def display(self, before=''):
print before + green("[+]")+" NList item :"
print before + "\t- n_strx : 0x%08x" % self.n_strx
print before + "\t- n_type : 0x%02x" % self.n_type
print before + "\t- n_sect : 0x%02x" % self.n_sect
print before + "\t- n_desc : 0x%04x" % self.n_desc
print before + "\t- n_value : 0x%x" % self.n_value
def display(self, before=''):
print before + green("[+]") + " LC_SYMTAB"
print before + "\t- symoff : 0x%x" % self.symoff
print before + "\t- nsyms : %d" % self.nsyms
for sym in self.syms:
sym.display(before=before + "\t")
print before + "\t- stroff : 0x%x" % self.stroff
print before + "\t- strsize : %d (0x%x)" % (self.strsize, self.strsize)
print before + "\t- strings : " + str(self.strs)
def display(self, before=''):
print before + green("[+]")+" LC_SYMTAB"
print before + "\t- symoff : 0x%x" % self.symoff
print before + "\t- nsyms : %d" % self.nsyms
for sym in self.syms:
sym.display(before=before+"\t")
print before + "\t- stroff : 0x%x" % self.stroff
print before + "\t- strsize : %d (0x%x)" % (self.strsize, self.strsize)
print before + "\t- strings : "+str(self.strs)
def display(self, before=''):
print before + green("[+]")+" %s" % ("LC_DYLD_INFO_ONLY" if self.cmd == LC_DYLD_INFO_ONLY else "LC_DYLD_INFO")
print before + "\t- rebase_off : 0x%x" % self.rebase_off
print before + "\t- rebase_size : %d (0x%x)" % (self.rebase_size, self.rebase_size)
print before + "\t- bind_off : 0x%x" % self.bind_off
print before + "\t- bind_size : %d (0x%x)" % (self.bind_size, self.bind_size)
print before + "\t- weak_bind_off : 0x%x" % self.weak_bind_off
print before + "\t- weak_bind_size : %d (0x%x)" % (self.weak_bind_size, self.weak_bind_size)
print before + "\t- lazy_bind_off : 0x%x" % self.lazy_bind_off
print before + "\t- lazy_bind_size : %d (0x%x)" % (self.lazy_bind_size, self.lazy_bind_size)
print before + "\t- export_off : 0x%x" % self.export_off
print before + "\t- export_size : %d (0x%x)" % (self.export_size, self.export_size)
def display(self, before=''):
print before + green("[+]")+" %s" % self.sectname
print before + "\t- addr :0x%x" % self.addr
print before + "\t- size : 0x%x" % self.size
print before + "\t- offset : 0x%x" % self.offset
print before + "\t- align : 0x%x" % self.align
print before + "\t- reloff : 0x%x" % self.reloff
print before + "\t- nreloc : 0x%x" % self.nreloc
print before + "\t- flags : 0x%x - %s" % (self.flags, ", ".join(self.display_flags()))
print before + "\t- reserved1 : 0x%x" % self.reserved1
print before + "\t- reserved2 : 0x%x" % self.reserved2
if self.arch != 32:
print before + "\t- reserved3 : 0x%x" % self.reserved3
def display(self, before=''):
print before + green("[+]")+" %s" % ("LC_THREAD" if self.cmd == LC_THREAD else "LC_UNIXTHREAD")
if self.flavor == x86_THREAD_STATE32:
print before + "\teax = 0x%08x\tebx = 0x%08x\tecx = 0x%08x\tedx = 0x%08x" % (self.eax, self.ebx, self.ecx, self.edx)
print before + "\tedi = 0x%08x\tesi = 0x%08x\tebp = 0x%08x\tesp = 0x%08x" % (self.edi, self.esi, self.ebp, self.esp)
print before + "\tss = 0x%08x\t\teflags = 0x%08x\teip = 0x%08x\tcs = 0x%08x" % (self.ss, self.eflags, self.eip, self.cs)
print before + "\tds = 0x%08x\t\tes = 0x%08x\t\tfs = 0x%08x\t\tgs = 0x%08x" % (self.ds, self.es, self.fs, self.gs)
elif self.flavor == x86_THREAD_STATE64:
print before + "\trax = 0x%016x\trbx = 0x%016x\trcx = 0x%016x\trdx = 0x%016x" % (self.rax, self.rbx, self.rcx, self.rdx)
print before + "\trdi = 0x%016x\trsi = 0x%016x\trbp = 0x%016x\trsp = 0x%016x" % (self.rdi, self.rsi, self.rbp, self.rsp)
print before + "\t r8 = 0x%016x\t r9 = 0x%016x\tr10 = 0x%016x\tr11 = 0x%016x" % (self.r8, self.r9, self.r10, self.r11)
print before + "\tr12 = 0x%016x\tr13 = 0x%016x\tr14 = 0x%016x\tr15 = 0x%016x" % (self.r12, self.r13, self.r14, self.r15)
print before + "\trip = 0x%016x\trflags = 0x%016x\t cs = 0x%016x\t fs = 0x%016x" % (self.rip, self.rflags, self.cs, self.fs)
print before + "\t gs = 0x%016x" % self.gs
def display(self, before=''):
print before + green("[+]") + " %s" % self.segname
print before + "\t- vmaddr : 0x%x" % self.vmaddr
print before + "\t- vmsize : 0x%x" % self.vmsize
print before + "\t- fileoff : 0x%x" % self.fileoff
print before + "\t- filesize : 0x%x" % self.filesize
print before + "\t- maxprot : 0x%x (%s)" % (
self.maxprot, display_protection(self.maxprot))
print before + "\t- initprot : 0x%x (%s)" % (
self.initprot, display_protection(self.initprot))
print before + "\t- nsects : %d" % self.nsects
print before + "\t- flags : 0x%x - %s" % (self.flags, ", ".join(
self.display_flags()))
if len(self.sections) != 0:
print before + "\t[*] Sections (%d) :" % len(self.sections)
for section in self.sections:
section.display(before=before + "\t\t")
def display(self, before=''):
name = ''
if self.cmd == LC_CODE_SIGNATURE:
name = 'LC_CODE_SIGNATURE'
elif self.cmd == LC_SEGMENT_SPLIT_INFO:
name = 'LC_SEGMENT_SPLIT_INFO'
elif self.cmd == LC_FUNCTION_STARTS:
name = 'LC_FUNCTION_STARTS'
elif self.cmd == LC_DATA_IN_CODE:
name = 'LC_DATA_IN_CODE'
elif self.cmd == LC_DYLIB_CODE_SIGN_DRS:
name = 'LC_DYLIB_CODE_SIGN_DRS'
else:
raise Exception('WHAT DA F**K')
print before + green("[+]") + " %s" % name
print before + "\t- dataoff : 0x%x" % self.dataoff
print before + "\t- datasize : 0x%x" % self.datasize
def display(self, before=''):
name = ''
if self.cmd == LC_LOAD_DYLIB:
name = 'LC_LOAD_DYLIB'
elif self.cmd == LC_LOAD_WEAK_DYLIB:
name = 'LC_LOAD_WEAK_DYLIB'
elif self.cmd == LC_REEXPORT_DYLIB:
name = 'LC_REEXPORT_DYLIB'
elif self.cmd == LC_ID_DYLIB:
name = 'LC_ID_DYLIB'
else:
raise Exception('FUUUUUUUUU')
print before + green("[+]")+" %s" % name
print before + "\t- name : %s" % self.name
print before + "\t- timestamp : %s" % datetime.fromtimestamp(self.timestamp).strftime('%Y-%m-%d %H:%M:%S')
print before + "\t- current_version : %s" % int32_to_version(self.current_version)
print before + "\t- compatibility_version : %s" % int32_to_version(self.compatibility_version)
def display(self, before=''):
name = ''
if self.cmd == LC_CODE_SIGNATURE:
name = 'LC_CODE_SIGNATURE'
elif self.cmd == LC_SEGMENT_SPLIT_INFO:
name = 'LC_SEGMENT_SPLIT_INFO'
elif self.cmd == LC_FUNCTION_STARTS:
name = 'LC_FUNCTION_STARTS'
elif self.cmd == LC_DATA_IN_CODE:
name = 'LC_DATA_IN_CODE'
elif self.cmd == LC_DYLIB_CODE_SIGN_DRS:
name = 'LC_DYLIB_CODE_SIGN_DRS'
else:
raise Exception('WHAT DA F**K')
print before + green("[+]")+" %s" % name
print before + "\t- dataoff : 0x%x" % self.dataoff
print before + "\t- datasize : 0x%x" % self.datasize
def display(self, before=''):
print before + green("[+]")+" LC_DYSYMTAB"
print before + "\t- ilocalsym : 0x%x" % self.ilocalsym
print before + "\t- nlocalsym : 0x%x" % self.nlocalsym
print before + "\t- iextdefsym : 0x%x" % self.iextdefsym
print before + "\t- nextdefsym : 0x%x" % self.nextdefsym
print before + "\t- iundefsym : 0x%x" % self.iundefsym
print before + "\t- nundefsym : 0x%x" % self.nundefsym
print before + "\t- tocoff : 0x%x" % self.tocoff
print before + "\t- ntoc : %d" % self.ntoc
print before + "\t- modtaboff : 0x%x" % self.modtaboff
print before + "\t- nmodtab : 0x%x" % self.nmodtab
print before + "\t- extrefsymoff : 0x%x" % self.extrefsymoff
print before + "\t- nextrefsym : 0x%x" % self.nextrefsym
print before + "\t- indirectsymoff : 0x%x" % self.indirectsymoff
print before + "\t- nindirectsyms : 0x%x" % self.nindirectsyms
print before + "\t- extreloff : 0x%x" % self.extreloff
print before + "\t- nextrel : 0x%x" % self.nextrel
print before + "\t- locreloff : 0x%x" % self.locreloff
print before + "\t- nlocrel : 0x%x" % self.nlocrel
def display(self, before=''):
print before + green("[+]") + " LC_DYSYMTAB"
print before + "\t- ilocalsym : 0x%x" % self.ilocalsym
print before + "\t- nlocalsym : 0x%x" % self.nlocalsym
print before + "\t- iextdefsym : 0x%x" % self.iextdefsym
print before + "\t- nextdefsym : 0x%x" % self.nextdefsym
print before + "\t- iundefsym : 0x%x" % self.iundefsym
print before + "\t- nundefsym : 0x%x" % self.nundefsym
print before + "\t- tocoff : 0x%x" % self.tocoff
print before + "\t- ntoc : %d" % self.ntoc
print before + "\t- modtaboff : 0x%x" % self.modtaboff
print before + "\t- nmodtab : 0x%x" % self.nmodtab
print before + "\t- extrefsymoff : 0x%x" % self.extrefsymoff
print before + "\t- nextrefsym : 0x%x" % self.nextrefsym
print before + "\t- indirectsymoff : 0x%x" % self.indirectsymoff
print before + "\t- nindirectsyms : 0x%x" % self.nindirectsyms
print before + "\t- extreloff : 0x%x" % self.extreloff
print before + "\t- nextrel : 0x%x" % self.nextrel
print before + "\t- locreloff : 0x%x" % self.locreloff
print before + "\t- nlocrel : 0x%x" % self.nlocrel
def display(self, before=''):
print before + green("[+]") + " %s" % (
"LC_THREAD" if self.cmd == LC_THREAD else "LC_UNIXTHREAD")
if self.flavor == x86_THREAD_STATE32:
print before + "\teax = 0x%08x\tebx = 0x%08x\tecx = 0x%08x\tedx = 0x%08x" % (
self.eax, self.ebx, self.ecx, self.edx)
print before + "\tedi = 0x%08x\tesi = 0x%08x\tebp = 0x%08x\tesp = 0x%08x" % (
self.edi, self.esi, self.ebp, self.esp)
print before + "\tss = 0x%08x\t\teflags = 0x%08x\teip = 0x%08x\tcs = 0x%08x" % (
self.ss, self.eflags, self.eip, self.cs)
print before + "\tds = 0x%08x\t\tes = 0x%08x\t\tfs = 0x%08x\t\tgs = 0x%08x" % (
self.ds, self.es, self.fs, self.gs)
elif self.flavor == x86_THREAD_STATE64:
print before + "\trax = 0x%016x\trbx = 0x%016x\trcx = 0x%016x\trdx = 0x%016x" % (
self.rax, self.rbx, self.rcx, self.rdx)
print before + "\trdi = 0x%016x\trsi = 0x%016x\trbp = 0x%016x\trsp = 0x%016x" % (
self.rdi, self.rsi, self.rbp, self.rsp)
print before + "\t r8 = 0x%016x\t r9 = 0x%016x\tr10 = 0x%016x\tr11 = 0x%016x" % (
self.r8, self.r9, self.r10, self.r11)
print before + "\tr12 = 0x%016x\tr13 = 0x%016x\tr14 = 0x%016x\tr15 = 0x%016x" % (
self.r12, self.r13, self.r14, self.r15)
print before + "\trip = 0x%016x\trflags = 0x%016x\t cs = 0x%016x\t fs = 0x%016x" % (
self.rip, self.rflags, self.cs, self.fs)
print before + "\t gs = 0x%016x" % self.gs
def display(self, before=''):
print before + green("[+]")+" LC_RPATH"
print before + "\t- path : %s" % repr(self.path)
def display(self, before=''):
print before + green("[+]") + " LC_MAIN"
print before + "\t- entryoff : 0x%x" % self.entryoff
print before + "\t- stacksize : 0x%x" % self.stacksize
def display(self, before=''):
print before + green("[+]")+" LC_UUID"
print before + "\t- uuid : %02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X%02X%02X%02X%02X" \
% (self.uuid[0], self.uuid[1], self.uuid[2], self.uuid[3], self.uuid[4], self.uuid[5], self.uuid[6], \
self.uuid[7], self.uuid[8], self.uuid[9], self.uuid[10], self.uuid[11], self.uuid[12], \
self.uuid[13], self.uuid[14], self.uuid[15])
def display(self, before=''):
print before + green("[+]")+" LC_SOURCE_VERSION"
print before + "\t- version : %s" % int64_to_version(self.version)
def display(self, before=''):
print before + green("[+]") + " %s" % (
"LC_VERSION_MIN_MACOSX" if self.cmd == LC_VERSION_MIN_MACOSX else
"LC_VERSION_MIN_IPHONEOS")
print before + "\t- version : %s" % int32_to_version(self.version)
print before + "\t- sdk : %s" % int32_to_version(self.sdk)
def display(self, before=''):
print before + green("[+]")+" %s" % ("LC_DYLD_ENVIRONMENT" if self.cmd == LC_DYLD_ENVIRONMENT else "LC_LOAD_DYLINKER")
print before + "\t - path : %s" % self.path
def display(self, before=''):
print before + green("[+]")+" LC_ENCRYPTION_INFO"
print before + "\t- cryptoff : 0x%x" % self.cryptoff
print before + "\t- cryptsize : 0x%x" % self.cryptsize
print before + "\t- crypptid : 0x%x" % self.cryptid
def main():
parser = argparse.ArgumentParser(description="Read Mach-O file")
parser.add_argument('filename', help='Mach-O file to parse and print')
parser.add_argument('--headers',
'-hd',
help='show informations about header',
action='store_true')
parser.add_argument('--segments',
'-sg',
help='display all segments',
action='store_true')
parser.add_argument('--load-commands',
'-lc',
help='display all load commands',
action='store_true')
parser.add_argument('--verbose',
'-v',
help='display many informations',
action='store_true')
args = parser.parse_args()
m = MachO(args.filename)
if args.headers:
print yellow("[*]") + " Headers :"
print green("\t[+]") + " magic : 0x%x %s" % (m.header.magic, "- " +
m.header.display_magic()
if args.verbose else "")
print green("\t[+]") + " cputype : 0x%x %s" % (
m.header.cputype,
"- " + m.header.display_cputype() if args.verbose else "")
print green("\t[+]") + " cpusubtype : 0x%s" % (m.header.cpusubtype)
print green("\t[+]") + " filetype : 0x%x %s" % (
m.header.filetype,
"- " + m.header.display_filetype() if args.verbose else "")
print green("\t[+]") + " ncmds : %d" % (m.header.ncmds)
print green("\t[+]") + " sizeofcmds : %d byte%s" % (
m.header.sizeofcmds, "s" if m.header.sizeofcmds > 1 else "")
print green("\t[+]") + " flags : 0x%x %s" % (
m.header.flags,
"- " + ", ".join(m.header.display_flags()) if args.verbose else "")
if m.header.is_64():
print green("\t[+]") + " reserved : 0x%x" % (m.header.reserved)
if args.segments:
print yellow("[*]") + " Segments (%d) :" % len(m.segments)
for segment in m.segments:
segment.display(before="\t")
if args.load_commands:
print yellow("[*]") + " Load Commands (%d) :" % len(m.commands)
for lc in m.commands:
lc.display("\t")
def main():
parser = argparse.ArgumentParser(description="Read Mach-O file")
parser.add_argument('filename', help='Mach-O file to parse and print')
parser.add_argument('--headers', '-hd', help='show informations about header', action='store_true')
parser.add_argument('--segments', '-sg', help='display all segments', action='store_true')
parser.add_argument('--load-commands', '-lc', help='display all load commands', action='store_true')
parser.add_argument('--verbose', '-v', help='display many informations', action='store_true')
args = parser.parse_args()
m = MachO(args.filename)
if args.headers:
print yellow("[*]")+ " Headers :"
print green("\t[+]")+" magic : 0x%x %s" % (m.header.magic, "- " + m.header.display_magic() if args.verbose else "")
print green("\t[+]")+" cputype : 0x%x %s" % (m.header.cputype, "- " + m.header.display_cputype() if args.verbose else "")
print green("\t[+]")+" cpusubtype : 0x%s" % (m.header.cpusubtype)
print green("\t[+]")+" filetype : 0x%x %s" % (m.header.filetype, "- " + m.header.display_filetype() if args.verbose else "")
print green("\t[+]")+" ncmds : %d" % (m.header.ncmds)
print green("\t[+]")+" sizeofcmds : %d byte%s" % (m.header.sizeofcmds, "s" if m.header.sizeofcmds > 1 else "")
print green("\t[+]")+" flags : 0x%x %s" % (m.header.flags, "- " + ", ".join(m.header.display_flags()) if args.verbose else "")
if m.header.is_64():
print green("\t[+]")+" reserved : 0x%x" % (m.header.reserved)
if args.segments:
print yellow("[*]")+" Segments (%d) :" % len(m.segments)
for segment in m.segments:
segment.display(before="\t")
if args.load_commands:
print yellow("[*]")+" Load Commands (%d) :" % len(m.commands)
for lc in m.commands:
lc.display("\t")
def display(self, before=''):
print before + green("[+]")+" LC_MAIN"
print before + "\t- entryoff : 0x%x" % self.entryoff
print before + "\t- stacksize : 0x%x" % self.stacksize
def display(self, before=''):
print before + green("[+]")+" %s" % ("LC_VERSION_MIN_MACOSX" if self.cmd == LC_VERSION_MIN_MACOSX else "LC_VERSION_MIN_IPHONEOS")
print before + "\t- version : %s" % int32_to_version(self.version)
print before + "\t- sdk : %s" % int32_to_version(self.sdk)