Tool to search pseudo-random number generators and cryptographic hash functions in binary executables. The usage is split into two steps: export necessary data via IDA python and executing the analysis. The analysis can use multiple processes (supervised by arbiter.py
) and thus can be heavily parallelized (the actual analyzes is done in the worker.py
script).
Short installation description tested on Ubuntu 16.04 and 18.04.
- Needs
dieharder
installed
apt install dieharder
- Needs unicorn 1.0.2
git clone https://github.com/unicorn-engine/unicorn.git
cd unicorn
./make.sh
sudo ./make.sh install
cd bindings/python/
python3 setup.py install
- Needs networkx
pip3 install networkx
- Needs capstone
pip3 install capstone
- Needs protobuf
pip3 install protobuf
- Needs pyelftools
pip3 install pyelftools
- Configure
arbiter.py
by setting in the beginning of the file the number of processes started, the python interpreter that should be used, and the location of theworker.py
file.
First load the binary into IDA (preferable IDA on Linux). Then execute the ida_export.py
script available in the ida_export
directory. This script will transform the binary executable into SSA form, export necessary information, and do a pre-selection of PRNG/CHF functions. The SSA generation is taken from the SSA for IDA project.
Just execute the following command:
python3 ./arbiter.py /path/to/target/binary_executable
Please note that the files the IDA export script creates have to be placed in the same directory as the target binary executable.