def debugger(dbg, kill=0):
dbg.suspend()
prog_base_addr = dbg.base_address
print "[+] Base address: " + hex(prog_base_addr)
print hex(dbg.base_address)
program = dbg.dump_binary()
output = file("output.bin", "w+").write(program)
print "ALL DONE!"
dbg.detach()
if __name__ == "__main__":
if len(sys.argv) < 2:
print "USAGE [pid]"
exit()
pid = int(sys.argv[1])
dbg = MacDbg()
dbg.attach(pid)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, 1)
prog_base_addr = dbg.base_address
print "[+] Base address: " + hex(prog_base_addr)
print hex(dbg.base_address)
program = dbg.dump_binary()
output = file("decrypt.bin", "w+").write(program)
print "ALL DONE!"
dbg.detach()
if __name__ == "__main__":
if len(sys.argv) < 2:
print "USAGE [pid]"
exit()
pid = int(sys.argv[1])
dbg = MacDbg()
dbg.attach(pid)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
raw_input("press enter to continue")
dbg.reload()
debugger(dbg, 1)
print "MAL ADDRESS: " + hex(l)
#BUT ITS NOT NEEDED WITH SYMBOLS
dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break)
print "RESUMING TASK"
dbg.resume()
while(1): continue
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
pid = int(argv[1])
dbg.attach(pid, 1)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
dbg.load_symbols()
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, pid, dbg.task, 1)
print "CONTINUING"
#start(task, infoPid);
dbg.resume()
time.sleep(10)
dbg.detach(kill)
except NameError as e:
# except:
# e = sys.exc_info()[0]
print e
raw_input("?")
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
if (len(argv) < 2):
arr = (c_char_p * 2)()
arr[0] = cmd
arr[1] = 0
dbg.run(arr[0], arr)
pid = dbg.pid
else:
pid = int(argv[1])
dbg.attach(pid)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
proc_t_info = dbg.get_proc_threadinfo(thread_handle)
print "pth User time:", dbg.color_pink(str(proc_t_info.pth_user_time)), "pth Sys time:", dbg.color_pink(str(proc_t_info.pth_system_time))
print "pth priority:", dbg.color_pink(str(proc_t_info.pth_priority)), "pth max priority:", dbg.color_pink(str(proc_t_info.pth_maxpriority))
print "Program pid == " + dbg.color_pink(str(dbg.find_pid()))
region_info = dbg.get_region_info(prog_base_addr)
print dbg.color_red(dbg.protection_to_string(region_info.protection))
dbg.detach(kill)
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
run = 0
# exit()
if (len(argv) < 2):
arr = (c_char_p * 2)()
arr[0] = cmd
arr[1] = 0
dbg.run(arr[0], arr)
pid = dbg.pid
run = 1
else:
pid = int(argv[1])
dbg.attach(pid)
if dbg.task == 0:
print "FIRST 20 0x41 bytes found:"
tm = 30
search_byte = 0x41
search_results = dbg.search_mem(search_byte, search_type=c_byte)
for i in search_results:
print dbg.color_green(hex(i)), dbg.color_pink(dbg.hex_dump(i, 10))
tm -= 1
if tm == 0: break
dbg.detach(kill)
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
if (len(argv) < 2):
arr = (c_char_p * 2)()
arr[0] = cmd
arr[1] = 0
run = 1
dbg.run(arr[0], arr)
pid = dbg.pid
else:
pid = int(argv[1])
dbg.attach(pid)
run = 0
if dbg.task == 0:
print "FAILED TO ATTACH"
from libs.const import *
from subprocess import Popen, PIPE
# Scan system and check for libraries loaded at same base address
def base_addr(dbg, name):
if dbg.base_address == 0x100000000:
print dbg.color_red("BASE ADDRESS == LOAD ADDRESS :( -- PID - " + str(dbg.pid)), dbg.color_green(" - NAME " + name)
dbg.detach()
if __name__ == "__main__":
tmp = MacDbg()
process = Popen(["ps", "aux"], stdout=PIPE)
(output, err) = process.communicate()
pids = output.split("\n")
for i in pids:
x = i.split()
try:
pid = x[1]
name = x[10]
name = name[name.find("/")+1:]
tmp.attach(int(pid), 1)
except:
continue
def debugger(dbg, search):
print hex(dbg.base_address)
search_results = dbg.search_string(search, dbg.base_address, dbg.get_image_size()*1000)
print "Searching memory...."
for i in search_results:
print dbg.color_green(hex(i)) + " --> " + dbg.color_pink(dbg.read_memory(i, 200))
print "Done"
dbg.detach()
if __name__ == "__main__":
if len(sys.argv) < 3:
print "USAGE [pid] [search_string]"
exit()
dbg = MacDbg()
pid = int(sys.argv[1])
dbg.attach(pid)
if dbg.task == 0:
exit(0)
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, sys.argv[2])
print "\n[+] Done!"
search_results = dbg.search_string(search, dbg.base_address, dbg.get_image_size()*1000)
if len(search_results) > 0:
for i in search_results:
print dbg.color_green(hex(i)) + " --> " + dbg.color_pink(dbg.read_memory(i, 40))
dbg.detach()
return 1
else:
dbg.detach()
return 0
if __name__ == "__main__":
print "Usage ./search_multiple.py [search]"
search = sys.argv[1]
tmp = MacDbg()
pids = file("pid").readlines()
debuggers = []
print tmp.color_red("Searching for string: " + search)
count = 0
for i in pids:
print tmp.color_green("ATTACHING TO: " + str(int(i)))
tmp.attach(int(i), 1)
if tmp.task == 0:
raw_input("????")
tmp.color_red("BAD PID EXITING")
x = search_mem(tmp, search)
if x == 1:
print tmp.color_pink("FOUND PROG PID = " + str(i))
print dbg.hex_dump(x, 10)
l = struct.unpack("<q", dbg.read_memory(x, 8))[0]
print "MAL ADDRESS: " + hex(l)
#BUT ITS NOT NEEDED WITH SYMBOLS
dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break)
print "RESUMING TASK"
dbg.resume()
while (1):
continue
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
pid = int(argv[1])
dbg.attach(pid, 1)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
dbg.load_symbols()
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, pid, dbg.task, 1)
return 1
def debugger(dbg, infoPid, task, kill = 0):
dbg.suspend()
prog_base_addr = dbg.base_address
print "[+] Base address: " + hex(prog_base_addr)
dbg.add_breakpoint_library("libmozglue.dylib", "moz_xmalloc", PERSISTENT, generic_callback)
dbg.resume()
while(1): continue
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
pid = int(argv[1])
dbg.attach(pid, 1)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, pid, dbg.task, 1)
# BYTE SEARCH TEST
print "FIRST 20 0x41 bytes found:"
tm = 30
search_byte = 0x41
search_results = dbg.search_mem(search_byte, search_type=c_byte)
for i in search_results:
print dbg.color_green(hex(i)), dbg.color_pink(dbg.hex_dump(i, 10))
tm -= 1
if tm == 0: break
dbg.detach(kill)
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
if (len(argv) < 2):
arr = (c_char_p * 2)()
arr[0] = cmd
arr[1] = 0
run = 1
dbg.run(arr[0], arr)
pid = dbg.pid
else:
pid = int(argv[1])
dbg.attach(pid)
run = 0
if dbg.task == 0:
