Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: R2Qiling with refactored memory and de-flatten plugin #1244

Open
wants to merge 15 commits into
base: dev
Choose a base branch
from
Open

feat: R2Qiling with refactored memory and de-flatten plugin #1244

wants to merge 15 commits into from

Commits on Dec 30, 2022

  1. feat(r2): CallStack and fuzzy backtrace hook

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    0510096 View commit details
    Browse the repository at this point in the history

  2. feat(r2): interactive shell

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    287e5f6 View commit details
    Browse the repository at this point in the history

  3. fix(r2): skip ill instruction in disassembler 

    in addition to 'invalid' instruction
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    4f81f62 View commit details
    Browse the repository at this point in the history

  4. test(mem): mmap2 syscall 

    BUG: mips32 uc map 0x9000000 become 0x1000000
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    c336675 View commit details
    Browse the repository at this point in the history

  5. feat(r2): oba to load bininfo and update flags

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    d6b88b9 View commit details
    Browse the repository at this point in the history

  6. feat(r2): new APIs enhancing fine-grained analysis 

    Add new class AnalOp and Operand
@Property r2.offset returns current offset

New methods of R2:
write(addr: int, bs: bytes)
get_fcn_at(addr: int) -> Function
get_bb_at(addr: int) -> BasicBlock
get_fcn_bbs(addr: int) -> List[BasicBlock]
dis(Function | BasicBlock) -> List[Instruction]

New attributes of R2Data:
__str__ can hexlify int
__contains__  makes range checking easier
@Property: start_ea, end_ea

Fix an error in @aaa decorator to accept args
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    e9c8631 View commit details
    Browse the repository at this point in the history

  7. feat(r2): PoC of de-flatten plugin 

    example deflat_r2.py tests a x86 program compiled with OLLVM -mllvm -fla

see https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    e310cb8 View commit details
    Browse the repository at this point in the history

  8. feat(r2): wrapper class R2Qiling and R2Mem

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    b16e2c7 View commit details
    Browse the repository at this point in the history

  9. test(mem): remove assert_mem_equal, add option to use R2Qiling 

    assert_mem_equal is only needed for R2Qiling
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    5e33859 View commit details
    Browse the repository at this point in the history

  10. chore: add example source code for deflat

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    2de22d1 View commit details
    Browse the repository at this point in the history

  11. feat(r2): load symbols from file if possible 

    refactor r2._cmd() to allow optional r_core passed
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    7a1beb1 View commit details
    Browse the repository at this point in the history

  12. refactor(r2): add addr wrap and move wrap to utils 

    @wrap_arg_addr makes function accept name/R2Data as addr and return same func when args is empty

rename: get_fcn_at -> get_fcn
rename: get_bb_at -> get_bb
    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    dd679e9 View commit details
    Browse the repository at this point in the history

  13. refactor(r2): move R2Qiling and utils out of __init__.py

    @chinggg
    chinggg committed Dec 30, 2022
    Configuration menu
    Copy the full SHA
    580a758 View commit details
    Browse the repository at this point in the history

Commits on Dec 31, 2022

  1. refactor(r2): improve shell and examples 

    r2.shell() can now be launched at an address (PC by default)
    @chinggg
    chinggg committed Dec 31, 2022
    Configuration menu
    Copy the full SHA
    ab41d49 View commit details
    Browse the repository at this point in the history

  2. refactor(r2): assume compatibility with ql.mem 

    only difference: use an extra dict cmap to store ctype buf

map_info is the same as existing, no bytearray stored and updated
    @chinggg
    chinggg committed Dec 31, 2022
    Configuration menu
    Copy the full SHA
    a53790e View commit details
    Browse the repository at this point in the history