Exemplo n.º 1
0
def find_interesting(base_ea, base_end):
    mv_ea = find_macho_valid(base_ea)

    if mv_ea != ida_idaapi.BADADDR:
        ldk_ea = find_loaded_kernelcache(mv_ea)
        lk_ea = find_load_kernelcache(ldk_ea)

    pk_ea = find_panic(base_ea)
    go_ea = find_do_go(base_ea)
    pr_ea = find_do_printf(base_ea)
    i4l_ea = find_image4_load(base_ea)
    i4d_ea = find_img4decodeinit(base_ea)
    aes_ea = find_aes_crypto_cmd(base_ea)
    udt_ea = find_update_device_tree(base_ea)
    ml_ea = find_macho_load(base_ea)
    pgv_ea = find_pmgr_binning_mode_get_value(base_ea)
    i4p_ea = find_image4_get_partial(base_ea)
    mt_ea = find_main_task(base_ea)
    bc_ea = find_boot_check_panic(base_ea, base_end)

    pc_ea = find_putchar(base_ea)

    if pc_ea != ida_idaapi.BADADDR and mv_ea == ida_idaapi.BADADDR:
        # this is a SecureROM image
        segm = ida_segment.getseg(base_ea)

        if segm:
            idaapi.set_segm_name(segm, "SecureROM", 0)
            print("[+] Identified as a SecureROM image")
Exemplo n.º 2
0
def find_interesting(base_ea, base_end):
    mv_ea = find_macho_valid(base_ea, base_end)

    if mv_ea != ida_idaapi.BADADDR:
        ldk_ea = find_loaded_kernelcache(mv_ea)

        if ldk_ea != ida_idaapi.BADADDR:
            lk_ea = find_load_kernelcache(ldk_ea)

    pk_ea = find_panic(base_ea)
    go_ea = find_do_go(base_ea)
    pr_ea = find_do_printf(base_ea)

    i4vc_ea = find_image4_validate_property_callback(base_ea, base_end)

    if i4vc_ea != ida_idaapi.BADADDR:
        i4l_ea = find_image4_load(i4vc_ea)

    i4i_ea = find_image4_validate_property_callback_interposer(base_ea)

    if i4i_ea != ida_idaapi.BADADDR:
        i4ip_ea = find_image4_validate_property_callback_interposer_ptr(i4i_ea)

    rmr_ea = find_record_memory_range(base_ea)
    i4d_ea = find_img4decodeinit(base_ea)
    scf_ea = find_stack_chk_fail(base_ea)
    aes_ea = find_aes_crypto_cmd(base_ea, base_end)
    udt_ea = find_update_device_tree(base_ea)

    ml_ea = find_macho_load(base_ea)

    if ml_ea != ida_idaapi.BADADDR:
        lko_ea = find_load_kernelcache_object(ml_ea)

    pgv_ea = find_pmgr_binning_mode_get_value(base_ea)
    i4p_ea = find_image4_get_partial(base_ea)
    mt_ea = find_main_task(base_ea)
    tei_ea = find_target_early_init(base_ea)
    bc_ea = find_boot_check_panic(base_ea, base_end)
    pei_ea = find_platform_early_init(base_ea, base_end)
    crv_ea = find_chipid_get_chip_revision(base_ea, base_end)
    pid_ea = find_platform_init_display(base_ea)

    pc_ea = find_putchar(base_ea, base_end)

    # just to be sure
    if br_flag == false:
        if pc_ea != ida_idaapi.BADADDR and mv_ea == ida_idaapi.BADADDR:
            # this is a SecureROM image
            segm = ida_segment.getseg(base_ea)

            if segm:
                idaapi.set_segm_name(segm, "SecureROM", 0)
                print("[+] Identified as a SecureROM image")
Exemplo n.º 3
0
def LoadModule(platform, name, path):
    global g_NextLibBase

    if platform is not None:
        os_type = platform[:3]
        if os_type == "iOS":
            # check if it is custom or system framework
            app_idx = path.find(".app")

            if app_idx >= 0:
                # custom framework
                local_path = path[app_idx + 4:]
                bin_path = os.path.dirname(get_input_file_path())
                path = bin_path + local_path
            else:
                # system framework
                os_ver = platform[4:]
                home = os.path.expanduser("~")
                path = home + "/Library/Developer/Xcode/iOS DeviceSupport/" + os_ver + "/Symbols" + path

            # check if framework exists
            if os.path.exists(path) == False:
                fl_log("FridaLink: invalid path [ " + path + " ]\n")
                return

    fl_log("FridaLink: loading module '" + name + "' from [ " + path + " ]\n")
    res = load_loader_module(None, "macho", str(path), False)
    if res != 0:
        Wait()

        seg = get_segm_by_name("HEADER").startEA
        set_segm_name(getseg(seg), name)
        Wait()
        fl_log("FridaLink: set first sector name for loaded module to '" +
               name + "'\n")

        if seg < g_AppBase:
            fl_log("FridaLink: move module '" + name + "' to " +
                   ('0x%012x' % g_NextLibBase) + "\n")

            # Move back all segments before main one (usually for OSX modules)
            while seg < g_AppBase:
                fl_log(('  0x%012x' % SegStart(seg)) + " -> " +
                       ('0x%012x' % (SegStart(seg) + g_NextLibBase)) + ": " +
                       SegName(seg) + "\n")
                MoveSegm(SegStart(seg), SegStart(seg) + g_NextLibBase, 0)
                Wait()
                seg = FirstSeg()

            g_NextLibBase += kModuleAlignment
            fl_log("FridaLink: next module base = " +
                   ("0x%012x" % g_NextLibBase) + "\n")
Exemplo n.º 4
0
def SanityChecks():
    seg = FirstSeg()
    if SegName(seg) != GetInputFile().replace(' ', '_'):
        dlg = AskYN(
            0, "Name of the first segment for main module ('" + SegName(seg) +
            "') doesn't\nmatch main module's name ('" + GetInputFile() +
            "').\n\n" +
            "In order for the FridaLink to function correctly (i.e. resolve\nsymbols and load additional modules) this segment name\nshould be updated.\n\n"
            + "Update first segment name to '" + GetInputFile() + "'?")
        if dlg == 1:
            set_segm_name(getseg(seg), GetInputFile())
            Wait()
            fl_log("FridaLink: set first sector name for main binary to '" +
                   GetInputFile() + "'\n")
Exemplo n.º 5
0
 def name(self, name):
     idaapi.set_segm_name(self.segment_t, name)
Exemplo n.º 6
0
 def __call__(self):
     s = idaapi.getseg(self.ea)
     idaapi.set_segm_name(s, self.name.encode('utf-8'))
Exemplo n.º 7
0
 def name(self, name):
     idaapi.set_segm_name(self.segment_t, name)
Exemplo n.º 8
0
 def __call__(self):
     s = idaapi.getseg(self.ea)
     idaapi.set_segm_name(s, self.name)