BATTLE PROGRAMMER AKIRA

  1. restatic.py - bash

    Tags
    re
    By AKIRA BASHO il 11 April 2023
     
    0 Comments   27 Views
    .
    szjzgXf

    #!/usr/bin/python3

    import r2pipe
    import sys
    import os
    import subprocess, re

    if len(sys.argv) < 2:
    sys.exit("Error: Please provide exactly one filename as argument")

    program_name = sys.argv[0]
    filename = sys.argv[1]

    if len(sys.argv) < 3:
    func="main"
    else:
    func=sys.argv[2]

    r2 = r2pipe.open(filename)
    r2.cmd('aaa')
    os.system("file "+filename)
    print(" ")
    os.system("checksec --file "+filename)
    print(" ")
    print("*** list functions ***")
    print(" ")
    print(r2.cmd("afl"))
    print("*** disassemble "+func+" ***")
    print(r2.cmd("s "+func))
    print(r2.cmd("pdf"))
    print("*** summary "+func+" ***")
    print(" ")
    print(r2.cmd("pdfs"))
    print("*** list strings ***")
    print(" ")
    print(r2.cmd("iz"))
    print("*** list call instructions everywhere ***")
    print(" ")
    print(r2.cmd("/ad/ call"))
    r2.quit()

    ;script python per una prima analisi statica dell'eseguibile, che utilizza la libreria python r2pipe per comunicare con radare2 e quindi estrarre tutta una serie di informazioni utili per il reversing

    *** list functions ***

    beleaf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=6d305eed7c9bebbaa60b67403a6c6f2b36de3ca4, stripped

    [*] './beleaf'
    Arch: amd64-64-little
    RELRO: Full RELRO
    Stack: Canary found
    NX: NX enabled
    PIE: PIE enabled

    0x000006f0 1 42 entry0
    0x00000680 1 6 sym.imp.puts
    0x00000690 1 6 sym.imp.strlen
    0x000006a0 1 6 sym.imp.__stack_chk_fail
    0x000006b0 1 6 sym.imp.printf
    0x00000000 3 272 -> 226 loc.imp._ITM_deregisterTMCloneTable
    0x000006c0 1 6 sym.imp.__isoc99_scanf
    0x000006d0 1 6 sym.imp.exit
    0x000006e0 1 6 sym.imp.__cxa_finalize
    0x000008a1 10 307 main
    0x000007fa 10 167 fcn.000007fa
    0x000007f0 5 154 -> 67 entry.init0
    0x000007b0 5 58 -> 51 entry.fini0
    0x00000720 4 50 -> 40 fcn.00000720
    0x00000650 3 23 fcn.00000650

    *** disassemble main ***

    ; DATA XREF from entry0 @ 0x70d(r)
    307: int main (int argc, char **argv);
    ; arg int argc @ rdi
    ; arg char **argv @ rsi
    ; var int64_t canary @ rbp-0x8
    ; var char *s @ rbp-0x90
    ; var uint32_t var_98h @ rbp-0x98
    ; var size_t var_a0h @ rbp-0xa0
    ; var int64_t var_a8h @ rbp-0xa8
    ; var int64_t var_b4h @ rbp-0xb4
    ; var char **var_c0h @ rbp-0xc0
    0x000008a1 55 push rbp
    0x000008a2 4889e5 mov rbp, rsp
    0x000008a5 4881ecc00000. sub rsp, 0xc0
    0x000008ac 89bd4cffffff mov dword [var_b4h], edi ; argc
    0x000008b2 4889b540ffff. mov qword [var_c0h], rsi ; argv
    0x000008b9 64488b042528. mov rax, qword fs:[0x28]
    0x000008c2 488945f8 mov qword [canary], rax
    0x000008c6 31c0 xor eax, eax
    ...
    ...
    ...
    ...

    *** summary main ***

    0x00000090 arg3
    0x000008ac argc
    0x000008b2 argv
    0x000008c8 const char *format
    0x000008c8 str.Enter_the_flag_n____
    0x000008d4 call sym.imp.printf
    0x000008e3 const char *format
    0x000008ef call sym.imp.__isoc99_scanf
    0x000008fb const char *s
    0x000008fe call sym.imp.strlen
    0x00000914 const char *s
    0x00000914 str.Incorrect_
    0x0000091b call sym.imp.puts
    0x00000920 int status
    0x00000925 call sym.imp.exit
    0x0000092a:
    0x00000937:
    0x0000094e int64_t arg1
    0x00000950 call fcn.000007fa fcn.000007fa
    0x0000097f const char *s
    0x0000097f str.Incorrect_
    0x00000986 call sym.imp.puts
    0x0000098b int status
    0x00000990 call sym.imp.exit
    0x00000995:
    0x0000099d:
    0x000009ad const char *s
    0x000009ad str.Correct_
    0x000009b4 call sym.imp.puts
    0x000009cd call sym.imp.__stack_chk_fail
    0x000009d2:
    0x000009fb str.Correct_
    0x00000a0c call fcn.00000650 fcn.00000650

    *** list strings ***

    [Strings]
    nth paddr vaddr len size section type string
    ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――
    0 0x00000a64 0x00000a64 19 20 .rodata ascii Enter the flag\n>>>
    1 0x00000a7b 0x00000a7b 10 11 .rodata ascii Incorrect!
    2 0x00000a86 0x00000a86 8 9 .rodata ascii Correct!
    0 0x00001020 0x00201020 7 32 .data utf32le wf{_ny}

    *** list call instructions everywhere ***

    0x00000660 ffd0 call rax
    0x00000714 ff15c6082000 call qword [rip + 0x2008c6]
    0x000007ce e80dffffff call sym.imp.__cxa_finalize
    0x000008d4 e8d7fdffff call sym.imp.printf
    0x000008ef e8ccfdffff call sym.imp.__isoc99_scanf
    0x0000091b e860fdffff call sym.imp.puts
    0x00000925 e8a6fdffff call sym.imp.exit
    0x00000950 e8a5feffff call fcn.000007fa
    0x00000986 e8f5fcffff call sym.imp.puts
    0x00000990 e83bfdffff call sym.imp.exit
    0x000009b4 e8c7fcffff call sym.imp.puts
    0x000009cd e8cefcffff call sym.imp.__stack_chk_fail
    0x00000a0c e83ffcffff call fcn.00000650
    0x00000a29 41ff14dc call qword [r12 + rbx*8]
    0x00000a2a ff14dc call qword [rsp + rbx*8]
    0x00000a9f ff9000000050 call qword [rax + 0x50000000]
    0x00000ab7 ffd0 call rax
    0x00000ac7 ff10 call qword [rax]
    0x00000acf ff5801 call [rax + 1]


    Edited by AKIRA BASHO - 2/5/2023, 17:00
      Share  
     
    .

BATTLE PROGRAMMER AKIRA
 
Create your blog! · Create your forum! · Top Blog · Categories · Help · Status · Contacts · Powered by BlogFree