def decompile(bear):
criteria = lambda x: 'AddNew' in x.name and not x.is_metaclass()
cls, = filter(criteria, bear.by_class[Class])
offset = cls.super.getRandomDotClass.imp
registers = [0]*16
while True:
instr = darm.disasm_armv7(bear.read_at(offset)[0])
offset += 4
print hex(offset), instr
if str(instr.instr) == 'POP':
break
def main():
if (len(sys.argv) < 2):
print "usage: " + sys.argv[0] + " logcat.txt"
return
entries = []
with open("/tmp/sopickle", "rb") as f:
entries = pickle.load(f)
with open(sys.argv[1], "r") as f, open("/tmp/annotated_logcat.txt",
"w") as d:
lines = f.readlines()
arm_line = re.compile('\<[\w,\.]+\>')
for l in lines:
prefix = l[:19]
l = l[l.find(':') + 2:] # there are 19 characters before
ls = l.split()
son = arm_line.findall(l)
if not son:
d.write(prefix + l)
continue
son = son[0][1:-1]
entry = entries[son]
if not entry:
d.write(prefix + l)
continue
address = int(ls[2][:-1], 16)
#find the offset from the name list
last_entry = (0, "UNKNOWN")
for e in entry:
ent_addr = e[0]
if ent_addr > address:
break
else:
last_entry = e
#call darm to get the ARM disassembly
dis = darm.disasm_armv7(int(ls[-1], 16))
d.write(prefix + '<' + last_entry[1] + '+' +
str(address - last_entry[0]) + '> ' + ls[1] + ' ' + ls[2] +
' ' + str(dis))
d.write('\n')
if opCount is 0 :
print "Disassemble helper using darm"
print "supports ARMv7/Thumb/Thumb2, VFP/Neon/SIMD upcoming..."
print " Usage : python disasm.py <machine code ...>"
print " 1. $ python disasm.py"
print " --> Disassemble from your input until ctrl + c"
print " 2. $ python disasm.py e5900004 e7d3001f ..."
print " --> Disassemble from serialized input (2 or more)"
print " 3. $ python disasm.py ~/op.txt"
print " --> Disasemble from a file"
print "please input machine code: \n"
while True :
input_int = raw_input("")
hexValue = int(input_int, 16)
print str(darm.disasm_armv7(hexValue))
elif opCount is 1 :
path = sys.argv[1]
if os.path.exists(path) :
print "Disassemble a file %s" % path
filein = open(path, "r")
lines = filein.readlines()
for line in lines :
print "%s\t%s" % (line.rstrip('\n'), str(darm.disasm_armv7(int(line, 16))))
else :
print "%s is not exist" % path
else :
# print str(darm.disasm_armv7(0xe1a00002))
for i in range(opCount) :
opList.append(sys.argv[i+1])
import struct
import darm # https://github.com/jbremer/darm
# Read RAM dump.
dump = ""
with open("DUMP.BIN", "rb") as f:
dump = f.read()
# Read decrypted launcher.
data = ""
with open("Launcher.dat", "rb") as f:
data = f.read()
# Format entries.
for i in xrange(len(data)/4):
v = struct.unpack("<I", data[i*4:i*4+4])[0]
inst = ""
if v >= 0x100000 and v <= 0x252000: # This is gonna work just fine.
if v & 1:
addr = (v - 0x100000) & 0xFFFFFFFE
inst = darm.disasm_thumb(struct.unpack("<H", dump[addr:addr+2])[0])
else:
addr = v - 0x100000
inst = darm.disasm_armv7(struct.unpack("<I", dump[addr:addr+4])[0])
if inst == None:
print "{0:08X}: {1:08X}".format(i*4, v)
else:
print "{0:08X}: {1:08X} - {2}".format(i*4, v, inst)
else:
print "{0:08X}: {1:08X}".format(i*4, v)
