def debugger(dbg, kill=0):
dbg.suspend()
prog_base_addr = dbg.base_address
print "[+] Base address: " + hex(prog_base_addr)
print hex(dbg.base_address)
program = dbg.dump_binary()
output = file("output.bin", "w+").write(program)
print "ALL DONE!"
dbg.detach()
if __name__ == "__main__":
if len(sys.argv) < 2:
print "USAGE [pid]"
exit()
pid = int(sys.argv[1])
dbg = MacDbg()
dbg.attach(pid)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, 1)
print "MAL ADDRESS: " + hex(l)
#BUT ITS NOT NEEDED WITH SYMBOLS
dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break)
print "RESUMING TASK"
dbg.resume()
while(1): continue
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
pid = int(argv[1])
dbg.attach(pid, 1)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
dbg.load_symbols()
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, pid, dbg.task, 1)
prog_base_addr = dbg.base_address
print "[+] Base address: " + hex(prog_base_addr)
print hex(dbg.base_address)
program = dbg.dump_binary()
output = file("decrypt.bin", "w+").write(program)
print "ALL DONE!"
dbg.detach()
if __name__ == "__main__":
if len(sys.argv) < 2:
print "USAGE [pid]"
exit()
pid = int(sys.argv[1])
dbg = MacDbg()
dbg.attach(pid)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
raw_input("press enter to continue")
dbg.reload()
debugger(dbg, 1)
def base_addr(dbg, name):
if dbg.base_address == 0x100000000:
print dbg.color_red("BASE ADDRESS == LOAD ADDRESS :( -- PID - " + str(dbg.pid)), dbg.color_green(" - NAME " + name)
dbg.detach()
if __name__ == "__main__":
tmp = MacDbg()
process = Popen(["ps", "aux"], stdout=PIPE)
(output, err) = process.communicate()
pids = output.split("\n")
for i in pids:
x = i.split()
try:
pid = x[1]
name = x[10]
name = name[name.find("/")+1:]
tmp.attach(int(pid), 1)
except:
continue
if tmp.task == 0:
tmp.color_red("BAD PID CONTINUING")
continue
base_addr(tmp, name)
if len(search_results) > 0:
for i in search_results:
print dbg.color_green(hex(i)) + " --> " + dbg.color_pink(dbg.read_memory(i, 40))
dbg.detach()
return 1
else:
dbg.detach()
return 0
if __name__ == "__main__":
print "Usage ./search_multiple.py [search]"
search = sys.argv[1]
tmp = MacDbg()
pids = file("pid").readlines()
debuggers = []
print tmp.color_red("Searching for string: " + search)
count = 0
for i in pids:
print tmp.color_green("ATTACHING TO: " + str(int(i)))
tmp.attach(int(i), 1)
if tmp.task == 0:
raw_input("????")
tmp.color_red("BAD PID EXITING")
x = search_mem(tmp, search)
if x == 1:
print tmp.color_pink("FOUND PROG PID = " + str(i))
print dbg.hex_dump(x, 10)
l = struct.unpack("<q", dbg.read_memory(x, 8))[0]
print "MAL ADDRESS: " + hex(l)
#BUT ITS NOT NEEDED WITH SYMBOLS
dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break)
print "RESUMING TASK"
dbg.resume()
while (1):
continue
if __name__ == "__main__":
argv = sys.argv
cmd = "./test_prog.app"
dbg = MacDbg()
pid = int(argv[1])
dbg.attach(pid, 1)
if dbg.task == 0:
print "Failed to attach Check PID"
exit(0)
dbg.load_symbols()
pid = dbg.pid
print "[+] Attached to task # %s\n" % str(dbg.task)
debugger(dbg, pid, dbg.task, 1)
