profile in its binary form.
vaddr: An address.
Returns:
A string with the content stored at the given virtual address.
Raises:
LIEF_ERR("Can't find a segment associated with the virtual address
0x{:x}", address);
"""
section = get_section_from_segment(binary, "__TEXT", CSTRING_SECTION)
if not is_vaddr_in_section(vaddr, section):
return None
str = ''
while True:
try:
byte = binary.get_content_from_virtual_address(vaddr, 1)
except (Exception, ):
return None
if byte is None or len(byte) == 0:
return None
byte = byte[0]
if byte == 0:
break
vaddr += 1
str += chr(byte)
return str