Closed jiska2342 closed 4 years ago
Thanks for the detailed issue report. Will start working on it right away. Just one question: Is this an ARM firmware file with the vast majority of functions being in THUMB mode?
I couldn't reproduce the error with struct.unpack("L") expecting 8 bytes instead of 4 bytes. I guess it comes from the type "long" which varies in size, but Python's documentation (in all version) specify this format is being fixed 4 bytes. Instead of just changing it to "I" (int) I'm trying to check this and hopefully notify Python that they need to update their docs.
Could you elaborate on your exact setup and versions:
NVM, their documentation was just not clear enough. "L" indeed stands for "long" which is used as "sizeof(long)", hence varies in size.
The firmware is ARM v7 little endian and mostly (only?) Thumb mode.
A few examples are available here: https://github.com/seemoo-lab/polypyus/tree/master/examples/history
I used IDA 64bit but with 32bit analysis.
This pull request fixed all the bugs listed in this issue, at least on my setup. If any of the bugs persist, please feel free to re-open this issue.
Thank you very much for this fast fix :)
The initial error is gone. But it still breaks on the Thumbs Up stage #4 with this message, on both ida
and ida64
:
Traceback (most recent call last):
File "/opt/idapro-7.4/python/3/ida_idaapi.py", line 593, in IDAPython_ExecScript
exec(code, g)
File "/media/sf_seemoo/software/Karta/src/thumbs_up/thumbs_up_firmware.py", line 231, in <module>
main()
File "/media/sf_seemoo/software/Karta/src/thumbs_up/thumbs_up_firmware.py", line 223, in main
result = analysisStart(analyzer, code_segments, data_segments)
File "/media/sf_seemoo/software/Karta/src/thumbs_up/thumbs_up_firmware.py", line 123, in analysisStart
functionScan(analyzer, scs)
File "/media/sf_seemoo/software/Karta/src/thumbs_up/analyzer_utils.py", line 179, in functionScan
if analyzer.func_classifier.predictFunctionStart(line.start_ea, guess_code_type):
File "/media/sf_seemoo/software/Karta/src/thumbs_up/utils/function.py", line 366, in predictFunctionStart
return self._start_classifiers[code_type].predict([sample])
KeyError: 0
Sorry for the late response, I saw the notification just now.
The code already supported predicting only the single-supported code type, so that this exception will be avoided. The bug is that I accidentally checked the cpu's supported types list instead of the active supported list. I'm now testing the patch to check that nothing breaks, and hopefully it will be committed very soon.
It would be great if I could add your sample to my test suite. If this is indeed a file from https://github.com/seemoo-lab/polypyus/tree/master/examples/history, could you please share the *.idb / mapping instructions to IDA + list of code segments and data segments as printed out by Thumbs Up?
Yay, it's working now :D Two hours before the deadline, should still work. I'll send you the results, detailed setup, etc. later :)
Hi,
I encountered the a few issues when running the Thumbs Up script with the following configuration:
The requirement sark==2.0 could not be installed, so I replaced it in the install script and just took the most recent one from GitHub, which was 7.8. This might already be the source of my subsequent errors ;)
Fixed this by replacing line 68 with
numpy.random.seed(1337)
and it worked.Console output in IDA continues as follows:
Got the following error displayed in IDA:
IDA still continues automatic analysis afterward. Not sure if it worked or didn't. The results are definitely better than after just running a linear analysis on the ROM :)