def main(): # response for executing
#print BugName
#BugName = 'alpha_auth_check'
dbName = 'firmware'
BugCollectionName = 'BugFeature'
# BugFlag = "cq"
BugName = idc.ARGV[1]
#dbName = idc.ARGV[2]
#BugCollectionName = idc.ARGV[3]
BugFlag = idc.ARGV[2]
dbFlag = 1
for i in range(0, get_func_qty()):
fun = getn_func(i)
segname = get_segm_name(fun.startEA)
# only analyze the function which segname is .text or LOAD
if segname[1:4] not in ["tex","OAD"]:
continue
# Analyse the each function
if str(GetFunctionName(fun.startEA)) not in [BugName]:
continue
f = funAnalyzer(fun)
f.startAnalyze()
# Linux ida bug, we delete the problem functions
sAddr = fun.startEA
if(sAddr!=fun.startEA):
#print "ERROR-1: ", sAddr, fun.startEA
continue
if f.attr["Func_Addr"] != fun.startEA:
#print "ERROR-2: ", fun.startEA, flst[fun.startEA].dump()
continue
func_info = f.attr
func_info["Time"] = time.strftime("%Y-%m-%d %H:%m:%S", time.localtime())
func_info["BugFlag"] = BugFlag
if dbFlag:
conn = connectDB()
#[WARNING] prior database with the same name will be replaced!
#db[collectionName].remove()#Note! there are so many binaries
try:
conn[dbName][BugCollectionName].insert_one(func_info)
except Exception, e:
raise e
def main(): # response for executing
dbName = 'firmware'
TargetCollectionName = 'TargetFeature'
#dbName = idc.ARGV[1]
#TargetCollectionName = idc.ARGV[2]
TargetFlag = idc.ARGV[1]
dbFlag = 1
print get_func_qty()
flst = {}
for i in range(0, get_func_qty()):
fun = getn_func(i)
segname = get_segm_name(fun.startEA)
# only analyze the function which segname is .text or LOAD
if segname[1:4] not in ["tex","OAD"]:
continue
# Analyse the each function
f = funAnalyzer(fun)
f.startAnalyze()
# Linux ida bug, we delete the problem functions
sAddr = fun.startEA
if(sAddr!=fun.startEA):
#print "ERROR-1: ", sAddr, fun.startEA
continue
if f.attr["Func_Addr"] != fun.startEA:
#print "ERROR-2: ", fun.startEA, flst[fun.startEA].dump()
return
func_info = f.attr
func_info["Time"] = time.strftime("%Y-%m-%d %H:%m:%S", time.localtime())
func_info['TargetFlag'] = TargetFlag
if dbFlag:
conn = connectDB()
try:
conn[dbName][TargetCollectionName].insert_one(func_info)
except Exception, e:
raise e
def main(Train_collectionName = 'train', Train_dbName = 'Analyse',pathfile = ',,/TrainBinary',idaengine = '../../IDAPro/idal64',\
plugpath = '../Plug_Train.py'):
# pathfile = '/home/changqing/Desktop/BugSearch/TrainBinary'
# idaengine = '/home/changqing/IDAPro/idal64'
# plugpath = '/home/changqing/Desktop/BugSearch/Plug_Train.py'
#
# for parent,dirnames,filenames in os.walk(pathfile):
# for filename in filenames:
# print filename
# binaryPath = os.path.join(parent,filename)
# os.system("%s -B %s"%(idaengine,binaryPath))
# binaryI64Path = binaryPath+'.i64'
# if os.path.exists(binaryI64Path):
# os.system("%s -A -S'%s %s' %s"%(idaengine,plugpath, Train_dbName, binaryI64Path))
# try:
# os.system("rm %s"%(binaryPath+'.id0'))
# os.system("rm %s"%(binaryPath+'.id1'))
# os.system("rm %s"%(binaryPath+'.asm'))
# os.system("rm %s"%(binaryPath+'.nam'))
# os.system("rm %s"%(binaryPath+'.til'))
# os.system("rm %s"%(binaryPath+'.i64'))
# except:
# pass
conn = connectDB()
collection0 = "busybox-mips-O0"
collection1 = "busybox-mips-O1"
collection2 = "busybox-mips-O2"
collection3 = "busybox-mips-O3"
Feature0 = list(conn[Train_dbName][Train_collectionName].find(
{'Firmware_ID': collection0}))
Feature1 = list(conn[Train_dbName][Train_collectionName].find(
{'Firmware_ID': collection1}))
Feature2 = list(conn[Train_dbName][Train_collectionName].find(
{'Firmware_ID': collection2}))
Feature3 = list(conn[Train_dbName][Train_collectionName].find(
{'Firmware_ID': collection3}))
if len(Feature0) * len(Feature1) * len(Feature2) * len(Feature3):
trainData, validData, testData = prepareData(
(Feature0, Feature1, Feature2, Feature3))
print
print '... MLP'
test_mlp((trainData, validData, testData))
def main(): # response for executing
dbName = 'firmware'
TargetCollectionName = 'TargetFeature'
#dbName = idc.ARGV[1]
#TargetCollectionName = idc.ARGV[2]
TargetFlag = idc.ARGV[1]
dbFlag = 1
print get_func_qty()
flst = {}
for i in range(0, get_func_qty()):
fun = getn_func(i)
segname = get_segm_name(fun.startEA)
# only analyze the function which segname is .text or LOAD
if segname[1:4] not in ["tex", "OAD"]:
continue
# Analyse the each function
f = funAnalyzer(fun)
f.startAnalyze()
# Linux ida bug, we delete the problem functions
sAddr = fun.startEA
if (sAddr != fun.startEA):
#print "ERROR-1: ", sAddr, fun.startEA
continue
if f.attr["Func_Addr"] != fun.startEA:
#print "ERROR-2: ", fun.startEA, flst[fun.startEA].dump()
return
func_info = f.attr
func_info["Time"] = time.strftime("%Y-%m-%d %H:%m:%S",
time.localtime())
func_info['TargetFlag'] = TargetFlag
if dbFlag:
conn = connectDB()
try:
conn[dbName][TargetCollectionName].insert_one(func_info)
except Exception, e:
raise e
def main(Train_collectionName = 'train', Train_dbName = 'Analyse',pathfile = ',,/TrainBinary',idaengine = '../../IDAPro/idal64',\
plugpath = '../Plug_Train.py'):
# pathfile = '/home/changqing/Desktop/BugSearch/TrainBinary'
# idaengine = '/home/changqing/IDAPro/idal64'
# plugpath = '/home/changqing/Desktop/BugSearch/Plug_Train.py'
#
# for parent,dirnames,filenames in os.walk(pathfile):
# for filename in filenames:
# print filename
# binaryPath = os.path.join(parent,filename)
# os.system("%s -B %s"%(idaengine,binaryPath))
# binaryI64Path = binaryPath+'.i64'
# if os.path.exists(binaryI64Path):
# os.system("%s -A -S'%s %s' %s"%(idaengine,plugpath, Train_dbName, binaryI64Path))
# try:
# os.system("rm %s"%(binaryPath+'.id0'))
# os.system("rm %s"%(binaryPath+'.id1'))
# os.system("rm %s"%(binaryPath+'.asm'))
# os.system("rm %s"%(binaryPath+'.nam'))
# os.system("rm %s"%(binaryPath+'.til'))
# os.system("rm %s"%(binaryPath+'.i64'))
# except:
# pass
conn = connectDB()
collection0 = "busybox-mips-O0"
collection1 = "busybox-mips-O1"
collection2 = "busybox-mips-O2"
collection3 = "busybox-mips-O3"
Feature0 = list(conn[Train_dbName][Train_collectionName].find({'Firmware_ID':collection0}))
Feature1 = list(conn[Train_dbName][Train_collectionName].find({'Firmware_ID':collection1}))
Feature2 = list(conn[Train_dbName][Train_collectionName].find({'Firmware_ID':collection2}))
Feature3 = list(conn[Train_dbName][Train_collectionName].find({'Firmware_ID':collection3}))
if len(Feature0)*len(Feature1)*len(Feature2)*len(Feature3):
trainData,validData,testData = prepareData((Feature0,Feature1,Feature2,Feature3))
print
print '... MLP'
test_mlp((trainData,validData,testData))
def main(thre = 0.5):
TargetBinaryPath = sys.argv[1]
BugBinaryPath = sys.argv[2]
BugName = sys.argv[3]
idaenginePath = '/home/changqing/IDAPro/idal64'
BugPlugPath = '/home/changqing/Desktop/Search/BugPlug.py'
TargetPlugPath = '/home/changqing/Desktop/Search/TargetPlug.py'
dbName = 'firmware'
BugCollectionName = 'BugFeature'
TargetCollectionName = 'TargetFeature'
BugFlag = count_md5(BugBinaryPath+' '+BugName)
TargetFlag = count_md5(TargetBinaryPath)
analyseFlag = BugBinaryPath[-4:]=='.i64' and TargetBinaryPath[-4:]=='.i64'
if analyseFlag:
BugId0Path = BugBinaryPath[:-4]+'.id0'
BugId1Path = BugBinaryPath[:-4]+'.id1'
BugNamPath = BugBinaryPath[:-4]+'.nam'
BugTilPath = BugBinaryPath[:-4]+'.til'
if os.path.exists(BugId0Path):
os.system("rm %s"%(BugId0Path))
if os.path.exists(BugId1Path):
os.system("rm %s"%(BugId1Path))
if os.path.exists(BugNamPath):
os.system("rm %s"%(BugNamPath))
if os.path.exists(BugTilPath):
os.system("rm %s"%(BugTilPath))
os.system("%s -A -S'%s %s %s ' %s"%( idaenginePath, BugPlugPath, BugName, BugFlag, BugBinaryPath))
if os.path.exists(BugId0Path):
os.system("rm %s"%(BugId0Path))
if os.path.exists(BugId1Path):
os.system("rm %s"%(BugId1Path))
if os.path.exists(BugNamPath):
os.system("rm %s"%(BugNamPath))
if os.path.exists(BugTilPath):
os.system("rm %s"%(BugTilPath))
TargetId0Path = TargetBinaryPath[:-4]+'.id0'
TargetId1Path = TargetBinaryPath[:-4]+'.id1'
TargetNamPath = TargetBinaryPath[:-4]+'.nam'
TargetTilPath = TargetBinaryPath[:-4]+'.til'
if os.path.exists(TargetId0Path):
os.system("rm %s"%(TargetId0Path))
if os.path.exists(TargetId1Path):
os.system("rm %s"%(TargetId1Path))
if os.path.exists(TargetNamPath):
os.system("rm %s"%(TargetNamPath))
if os.path.exists(TargetTilPath):
os.system("rm %s"%(TargetTilPath))
os.system("%s -A -S'%s %s' %s"%( idaenginePath, TargetPlugPath, TargetFlag,TargetBinaryPath))
if os.path.exists(TargetId0Path):
os.system("rm %s"%(TargetId0Path))
if os.path.exists(TargetId1Path):
os.system("rm %s"%(TargetId1Path))
if os.path.exists(TargetNamPath):
os.system("rm %s"%(TargetNamPath))
if os.path.exists(TargetTilPath):
os.system("rm %s"%(TargetTilPath))
conn = connectDB()
BugFunctionList = list(conn[dbName][BugCollectionName].find({'BugFlag':BugFlag}))
TargetFunctionList = list(conn[dbName][TargetCollectionName].find({'TargetFlag':TargetFlag}))
#print len(BugFunctionList)
#print len(TargetFunctionList)
predSimList = []
probList = []
if len(BugFunctionList) != 0 and len(TargetFunctionList) != 0:
predSimList = count_predSim(BugFunctionList, TargetFunctionList)# order is import
featureList,labelList = count_formData(predSimList)
probList = prediction(featureList,labelList)
for i in range(len(probList)):
if probList[i] >= thre:
print predSimList[i]['Func_Name_target'],': ',probList[i]
conn[dbName][BugCollectionName].remove({'BugFlag':BugFlag})
conn[dbName][TargetCollectionName].remove({'TargetFlag':TargetFlag})