Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
B
binwalk
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
binwalk
Commits
e8bd9d9d
Commit
e8bd9d9d
authored
Sep 06, 2014
by
devttys0
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Added --disasm option
parent
b3eb8b66
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
126 additions
and
0 deletions
+126
-0
__init__.py
src/binwalk/modules/__init__.py
+1
-0
codeid.py
src/binwalk/modules/codeid.py
+125
-0
No files found.
src/binwalk/modules/__init__.py
View file @
e8bd9d9d
...
@@ -7,3 +7,4 @@ from binwalk.modules.extractor import Extractor
...
@@ -7,3 +7,4 @@ from binwalk.modules.extractor import Extractor
from
binwalk.modules.entropy
import
Entropy
from
binwalk.modules.entropy
import
Entropy
from
binwalk.modules.heuristics
import
HeuristicCompressionAnalyzer
from
binwalk.modules.heuristics
import
HeuristicCompressionAnalyzer
from
binwalk.modules.compression
import
RawCompression
from
binwalk.modules.compression
import
RawCompression
from
binwalk.modules.codeid
import
CodeID
src/binwalk/modules/codeid.py
0 → 100644
View file @
e8bd9d9d
import
capstone
import
binwalk.core.common
from
binwalk.core.module
import
Module
,
Option
,
Kwarg
class
Architecture
(
object
):
def
__init__
(
self
,
**
kwargs
):
for
(
k
,
v
)
in
kwargs
.
iteritems
():
setattr
(
self
,
k
,
v
)
class
CodeID
(
Module
):
DEFAULT_MIN_INSN_COUNT
=
500
TITLE
=
"Disassembly Scan"
ORDER
=
10
CLI
=
[
Option
(
short
=
'Y'
,
long
=
'disasm'
,
kwargs
=
{
'enabled'
:
True
},
description
=
'Identify executable code using the capstone disassembler'
),
Option
(
short
=
'T'
,
long
=
'minsn'
,
type
=
int
,
kwargs
=
{
'min_insn_count'
:
0
},
description
=
'Minimum number of instructions to be considered valid'
),
]
KWARGS
=
[
Kwarg
(
name
=
'enabled'
,
default
=
False
),
Kwarg
(
name
=
'min_insn_count'
,
default
=
0
),
]
ARCHITECTURES
=
[
Architecture
(
type
=
capstone
.
CS_ARCH_MIPS
,
mode
=
capstone
.
CS_MODE_32
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"MIPS executable code, 32-bit, big endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_MIPS
,
mode
=
capstone
.
CS_MODE_32
,
endianess
=
capstone
.
CS_MODE_LITTLE_ENDIAN
,
description
=
"MIPS executable code, 32-bit, little endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM
,
mode
=
capstone
.
CS_MODE_ARM
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"ARM executable code, 32-bit, big endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM
,
mode
=
capstone
.
CS_MODE_ARM
,
endianess
=
capstone
.
CS_MODE_LITTLE_ENDIAN
,
description
=
"ARM executable code, 32-bit, little endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_PPC
,
mode
=
capstone
.
CS_MODE_BIG_ENDIAN
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"PPC executable code, 32/64-bit, big endian"
),
#Architecture(type=capstone.CS_ARCH_MIPS,
# mode=capstone.CS_MODE_16,
# endianess=capstone.CS_MODE_BIG_ENDIAN,
# description="MIPS executable code, 16-bit, big endian"),
#Architecture(type=capstone.CS_ARCH_MIPS,
# mode=capstone.CS_MODE_16,
# endianess=capstone.CS_MODE_LITTLE_ENDIAN,
# description="MIPSEL executable code, 16-bit, little endian"),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM
,
mode
=
capstone
.
CS_MODE_THUMB
,
endianess
=
capstone
.
CS_MODE_LITTLE_ENDIAN
,
description
=
"ARM executable code, 16-bit (Thumb), little endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM
,
mode
=
capstone
.
CS_MODE_THUMB
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"ARM executable code, 16-bit (Thumb), big endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_MIPS
,
mode
=
capstone
.
CS_MODE_64
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"MIPS executable code, 64-bit, big endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_MIPS
,
mode
=
capstone
.
CS_MODE_64
,
endianess
=
capstone
.
CS_MODE_LITTLE_ENDIAN
,
description
=
"MIPS executable code, 64-bit, little endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM64
,
mode
=
capstone
.
CS_MODE_ARM
,
endianess
=
capstone
.
CS_MODE_BIG_ENDIAN
,
description
=
"ARM executable code, 64-bit, big endian"
),
Architecture
(
type
=
capstone
.
CS_ARCH_ARM64
,
mode
=
capstone
.
CS_MODE_ARM
,
endianess
=
capstone
.
CS_MODE_LITTLE_ENDIAN
,
description
=
"ARM executable code, 64-bit, little endian"
),
]
def
init
(
self
):
if
not
self
.
min_insn_count
:
self
.
min_insn_count
=
self
.
DEFAULT_MIN_INSN_COUNT
def
scan_file
(
self
,
fp
):
total_read
=
0
while
True
:
(
data
,
dlen
)
=
fp
.
read_block
()
if
not
data
:
break
offset
=
0
while
offset
<
dlen
:
for
arch
in
self
.
ARCHITECTURES
:
md
=
capstone
.
Cs
(
arch
.
type
,
(
arch
.
mode
+
arch
.
endianess
))
ninsn
=
len
([
insn
for
insn
in
md
.
disasm_lite
(
data
[
offset
:
offset
+
(
self
.
min_insn_count
*
10
)],
0
)])
binwalk
.
core
.
common
.
debug
(
"0x
%.8
X
%
s, at least
%
d valid instructions"
%
((
total_read
+
offset
),
arch
.
description
,
ninsn
))
if
ninsn
>=
self
.
min_insn_count
:
description
=
arch
.
description
+
", at least
%
d valid instructions"
%
ninsn
r
=
self
.
result
(
offset
=
total_read
+
offset
,
file
=
fp
,
description
=
description
)
if
r
.
valid
and
r
.
display
and
not
self
.
config
.
verbose
:
return
offset
+=
1
total_read
+=
dlen
def
run
(
self
):
for
fp
in
iter
(
self
.
next_file
,
None
):
self
.
header
()
self
.
scan_file
(
fp
)
self
.
footer
()
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
