Upload files to "ghidra"
This commit is contained in:
parent
95c220e266
commit
2f40e9d054
93
ghidra/mockdateconverter.py
Normal file
93
ghidra/mockdateconverter.py
Normal file
@ -0,0 +1,93 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from ghidra.app.decompiler import DecompInterface
|
||||
from ghidra.util.task import ConsoleTaskMonitor
|
||||
import re
|
||||
|
||||
monitor = ConsoleTaskMonitor()
|
||||
|
||||
ifc = DecompInterface()
|
||||
ifc.openProgram(currentProgram)
|
||||
|
||||
funcs = [
|
||||
f for f in currentProgram.getFunctionManager().getFunctions(True)
|
||||
if "MockDateConverter" in f.getName()
|
||||
]
|
||||
|
||||
def trim_trailing_zeros(byte_list):
|
||||
out = list(byte_list)
|
||||
while out and out[-1] == 0:
|
||||
out.pop()
|
||||
return out
|
||||
|
||||
def camel_to_snake(s):
|
||||
parts = re.findall(r'[A-Z][a-z0-9]*', s)
|
||||
return '_'.join(p.lower() for p in parts)
|
||||
|
||||
def normalize_name(jni_name):
|
||||
if 'MockDateConverter_' in jni_name:
|
||||
name = jni_name.split('MockDateConverter_', 1)[1]
|
||||
else:
|
||||
name = jni_name
|
||||
|
||||
if name.startswith('get'):
|
||||
name = name[3:]
|
||||
|
||||
if name.startswith('value'):
|
||||
return 'value_' + camel_to_snake(name[5:])
|
||||
if name.startswith('key'):
|
||||
return 'key_' + camel_to_snake(name[3:])
|
||||
|
||||
return camel_to_snake(name)
|
||||
|
||||
print("XOR_TEMPLATES = {")
|
||||
|
||||
for func in funcs:
|
||||
res = ifc.decompileFunction(func, 30, monitor)
|
||||
if not res.decompileCompleted():
|
||||
continue
|
||||
|
||||
code = res.getDecompiledFunction().getC()
|
||||
|
||||
xor_bytes = []
|
||||
|
||||
dat_match = re.search(r'\(&DAT_[0-9a-fA-F]+\)\[uVar\d+\]', code)
|
||||
if dat_match:
|
||||
dat_label = dat_match.group(0)
|
||||
dat_name = re.search(r'DAT_[0-9a-fA-F]+', dat_label).group(0)
|
||||
dat_sym = currentProgram.getSymbolTable().getGlobalSymbols(dat_name)[0]
|
||||
addr = dat_sym.getAddress()
|
||||
|
||||
mem = currentProgram.getMemory()
|
||||
raw = []
|
||||
for i in range(12):
|
||||
raw.append(mem.getByte(addr.add(i)) & 0xff)
|
||||
|
||||
xor_bytes = raw
|
||||
|
||||
else:
|
||||
assigns = re.findall(
|
||||
r'(local_[0-9a-fA-F]+)\s*=\s*.*?(?:\^\s*(0x[0-9a-fA-F]+|\d+))?\s*;',
|
||||
code
|
||||
)
|
||||
|
||||
for local_name, val in assigns:
|
||||
idx = int(local_name.split('_')[1], 16)
|
||||
|
||||
if idx < 0x70:
|
||||
continue
|
||||
|
||||
if val is None or val == '':
|
||||
xor_bytes.append(0)
|
||||
elif val.startswith("0x"):
|
||||
xor_bytes.append(int(val, 16))
|
||||
else:
|
||||
xor_bytes.append(int(val))
|
||||
|
||||
xor_bytes = trim_trailing_zeros(xor_bytes)
|
||||
|
||||
hex_str = ''.join('%02x' % b for b in xor_bytes)
|
||||
|
||||
print(" '%s': bytes.fromhex(\"%s\")," % (normalize_name(func.getName()), hex_str))
|
||||
|
||||
print("}")
|
||||
Loading…
Reference in New Issue
Block a user