From c74141f2c405bc052c59c633a347fb13a46ff509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fel=C3=A1=C4=8Dek?= Date: Sun, 2 Jun 2024 11:07:16 +0200 Subject: [PATCH 1/3] specified package versions and fixed binalyzer --- .gitignore | 6 ++++++ Binalyzer/README.md | 12 ++++++++++++ Binalyzer/full_ldd.py | 9 +++++++-- Binalyzer/requirements.txt | 10 ++++++---- Binalyzer/syscalls.py | 4 +++- 5 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 .gitignore create mode 100644 Binalyzer/README.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6b58847 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +__pycache__/ +.vscode/ +cached_results/ +venv/ +modified_binaries/ +old_results/ \ No newline at end of file diff --git a/Binalyzer/README.md b/Binalyzer/README.md new file mode 100644 index 0000000..7cf7edf --- /dev/null +++ b/Binalyzer/README.md @@ -0,0 +1,12 @@ +# Running + +To run Binalyzer, you should use Python 3.8 (versions 3.9 - 3.11 should also work, but were not tested; version 3.12 will **NOT** work). + +First, create an environment and install the requirements: + +```bash +$ python3.8 -m venv venv +$ python3.8 -m ensurepip --upgrade +$ python3.8 -m pip install -r requirements.txt +``` + diff --git a/Binalyzer/full_ldd.py b/Binalyzer/full_ldd.py index 3deef44..991dd50 100644 --- a/Binalyzer/full_ldd.py +++ b/Binalyzer/full_ldd.py @@ -71,6 +71,8 @@ def ldpaths(ld_so_conf='/etc/ld.so.conf'): for c in include_files: paths = paths + ldpaths(os.path.realpath(c)) + # add the default lib directory as the previous code does not seem to include it + paths.append("/lib") paths = list(set(paths)) paths.sort() return paths @@ -109,7 +111,7 @@ def dynamic_dt_needed_paths( dt_needed, eclass, paths): return dt_needed_paths -def all_dynamic_dt_needed_paths(f, paths): +def all_dynamic_dt_needed_paths(f, paths, depth = 0): """ Return a dictionary of all the DT_NEEDED => Library Paths for a given ELF file obtained by recursively following linkage. """ @@ -120,8 +122,11 @@ def all_dynamic_dt_needed_paths(f, paths): # This needs to be iterated until we traverse the entire linkage tree dt_needed = readelf.dynamic_dt_needed() dt_needed_paths = dynamic_dt_needed_paths(dt_needed, eclass, paths) + # max depth to prevent infinite loops + if depth > 10: # random max number, increasing to 30 does not seem to make a difference... + return dt_needed_paths for n, lib in dt_needed_paths.items(): - dt_needed_paths = dict(all_dynamic_dt_needed_paths(lib, paths), **dt_needed_paths) + dt_needed_paths = dict(all_dynamic_dt_needed_paths(lib, paths, depth + 1), **dt_needed_paths) except ELFError as ex: sys.stderr.write('ELF error: %s\n' % ex) sys.exit(1) diff --git a/Binalyzer/requirements.txt b/Binalyzer/requirements.txt index 4ae4a5e..ddb66ed 100644 --- a/Binalyzer/requirements.txt +++ b/Binalyzer/requirements.txt @@ -1,4 +1,6 @@ -pyelftools -capstone -lief -angr +pyelftools==0.27 +capstone==4.0.2 +lief==0.10.1 +angr==9.0.4378 +six==1.15.0 +protobuf==3.13.0 diff --git a/Binalyzer/syscalls.py b/Binalyzer/syscalls.py index 93a7d8a..6273b70 100644 --- a/Binalyzer/syscalls.py +++ b/Binalyzer/syscalls.py @@ -141,6 +141,8 @@ def init(fname): with open(fname, 'rb') as f: elf = ELFFile(f) code = elf.get_section_by_name('.text') + if code is None: # what + return [] ops = code.data() addr = code['sh_addr'] md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64) @@ -157,7 +159,7 @@ def init(fname): def get_syscalls(fname): - # find syscalls + # find syscalls # nice comment try: insn = init(fname) return find_syscalls(insn) From 76a899f7eadde94090ff5ec2b419d2f5868ad1f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fel=C3=A1=C4=8Dek?= Date: Sun, 2 Jun 2024 11:09:36 +0200 Subject: [PATCH 2/3] fixed gitignore and readme --- .gitignore | 5 ++++- Binalyzer/README.md | 6 ++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 6b58847..8dda9b1 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,7 @@ __pycache__/ cached_results/ venv/ modified_binaries/ -old_results/ \ No newline at end of file +old_results/ +tests/* +!tests/Makefile +!tests/*.c \ No newline at end of file diff --git a/Binalyzer/README.md b/Binalyzer/README.md index 7cf7edf..a7e6eee 100644 --- a/Binalyzer/README.md +++ b/Binalyzer/README.md @@ -10,3 +10,9 @@ $ python3.8 -m ensurepip --upgrade $ python3.8 -m pip install -r requirements.txt ``` +Afterwards, run the script with any program in your filesystem: + +```bash +$ python3.8 filter.py tests/simple +$ python3.8 filter.py /bin/ls +``` \ No newline at end of file From edfcb541a85982783d264a7efa8b88ba5e2c38d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fel=C3=A1=C4=8Dek?= Date: Sun, 2 Jun 2024 11:24:43 +0200 Subject: [PATCH 3/3] fixed gitignore again --- .gitignore | 6 +++--- Binalyzer/syscalls.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 8dda9b1..856b5c2 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,6 @@ cached_results/ venv/ modified_binaries/ old_results/ -tests/* -!tests/Makefile -!tests/*.c \ No newline at end of file +/Binalyzer/tests/* +\!/Binalyzer/tests/Makefile +!/Binalyzer/tests/*.c \ No newline at end of file diff --git a/Binalyzer/syscalls.py b/Binalyzer/syscalls.py index 6273b70..f18769e 100644 --- a/Binalyzer/syscalls.py +++ b/Binalyzer/syscalls.py @@ -159,7 +159,7 @@ def init(fname): def get_syscalls(fname): - # find syscalls # nice comment + # find syscalls try: insn = init(fname) return find_syscalls(insn)