def decodeAll(self):
# Start with analysis
cutter.cmd('aa')
# Build the decoder table
self.buildDecoderTable()
# Dump all the strings passed to decoder function
for xref in cutter.cmdj("axtj %d" % self.decoder['fcn']):
xref_addr = xref['from']
arg_len, arg_offsets = cutter.cmdj("pdj -2 @ %d" % xref_addr)
if not 'val' in arg_len:
continue
indexes = cutter.cmdj("pxj %d @ %d" % (arg_len['val'] * 2, arg_offsets['val']))
decoded_str = self.decode(indexes)
#print("%s @ %s" % (decoded_str, hex(xref_addr)))
cutter.cmd("CC Decoded: %s @ %d" % (decoded_str, xref_addr))
# Refresh interface
cutter.refresh()
continue
val = mov_obtain_constant(instr)
if val:
canidate += val.decode('UTF-8', 'ignore')
#hit a string terminator, print and clear
if canidate.endswith('\x00'):
print_data(canidate, instr['offset'])
canidate = ""
else:
#another instruction type been encountered
#string is no longer being built, print and clear
if canidate:
print_data(canidate, instr['offset'])
canidate = ""
def radare_crawl():
funcs = json.loads(cutter.cmd('aflj'))
for func in funcs:
try:
instructions = json.loads(
cutter.cmd('pdfj %s @ %s' % (func['size'], func['offset'])))
except ValueError as e:
continue
mov_hunt(instructions)
cutter.cmd('aaa;aap')
radare_crawl()
cutter.refresh()
def unhighlight_locations(locations):
cutter.cmd('ecH- @@=%s' % ' '.join([str(x) for x in locations]))
cutter.refresh()
def trigger_refresh():
cutter.refresh()
def cleaner(self):
graph_deobfuscator = GraphDeobfuscator(pipe)
graph_deobfuscator.clean_graph()
cutter.refresh()
def unhighlight_instruction(location):
cutter.cmd('ecH- @@=%s' % location)
cutter.refresh()