From f388499a625af89e56669a8c76c65da21a7c1b1a Mon Sep 17 00:00:00 2001 From: dusoleil Date: Thu, 23 Mar 2023 03:45:20 -0400 Subject: rev: Use json output for get_bin_info() Grabbing the json and returning that dict directly avoids all of the processing we were doing before. I also added in a small, temporary band-aid for PE files until we add actual support for them. The 'relro' key doesn't exist on PE files, so just default it to '' in ELF. Signed-off-by: dusoleil --- sploit/rev/elf.py | 27 +++++++++++++-------------- sploit/rev/r2.py | 14 +++----------- 2 files changed, 16 insertions(+), 25 deletions(-) diff --git a/sploit/rev/elf.py b/sploit/rev/elf.py index 28cd08d..b1479d6 100644 --- a/sploit/rev/elf.py +++ b/sploit/rev/elf.py @@ -147,12 +147,12 @@ class ELF: # Fancy magic class that provides a psuedo-namespace to get properties of the binary def __init__(self, bininfo): self.info = { - "type" : bininfo.bintype, - "os" : bininfo.os, - "baddr" : int(bininfo.baddr,0), - "arch_string" : bininfo.arch, - "wordsize" : int(bininfo.bits)//8, - "endianness" : bininfo.endian, + "type" : bininfo['bintype'], + "os" : bininfo['os'], + "baddr" : bininfo['baddr'], + "arch_string" : bininfo['arch'], + "wordsize" : bininfo['bits']//8, + "endianness" : bininfo['endian'], } def __getattr__(self, k): return self.info[k] @@ -166,15 +166,14 @@ class ELF: class __SECINFO__(__BININFO__): # Fancy magic class that provides a psuedo-namespace to get security properties of the binary def __init__(self, bininfo): - bool = lambda s : s == 'true' or s == 'True' self.info = { - "stripped" : bool(bininfo.stripped), - "pic" : bool(bininfo.pic), - "relro" : bininfo.relro, - "relocs" : bool(bininfo.relocs), - "canary" : bool(bininfo.canary), - "nx" : bool(bininfo.nx), - "rpath" : bininfo.rpath, + "stripped" : bininfo['stripped'], + "pic" : bininfo['pic'], + "relro" : bininfo.get('relro',''), + "relocs" : bininfo['relocs'], + "canary" : bininfo['canary'], + "nx" : bininfo['nx'], + "rpath" : bininfo['rpath'], } def retaddr(self, caller, callee): diff --git a/sploit/rev/r2.py b/sploit/rev/r2.py index f6bb43e..f239d09 100644 --- a/sploit/rev/r2.py +++ b/sploit/rev/r2.py @@ -15,8 +15,7 @@ def run_cmd(binary,cmd): def get_elf_symbols(elf): ilog(f'Retrieving symbols of {elf} with r2...') - base = get_bin_info(elf).baddr - base = int(base, 0) + base = get_bin_info(elf)['baddr'] sect = json.loads(run_cmd(elf,'iSj')[0]) sect = {s['name']:s['vaddr'] for s in sect} @@ -81,7 +80,7 @@ def rop_gadgets(binary, *regexes, cont=False): ilog(f"Searching {binary} for {'; '.join(regexes)} gadgets with r2...") gadgets = rop_json(binary) results = [] - base = int(get_bin_info(binary).baddr, 0) + base = get_bin_info(binary)['baddr'] for gadget in gadgets: opcodes = gadget['opcodes'] @@ -133,11 +132,4 @@ def get_call_returns(binary,xref_from,xref_to): def get_bin_info(binary): ilog(f'Retrieving binary and security info about {binary} with r2...') - BinInfo = nt("BinInfo", "bintype os arch bits endian baddr canary nx pic relocs relro rpath stripped") - cmd_info = 'iI' - info = run_cmd(binary, cmd_info) - info = [re.split(r'\s+',i,1) for i in info] - info = {i[0]:i[1] for i in info} - info = [info[f] for f in BinInfo._fields] - ret = BinInfo(*info) - return ret + return json.loads(run_cmd(binary,'iIj')[0]) -- cgit v1.2.3