def main():
"""Start Thumbs Up IDA plugin - Firmware version."""
# Init the logger
logger = Logger("Thumbs Up Logger",
[("thumbs_up.log", "w", logging.DEBUG)],
use_stdout=False,
min_log_level=logging.INFO)
logger.linkHandler(IdaLogHandler())
# Locate the segments
code_segments = list(filter(lambda x: x.type == 2, sark.segments()))
data_segments = list(filter(lambda x: x.type in [0, 3], sark.segments()))
# Sanity checks
if len(code_segments) == 0:
logger.error("Failed to find any code segment, can't continue...")
return
if len(data_segments) == 0:
logger.error("Failed to find any data segment, can't continue...")
return
# Notify the user about our segment decisions
logger.info("Segments, as marked by the disassembler:")
for sc in code_segments:
logger.info("Code Segment: 0x%x - 0x%x", sc.start_ea, sc.end_ea)
for sd in data_segments:
logger.info("Data Segment: 0x%x - 0x%x", sd.start_ea, sd.end_ea)
# Build up the analyzer
analyzer = createAnalyzer(logger, False)
# Sanity check
if analyzer is None:
logger.error("Exiting")
return
# Finish building the analyzer
analyzer.linkFunctionClassifier()
analyzer.linkFptrIdentifier()
analyzer.linkStringIdentifier()
analyzer.linkLocalsIdentifier()
analyzer.linkSwitchIdentifier()
# Notify the user about the code types
analyzer.presentCodeTypes()
# Start the analysis
logger.info("Starting the analysis")
result = analysisStart(analyzer, code_segments, data_segments)
if result:
logger.info("Successfully finished the analysis")
else:
logger.error("Encountered an error during the analysis")
def database_inited(self, is_new_db, idc_script):
# A file was loaded, reset vars
self.plugin.filename = idaapi.get_input_file_path()
self.plugin.cfg = None
self.plugin.angr_proj = None
self.plugin.global_vars = None
self.plugin.opaque_predicates = dict()
self.plugin.extra_constraints = dict()
self.plugin.symbolic_vars = dict()
# Check if it (still) exists
if not isfile(self.plugin.filename):
print(
"### Drop error: original input file no longer exists, unable to load it into angr. ###"
)
return
# Load the file into angr
try:
# This is a bit inefficient, but figure out if it's PIC by loading twice
p = angr.Project(self.plugin.filename,
load_options={'auto_load_libs': False})
if p.loader.main_bin.pic:
# Load with IDA's imagebase as base_addr
base_addr = idaapi.get_imagebase()
else:
# Load with 0 as base_addr
base_addr = 0
del p
self.plugin.angr_proj = angr.Project(self.plugin.filename,
load_options={
'auto_load_libs': False,
'main_opts': {
'custom_base_addr':
base_addr
}
})
# get and store the file bitness
# Don't use idaapi.get_inf_structure().is_32bit(), it will give True for MIPS64...
self.plugin.bitness = self.plugin.angr_proj.arch.bits
# Save the list of all recognized variables in .bss, .data and .rodata (TODO: why these? any others?)
# TODO: Other segments as well?
self.plugin.global_vars = [
var for s in sark.segments() for var in get_segment_names(s)
if s.name in [".bss", ".data", ".rodata"]
]
print("### Loaded file into angr succesfully! ###")
except:
import traceback
print("ERROR: Failed to load file into angr: {}".format(
traceback.format_exc()))
def main():
for segment in sark.segments():
print(segment)
dump_attrs(segment, exclude=('prev', 'next'))
def get_random_address():
segment = random.choice(list(sark.segments()))
address = random.randint(segment.startEA, segment.endEA)
return address
import logging
logger = logging.getLogger(__name__)
if not logger.handlers:
handler = logging.StreamHandler(stream=sys.stdout)
logger.addHandler(handler)
logger.setLevel(logging.WARNING)
try:
import idautils
import idaapi
import sark
ram_segment = None
rom_segment = None
for segment in sark.segments():
if segment.name == 'RAM' or segment.name == '.data':
ram_segment = segment
elif segment.name == 'ROM' or segment.name == '.text':
rom_segment = segment
def safe_name(address):
name = sark.Line(address).name
if name[0:4] == 'unk_':
return "0x%x" % address
else:
return "%s" % name
def add_dref_named_offset(name, offset):
here = idc.here()
there = sark.Line(name=name).ea