search

cryptax / misc-code

Miscellaneous code
97 stars 25 forks source link

Add: ppSearch.py #4

Closed AbhiTheModder closed 4 months ago

AbhiTheModder commented 4 months ago

Python script to print Dart object usages in Object Pool of flutter libapp.so Aarch64 for radare2.

Inspired from latest talk and thank you for such an awesome explanation ❤️

Usage:
~ $ python ppSearch.py [-h] binary hex_value
Search for specific patterns in a binary file.
positional arguments:
  binary      Path to the binary file
  hex_value   Hex value to search
options:
  -h, --help  show this help message and exit
Example:
~$ python ppSearch.py libapp.so 0x88f0
The First Target is 8
The Second Target is 0x8f0
ERROR: Cannot determine entrypoint, using 0x00120000
WARN: Relocs has not been applied. Please use `-e bin.relocs.apply=true` or `-e bin.cache=true` next time
            0x003076fc      70234091       add x16, x27, 8, lsl 12
            0x00307700      107a44f9       ldr x16, [x16, 0x8f0]       ; 0xea

            0x003095bc      60234091       add x0, x27, 8, lsl 12
            0x003095c0      007844f9       ldr x0, [x0, 0x8f0]         ; 0xda

            0x00309fdc      60234091       add x0, x27, 8, lsl 12
            0x00309fe0      007844f9       ldr x0, [x0, 0x8f0]         ; 0xda

            0x00481778      70234091       add x16, x27, 8, lsl 12
            0x0048177c      107a44f9       ldr x16, [x16, 0x8f0]       ; 0xea

            0x00489dfc      70234091       add x16, x27, 8, lsl 12
            0x00489e00      107a44f9       ldr x16, [x16, 0x8f0]       ; 0xea

Script execution time: 12.362151384353638 seconds

Thanks to @euzada and @mragonias for the ideas and testings

cryptax commented 4 months ago

Sounds very cool. I'm on holiday right now, will have a look next week.

cryptax commented 4 months ago

Worked nicely on a Flutter app I had. Remember to search for the hex value, not the PP index. Thanks for the script!