def find_interesting(base_ea, base_end): mv_ea = find_macho_valid(base_ea) if mv_ea != ida_idaapi.BADADDR: ldk_ea = find_loaded_kernelcache(mv_ea) lk_ea = find_load_kernelcache(ldk_ea) pk_ea = find_panic(base_ea) go_ea = find_do_go(base_ea) pr_ea = find_do_printf(base_ea) i4l_ea = find_image4_load(base_ea) i4d_ea = find_img4decodeinit(base_ea) aes_ea = find_aes_crypto_cmd(base_ea) udt_ea = find_update_device_tree(base_ea) ml_ea = find_macho_load(base_ea) pgv_ea = find_pmgr_binning_mode_get_value(base_ea) i4p_ea = find_image4_get_partial(base_ea) mt_ea = find_main_task(base_ea) bc_ea = find_boot_check_panic(base_ea, base_end) pc_ea = find_putchar(base_ea) if pc_ea != ida_idaapi.BADADDR and mv_ea == ida_idaapi.BADADDR: # this is a SecureROM image segm = ida_segment.getseg(base_ea) if segm: idaapi.set_segm_name(segm, "SecureROM", 0) print("[+] Identified as a SecureROM image")
def find_interesting(base_ea, base_end): mv_ea = find_macho_valid(base_ea, base_end) if mv_ea != ida_idaapi.BADADDR: ldk_ea = find_loaded_kernelcache(mv_ea) if ldk_ea != ida_idaapi.BADADDR: lk_ea = find_load_kernelcache(ldk_ea) pk_ea = find_panic(base_ea) go_ea = find_do_go(base_ea) pr_ea = find_do_printf(base_ea) i4vc_ea = find_image4_validate_property_callback(base_ea, base_end) if i4vc_ea != ida_idaapi.BADADDR: i4l_ea = find_image4_load(i4vc_ea) i4i_ea = find_image4_validate_property_callback_interposer(base_ea) if i4i_ea != ida_idaapi.BADADDR: i4ip_ea = find_image4_validate_property_callback_interposer_ptr(i4i_ea) rmr_ea = find_record_memory_range(base_ea) i4d_ea = find_img4decodeinit(base_ea) scf_ea = find_stack_chk_fail(base_ea) aes_ea = find_aes_crypto_cmd(base_ea, base_end) udt_ea = find_update_device_tree(base_ea) ml_ea = find_macho_load(base_ea) if ml_ea != ida_idaapi.BADADDR: lko_ea = find_load_kernelcache_object(ml_ea) pgv_ea = find_pmgr_binning_mode_get_value(base_ea) i4p_ea = find_image4_get_partial(base_ea) mt_ea = find_main_task(base_ea) tei_ea = find_target_early_init(base_ea) bc_ea = find_boot_check_panic(base_ea, base_end) pei_ea = find_platform_early_init(base_ea, base_end) crv_ea = find_chipid_get_chip_revision(base_ea, base_end) pid_ea = find_platform_init_display(base_ea) pc_ea = find_putchar(base_ea, base_end) # just to be sure if br_flag == false: if pc_ea != ida_idaapi.BADADDR and mv_ea == ida_idaapi.BADADDR: # this is a SecureROM image segm = ida_segment.getseg(base_ea) if segm: idaapi.set_segm_name(segm, "SecureROM", 0) print("[+] Identified as a SecureROM image")
def LoadModule(platform, name, path): global g_NextLibBase if platform is not None: os_type = platform[:3] if os_type == "iOS": # check if it is custom or system framework app_idx = path.find(".app") if app_idx >= 0: # custom framework local_path = path[app_idx + 4:] bin_path = os.path.dirname(get_input_file_path()) path = bin_path + local_path else: # system framework os_ver = platform[4:] home = os.path.expanduser("~") path = home + "/Library/Developer/Xcode/iOS DeviceSupport/" + os_ver + "/Symbols" + path # check if framework exists if os.path.exists(path) == False: fl_log("FridaLink: invalid path [ " + path + " ]\n") return fl_log("FridaLink: loading module '" + name + "' from [ " + path + " ]\n") res = load_loader_module(None, "macho", str(path), False) if res != 0: Wait() seg = get_segm_by_name("HEADER").startEA set_segm_name(getseg(seg), name) Wait() fl_log("FridaLink: set first sector name for loaded module to '" + name + "'\n") if seg < g_AppBase: fl_log("FridaLink: move module '" + name + "' to " + ('0x%012x' % g_NextLibBase) + "\n") # Move back all segments before main one (usually for OSX modules) while seg < g_AppBase: fl_log((' 0x%012x' % SegStart(seg)) + " -> " + ('0x%012x' % (SegStart(seg) + g_NextLibBase)) + ": " + SegName(seg) + "\n") MoveSegm(SegStart(seg), SegStart(seg) + g_NextLibBase, 0) Wait() seg = FirstSeg() g_NextLibBase += kModuleAlignment fl_log("FridaLink: next module base = " + ("0x%012x" % g_NextLibBase) + "\n")
def SanityChecks(): seg = FirstSeg() if SegName(seg) != GetInputFile().replace(' ', '_'): dlg = AskYN( 0, "Name of the first segment for main module ('" + SegName(seg) + "') doesn't\nmatch main module's name ('" + GetInputFile() + "').\n\n" + "In order for the FridaLink to function correctly (i.e. resolve\nsymbols and load additional modules) this segment name\nshould be updated.\n\n" + "Update first segment name to '" + GetInputFile() + "'?") if dlg == 1: set_segm_name(getseg(seg), GetInputFile()) Wait() fl_log("FridaLink: set first sector name for main binary to '" + GetInputFile() + "'\n")
def name(self, name): idaapi.set_segm_name(self.segment_t, name)
def __call__(self): s = idaapi.getseg(self.ea) idaapi.set_segm_name(s, self.name.encode('utf-8'))
def __call__(self): s = idaapi.getseg(self.ea) idaapi.set_segm_name(s, self.name)