def accept_file(li, n):
"""
Check if the file is of supported format
@param li: a file-like object which can be used to access the input data
@param n : format number. The function will be called with incrementing
number until it returns zero
@return: 0 - no more supported formats
string "name" - format name to display in the chooser dialog
dictionary { 'format': "name", 'options': integer }
options: should be 1, possibly ORed with ACCEPT_FIRST (0x8000)
to indicate preferred format
"""
# check the MAGIC
li.seek(0)
if n > 0: return 0
if dwordAt(li, 4) == MAGIC_NUM: # accept the file
idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL)
idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
return SBL1
if dwordAt(li, 4) == HDR_FLASH_VER:
# accept the file
idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL)
idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
return MBN
def load_file_sbl(li, neflags, format):
# set the processor type and enable 'metaarm' so ida disassembles all instructions
idaapi.set_processor_type("arm:ARMv7-A&R",
idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
# rewind the input file and read its contents
li.seek(0)
init_val = li.read(li.size())
# Load the file data (sans header) into IDA
rom = SblImage(init_val)
AddSeg(rom.header.image_dest_ptr,
rom.header.image_dest_ptr + rom.header.image_size, 0, 1,
idaapi.saRelPara, idaapi.scPub)
SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE)
RenameSeg(rom.header.image_dest_ptr, "CODE")
# li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)
# Load the file data (sans header) into IDA
li.file2base(80, rom.header.image_dest_ptr,
rom.header.image_dest_ptr + rom.header.code_size, 0)
# Define the .text .data and .bss segments
#AddSegEx(0, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, s, ".code", "CODE", ADDSEG_OR_DIE)
# AddSegment(0, data_start, data_end, ".data", "DATA")
# AddSegment(0, data_end, bss_end, ".bss", "BSS")
image_base = rom.header.image_dest_ptr
entry = rom.header.image_src
#if DEBUG:
# print "Created File Segments: "
# print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start)
# print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end)
# print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end)
# mark the entry point as being the first byte of the loaded image
idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr,
"HEADER", 1)
AddIdbComment(image_base, 'Codeword: ', rom.header.codeword)
AddIdbComment(image_base, 'Magic No.: ', rom.header.magic)
AddIdbComment(image_base, 'Source Location: ', rom.header.image_src)
AddIdbComment(image_base, 'Destination Address: ',
rom.header.image_dest_ptr)
AddIdbComment(image_base, 'Image Size: ', rom.header.image_size)
AddIdbComment(image_base, 'Code Size: ', rom.header.code_size)
AddIdbComment(image_base, 'Signature Ptr: ', rom.header.sig_ptr)
AddIdbComment(image_base, 'Signature Size: ', rom.header.sig_size)
AddIdbComment(image_base, 'Cert Chain Ptr: ',
rom.header.cert_chain_ptr)
AddIdbComment(image_base, 'Cert Chain Size: ',
rom.header.cert_chain_size)
AddIdbComment(image_base, 'OEM Cert Sel: ',
rom.header.oem_root_cert_sel)
AddIdbComment(image_base, 'OEM Cert Num: ',
rom.header.oem_num_root_certs)
return 1
def load_file(li, neflags, format):
idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL)
idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
if format == SBL1:
init_val = li.read(li.size())
rom = SblImage(init_val)
image_base = rom.header.image_dest_ptr
entry = image_base
return load_file_sbl(li, neflags, format)
elif format == MBN:
init_val = li.read(li.size())
rom = MbnImage(init_val)
image_base = rom.header.image_dest_ptr
entry = image_base - rom.header.image_src
return load_file_mbn(li, neflags, format)
# rewind the input file and read its contents
li.seek(0)
(image_id, header_flash_ver, image_src, image_dest_ptr, image_size,
code_size, signature_ptr, signature_size, cert_chain_ptr,
cert_chain_size) = struct.unpack(">IIIIIIIIII", li.read(4 * 10))
# Load the file data (sans header) into IDA
li.file2base(entry, entry, data_end, True)
# Define the .text .data and .bss segments
add_segm(0, entry, data_end, ".text", "CODE")
add_segm(0, data_start, data_end, ".data", "DATA")
add_segm(0, data_end, bss_end, ".bss", "BSS")
if DEBUG:
print "Created File Segments: "
print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start)
print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end)
print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end)
def load_file_mbn(li, neflags, format):
# set the processor type and enable 'metaarm' so ida disassembles all instructions
idaapi.set_processor_type("arm:ARMv7-A&R",
idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL)
idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm')
# rewind the input file and read its contents
li.seek(0)
init_val = li.read(li.size())
# Load the file data (sans header) into IDA
rom = MbnImage(init_val)
#CODE SEGMENT
#seg1_size = (rom.header.image_dest_ptr + 0xFFF) &(~0xFFF)
#file_offset = header_size + reloc_header_size*3
AddSeg(rom.header.image_dest_ptr,
rom.header.image_dest_ptr + rom.header.image_size, 0, 1,
idaapi.saRelPara, idaapi.scPub)
SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE)
RenameSeg(rom.header.image_dest_ptr, "CODE")
# li.file2base(file_offset, seg1, seg1 + code_seg_size, 0)
# Load the file data (sans header) into IDA
li.file2base(40, rom.header.image_dest_ptr,
rom.header.image_dest_ptr + rom.header.code_size, 0)
#AddSegment('%s_code' % rom, rom.code_base, rom.code_data)
#if rom.sig_data is not None: AddSegment('%s_sig' % rom, rom.sig_base, rom.sig_data) RenameSeg(rom.header.image_dest_ptr, "CODE")
#if rom.cert_data is not None: AddSegment('%s_cert' % rom, rom.cert_base, rom.cert_data)
#if rom.tail_data is not None: AddSegment('%s_tail' % rom, rom.tail_base, rom.tail_data)
#dataseg = rom.header.image_dest_ptr
#dataseg_size = init_val
#filofs = rom.header.code_size
#AddSeg(dataseg, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub)
#SetSegmentType(dataseg, idaapi.SEG_DATA)
#RenameSeg(dataseg, "DATA")
#li.file2base(rom.header.image_dest_ptr, dataseg, dataseg + rom.header.image_dest_ptr + rom.header.image_size, 0)
# Define the .text .data and .bss segments
#AddSegEx(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0, 1, ".code", "CODE", ADDSEG_OR_DIE)
#AddSegment(0, data_start, data_end, ".data", "DATA")
#AddSegment(0, data_end, bss_end, ".bss", "BSS")
image_base = rom.header.image_dest_ptr
entry = image_base - rom.header.image_src
#if DEBUG:
# print "Created File Segments: "
# print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start)
# print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end)
# print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end)
# mark the entry point as being the first byte of the loaded image
idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr,
"HEADER", 1)
AddIdbComment(image_base, 'Flash Part Version: ',
rom.header.flash_parti_ver)
AddIdbComment(image_base, 'Source Location: ', rom.header.image_src)
AddIdbComment(image_base, 'Destination Address: ',
rom.header.image_dest_ptr)
AddIdbComment(image_base, 'Image Size: ', rom.header.image_size)
AddIdbComment(image_base, 'Code Size: ', rom.header.code_size)
AddIdbComment(image_base, 'Signature Ptr: ', rom.header.sig_ptr)
AddIdbComment(image_base, 'Signature Size: ', rom.header.sig_size)
AddIdbComment(image_base, 'Cert Chain Ptr: ',
rom.header.cert_chain_ptr)
AddIdbComment(image_base, 'Cert Chain Size: ',
rom.header.cert_chain_size)
return 1
type=argparse.FileType('r'),
default=None,
help="File containing the global variables to be lifted")
args = parser.parse_args(args=idc.ARGV[1:])
if args.log_file != os.devnull:
INIT_DEBUG_FILE(args.log_file)
DEBUG("Debugging is enabled.")
addr_size = {"x86": 32, "amd64": 64, "aarch64": 64}.get(args.arch, 0)
if addr_size != get_address_size_in_bits():
DEBUG(
"Arch {} address size does not match IDA's available bitness {}! Did you mean to use idal64?"
.format(args.arch, get_address_size_in_bits()))
idc.ChangeConfig("ABANDON_DATABASE=YES")
idc.Exit(-1)
if args.pie_mode:
DEBUG("Using PIE mode.")
PIE_MODE = True
EMAP = {}
EMAP_DATA = {}
# Try to find the defs file or this OS
OS_NAME = args.os
os_defs_file = os.path.join(tools_disass_dir, "defs",
"{}.txt".format(args.os))
if os.path.isfile(os_defs_file):
args.std_defs.insert(0, os_defs_file)