def decompile(bear): criteria = lambda x: 'AddNew' in x.name and not x.is_metaclass() cls, = filter(criteria, bear.by_class[Class]) offset = cls.super.getRandomDotClass.imp registers = [0]*16 while True: instr = darm.disasm_armv7(bear.read_at(offset)[0]) offset += 4 print hex(offset), instr if str(instr.instr) == 'POP': break
def main(): if (len(sys.argv) < 2): print "usage: " + sys.argv[0] + " logcat.txt" return entries = [] with open("/tmp/sopickle", "rb") as f: entries = pickle.load(f) with open(sys.argv[1], "r") as f, open("/tmp/annotated_logcat.txt", "w") as d: lines = f.readlines() arm_line = re.compile('\<[\w,\.]+\>') for l in lines: prefix = l[:19] l = l[l.find(':') + 2:] # there are 19 characters before ls = l.split() son = arm_line.findall(l) if not son: d.write(prefix + l) continue son = son[0][1:-1] entry = entries[son] if not entry: d.write(prefix + l) continue address = int(ls[2][:-1], 16) #find the offset from the name list last_entry = (0, "UNKNOWN") for e in entry: ent_addr = e[0] if ent_addr > address: break else: last_entry = e #call darm to get the ARM disassembly dis = darm.disasm_armv7(int(ls[-1], 16)) d.write(prefix + '<' + last_entry[1] + '+' + str(address - last_entry[0]) + '> ' + ls[1] + ' ' + ls[2] + ' ' + str(dis)) d.write('\n')
if opCount is 0 : print "Disassemble helper using darm" print "supports ARMv7/Thumb/Thumb2, VFP/Neon/SIMD upcoming..." print " Usage : python disasm.py <machine code ...>" print " 1. $ python disasm.py" print " --> Disassemble from your input until ctrl + c" print " 2. $ python disasm.py e5900004 e7d3001f ..." print " --> Disassemble from serialized input (2 or more)" print " 3. $ python disasm.py ~/op.txt" print " --> Disasemble from a file" print "please input machine code: \n" while True : input_int = raw_input("") hexValue = int(input_int, 16) print str(darm.disasm_armv7(hexValue)) elif opCount is 1 : path = sys.argv[1] if os.path.exists(path) : print "Disassemble a file %s" % path filein = open(path, "r") lines = filein.readlines() for line in lines : print "%s\t%s" % (line.rstrip('\n'), str(darm.disasm_armv7(int(line, 16)))) else : print "%s is not exist" % path else : # print str(darm.disasm_armv7(0xe1a00002)) for i in range(opCount) : opList.append(sys.argv[i+1])
import struct import darm # https://github.com/jbremer/darm # Read RAM dump. dump = "" with open("DUMP.BIN", "rb") as f: dump = f.read() # Read decrypted launcher. data = "" with open("Launcher.dat", "rb") as f: data = f.read() # Format entries. for i in xrange(len(data)/4): v = struct.unpack("<I", data[i*4:i*4+4])[0] inst = "" if v >= 0x100000 and v <= 0x252000: # This is gonna work just fine. if v & 1: addr = (v - 0x100000) & 0xFFFFFFFE inst = darm.disasm_thumb(struct.unpack("<H", dump[addr:addr+2])[0]) else: addr = v - 0x100000 inst = darm.disasm_armv7(struct.unpack("<I", dump[addr:addr+4])[0]) if inst == None: print "{0:08X}: {1:08X}".format(i*4, v) else: print "{0:08X}: {1:08X} - {2}".format(i*4, v, inst) else: print "{0:08X}: {1:08X}".format(i*4, v)