def accept_file(li, n): """ Check if the file is of supported format @param li: a file-like object which can be used to access the input data @param n : format number. The function will be called with incrementing number until it returns zero @return: 0 - no more supported formats string "name" - format name to display in the chooser dialog dictionary { 'format': "name", 'options': integer } options: should be 1, possibly ORed with ACCEPT_FIRST (0x8000) to indicate preferred format """ # check the MAGIC li.seek(0) if n > 0: return 0 if dwordAt(li, 4) == MAGIC_NUM: # accept the file idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL) idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm') return SBL1 if dwordAt(li, 4) == HDR_FLASH_VER: # accept the file idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL) idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm') return MBN
def load_file_sbl(li, neflags, format): # set the processor type and enable 'metaarm' so ida disassembles all instructions idaapi.set_processor_type("arm:ARMv7-A&R", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL) idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm') # rewind the input file and read its contents li.seek(0) init_val = li.read(li.size()) # Load the file data (sans header) into IDA rom = SblImage(init_val) AddSeg(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub) SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE) RenameSeg(rom.header.image_dest_ptr, "CODE") # li.file2base(file_offset, seg1, seg1 + code_seg_size, 0) # Load the file data (sans header) into IDA li.file2base(80, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0) # Define the .text .data and .bss segments #AddSegEx(0, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, s, ".code", "CODE", ADDSEG_OR_DIE) # AddSegment(0, data_start, data_end, ".data", "DATA") # AddSegment(0, data_end, bss_end, ".bss", "BSS") image_base = rom.header.image_dest_ptr entry = rom.header.image_src #if DEBUG: # print "Created File Segments: " # print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start) # print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end) # print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end) # mark the entry point as being the first byte of the loaded image idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr, "HEADER", 1) AddIdbComment(image_base, 'Codeword: ', rom.header.codeword) AddIdbComment(image_base, 'Magic No.: ', rom.header.magic) AddIdbComment(image_base, 'Source Location: ', rom.header.image_src) AddIdbComment(image_base, 'Destination Address: ', rom.header.image_dest_ptr) AddIdbComment(image_base, 'Image Size: ', rom.header.image_size) AddIdbComment(image_base, 'Code Size: ', rom.header.code_size) AddIdbComment(image_base, 'Signature Ptr: ', rom.header.sig_ptr) AddIdbComment(image_base, 'Signature Size: ', rom.header.sig_size) AddIdbComment(image_base, 'Cert Chain Ptr: ', rom.header.cert_chain_ptr) AddIdbComment(image_base, 'Cert Chain Size: ', rom.header.cert_chain_size) AddIdbComment(image_base, 'OEM Cert Sel: ', rom.header.oem_root_cert_sel) AddIdbComment(image_base, 'OEM Cert Num: ', rom.header.oem_num_root_certs) return 1
def load_file(li, neflags, format): idaapi.set_processor_type("arm:ARMv7-A&R", SETPROC_ALL | SETPROC_FATAL) idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm') if format == SBL1: init_val = li.read(li.size()) rom = SblImage(init_val) image_base = rom.header.image_dest_ptr entry = image_base return load_file_sbl(li, neflags, format) elif format == MBN: init_val = li.read(li.size()) rom = MbnImage(init_val) image_base = rom.header.image_dest_ptr entry = image_base - rom.header.image_src return load_file_mbn(li, neflags, format) # rewind the input file and read its contents li.seek(0) (image_id, header_flash_ver, image_src, image_dest_ptr, image_size, code_size, signature_ptr, signature_size, cert_chain_ptr, cert_chain_size) = struct.unpack(">IIIIIIIIII", li.read(4 * 10)) # Load the file data (sans header) into IDA li.file2base(entry, entry, data_end, True) # Define the .text .data and .bss segments add_segm(0, entry, data_end, ".text", "CODE") add_segm(0, data_start, data_end, ".data", "DATA") add_segm(0, data_end, bss_end, ".bss", "BSS") if DEBUG: print "Created File Segments: " print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start) print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end) print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end)
def load_file_mbn(li, neflags, format): # set the processor type and enable 'metaarm' so ida disassembles all instructions idaapi.set_processor_type("arm:ARMv7-A&R", idaapi.SETPROC_ALL | idaapi.SETPROC_FATAL) idc.ChangeConfig('ARM_DEFAULT_ARCHITECTURE = metaarm') # rewind the input file and read its contents li.seek(0) init_val = li.read(li.size()) # Load the file data (sans header) into IDA rom = MbnImage(init_val) #CODE SEGMENT #seg1_size = (rom.header.image_dest_ptr + 0xFFF) &(~0xFFF) #file_offset = header_size + reloc_header_size*3 AddSeg(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub) SetSegmentType(rom.header.image_dest_ptr, idaapi.SEG_CODE) RenameSeg(rom.header.image_dest_ptr, "CODE") # li.file2base(file_offset, seg1, seg1 + code_seg_size, 0) # Load the file data (sans header) into IDA li.file2base(40, rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0) #AddSegment('%s_code' % rom, rom.code_base, rom.code_data) #if rom.sig_data is not None: AddSegment('%s_sig' % rom, rom.sig_base, rom.sig_data) RenameSeg(rom.header.image_dest_ptr, "CODE") #if rom.cert_data is not None: AddSegment('%s_cert' % rom, rom.cert_base, rom.cert_data) #if rom.tail_data is not None: AddSegment('%s_tail' % rom, rom.tail_base, rom.tail_data) #dataseg = rom.header.image_dest_ptr #dataseg_size = init_val #filofs = rom.header.code_size #AddSeg(dataseg, rom.header.image_dest_ptr + rom.header.image_size, 0, 1, idaapi.saRelPara, idaapi.scPub) #SetSegmentType(dataseg, idaapi.SEG_DATA) #RenameSeg(dataseg, "DATA") #li.file2base(rom.header.image_dest_ptr, dataseg, dataseg + rom.header.image_dest_ptr + rom.header.image_size, 0) # Define the .text .data and .bss segments #AddSegEx(rom.header.image_dest_ptr, rom.header.image_dest_ptr + rom.header.code_size, 0, 1, ".code", "CODE", ADDSEG_OR_DIE) #AddSegment(0, data_start, data_end, ".data", "DATA") #AddSegment(0, data_end, bss_end, ".bss", "BSS") image_base = rom.header.image_dest_ptr entry = image_base - rom.header.image_src #if DEBUG: # print "Created File Segments: " # print "\t.text 0x%.8X - 0x%.8X" % (entry, data_start) # print "\t.data 0x%.8X - 0x%.8X" % (data_start, data_end) # print "\t.bss 0x%.8X - 0x%.8X" % (data_end, bss_end) # mark the entry point as being the first byte of the loaded image idaapi.add_entry(rom.header.image_dest_ptr, rom.header.image_dest_ptr, "HEADER", 1) AddIdbComment(image_base, 'Flash Part Version: ', rom.header.flash_parti_ver) AddIdbComment(image_base, 'Source Location: ', rom.header.image_src) AddIdbComment(image_base, 'Destination Address: ', rom.header.image_dest_ptr) AddIdbComment(image_base, 'Image Size: ', rom.header.image_size) AddIdbComment(image_base, 'Code Size: ', rom.header.code_size) AddIdbComment(image_base, 'Signature Ptr: ', rom.header.sig_ptr) AddIdbComment(image_base, 'Signature Size: ', rom.header.sig_size) AddIdbComment(image_base, 'Cert Chain Ptr: ', rom.header.cert_chain_ptr) AddIdbComment(image_base, 'Cert Chain Size: ', rom.header.cert_chain_size) return 1
type=argparse.FileType('r'), default=None, help="File containing the global variables to be lifted") args = parser.parse_args(args=idc.ARGV[1:]) if args.log_file != os.devnull: INIT_DEBUG_FILE(args.log_file) DEBUG("Debugging is enabled.") addr_size = {"x86": 32, "amd64": 64, "aarch64": 64}.get(args.arch, 0) if addr_size != get_address_size_in_bits(): DEBUG( "Arch {} address size does not match IDA's available bitness {}! Did you mean to use idal64?" .format(args.arch, get_address_size_in_bits())) idc.ChangeConfig("ABANDON_DATABASE=YES") idc.Exit(-1) if args.pie_mode: DEBUG("Using PIE mode.") PIE_MODE = True EMAP = {} EMAP_DATA = {} # Try to find the defs file or this OS OS_NAME = args.os os_defs_file = os.path.join(tools_disass_dir, "defs", "{}.txt".format(args.os)) if os.path.isfile(os_defs_file): args.std_defs.insert(0, os_defs_file)