/ALLirt

Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily

Primary LanguagePython

ALLIRT

Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily

Usage

$ python3 allirt.py
Usage : python3 alirt.py (-o <out_dir> -s <start> -e <end> -f <flair_dir> -c <compress>)

you must have flair utilities. (pelf, sigmake, zipsig)

Options

$ allirt.py -h
Usage: allirt.py -o <out_dir>

Options:
  -h, --help            show this help message and exit
  -o OUT_DIR, --outdir=OUT_DIR
                        set result directory
  -s START, --start=START
                        set series start range
  -e END, --end=END     set series end range
  -f FLAIR, --flair=FLAIR
                        set flair util directory
  -c, --no-compress     sig not compress

-f option is flair utilities directory ( default : flair )

├── dumpsig
├── pcf
├── pelf
├── pelf.rtb
├── plb
├── pmacho
├── pomf166
├── ppsx
├── ptmobj
├── sigmake
└── zipsig

requires pelf sigmake zipsig

Get all of signatures of libc packages

$ python3 allirt.py -f flair -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev


[INFO] OS Series (1/30) : warty (4.10)

[INFO] Architecture (1/3) : amd64

[INFO] Package Version (1/3) : 2.3.2.ds1-13ubuntu2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2 2018-06-03 02:09:52.441499
[INFO] Download Completed : http://launchpadlibrarian.net/1251110/libc6-dev_2.3.2.ds1-13ubuntu2_amd64.deb (2961464 bytes)
[INFO] Target library : ./usr/lib/libc.a
[INFO] Signature has been generated. -> tmp/ubuntu/4.10 (warty)/amd64/libc6_2.3.2.ds1-13ubuntu2_amd64.sig

[INFO] Package Version (2/3) : 2.3.2.ds1-13ubuntu2.2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.2 2018-06-03 02:10:10.521781
[WARNING] Package deleted

[INFO] Package Version (3/3) : 2.3.2.ds1-13ubuntu2.3
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.3 2018-06-03 02:10:11.242

.........................


[INFO] Architecture (5/5) : sparc
[WARNING] SKIPPED
[INFO] Finished

Get signatures of some libc packages

using -s start -e end options.

range of os series

$ python3 allirt.py -f flair -s 1 -e 2 -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev


[INFO] OS Series (1/1) : hoary (5.04)

[INFO] Architecture (1/5) : amd64

[INFO] Package Version (1/3) : 2.3.2.ds1-20ubuntu13
[INFO] ubuntu 5.04 libc6-dev amd64 2.3.2.ds1-20ubuntu13 2018-06-03 02:04:58.0489

Result

└── ubuntu
    ├── 4.10\ (warty)
    │   └── amd64
    │       └── libc6_2.3.2.ds1-13ubuntu2_amd64.sig
    └── 5.04\ (hoary)
        ├── amd64
        │   ├── libc6_2.3.2.ds1-20ubuntu13_amd64.sig
        │   └── libc6_2.3.2.ds1-20ubuntu15_amd64.sig
        ├── i386
        │   ├── libc6_2.3.2.ds1-20ubuntu13_i386.sig
        │   └── libc6_2.3.2.ds1-20ubuntu15_i386.sig
        ├── ia64
        └── powerpc
            ├── libc6_2.3.2.ds1-20ubuntu13_powerpc.sig
            └── libc6_2.3.2.ds1-20ubuntu15_powerpc.sig

TODO

  • save a file (static library ex: libc.a)
  • fliar.py command line interface

suggests me your idea and issue

this tool uses launchpad.net mirror. I am finding package mirrors.

Thanks to @hstocks - Unknown relocation type