Support for Hopper

[joxeankoret]

During BerlinSides 1 person asked for support for Hopper. If you're interested on it, this is the place to send "+1" and "me too" messages, so I know how many people is interested on it.

Please note that there are ~20 people asking for support for Radare2 and, so far, I have had only 1 user asking for Hopper.

[assarbad]

I'm interested: +1

[joxeankoret]

Radare 2 is the priority for supporting something that is not IDA. Also, I do not have a Hopper license and I doubt I could work with a demo version. Does anybody want to help adding support for Hopper?

[halprin]

I am interested. In fact, I am interested in helping, and I own a license to Hopper.

As best as I can tell from the get-go, there will be limitations in the Hopper version in presentation of the data and in how the Diaphora is initiated. I would love to chat to discuss some of the finer details of adding Hopper support to Diaphora.

[hankbao]

+1 for Hopper.

[nemesit]

+1 support for Hopper would be awesome

[OspreyRen]

+1 for Hopper.

[gordomium]

+1

[hfcorriez]

+1

[trigged]

+1

[h0wl]

+1

[joxeankoret]

Do you know, guys, if it's possible to use the demo version for porting it to Hopper?

[halprin]

The demo version should support plugins and Python scripts. These are the limitations of the demo version as per http://www.hopperapp.com/download.html

• You cannot save documents,
• You cannot export the disassembled file in text format,
• You cannot export modified binaries,
• Debugger backend is not available,
• Sessions are time limited (30 minutes).

[joxeankoret]

I don't need any of these features so, perfect for me. Thanks @halprin!

[halprin]

If you need help, @joxeankoret, let me know. I've been developing a Hopper plugin myself, so I am a little familiar with that and with the Python scripting.

[joxeankoret]

The API seems to be a bit limited to me so, if it's OK for you @halprin , I my ping you from time to time with very specific questions.

[halprin]

That's totally fine @joxeankoret. The Python SDK does seem a bit limiting (I think it doesn't support making of windows, etc.). The actual plugin SDK is much more capable, so I would check that out too.

[joxeankoret]

The idea for the future is, instead of integrating in the GUI of a gazillion RE products and projects, create an external GUI tool and then only write exporters and importers for the specific product or project.

[mspublic]

How about a capstone backend as a base? Many of the tools (Hopper, Radare2 etc) nowadays are leveraging capstone. Not fully depending on a 3rd party tool would be great - pure command line/automation/etc would all be available then.

[joxeankoret]

@mspublic a disassembler and and a code analysis engine are totally different things.

[psifertex]

I'd be very interested in what APIs you need exposed to be able to port to Hopper as I'd like to have Diaphora work with Binary Ninja as well (https://binary.ninja/). Is there a good place to start looking at what API calls you're using with Hopper to make sure we have equivalent support in Binary Ninja?

The biggest disadvantage of Binary Ninja right now is that we don't have the ability to extend the GUI except for a few specific plugin registration commands but I'd like to make sure the API extensions we're working on for the GUI are sufficient for diaphora.

The biggest advantage is that we have an IL that we do all our analysis on. This should make cross-platform analysis /much/ easier though it might also necessitate changes to diaphora that aren't very portable. Anyway, I assume I should start another ticket to track that? Or would you rather leave this one to track making it more generic with multiple products?

[joxeankoret]

Hi @psifertex,

Check this function: https://github.com/joxeankoret/diaphora/blob/master/diaphora.py#L1141

The APIs that should be available, with whatever name, are mostly the following:

• GetFunctionName and Demangle: decorated and un-decorated function names retrieval.
• FlowChart: a way to get a flow graph representation of the function.
• GetFunctionFlags: To determine if it's a library function, an imported function or a true function.
• CodeRefsTo, DataRefsTo, CodeRefsFrom...: A way to determine the cross references from/to the function, data references from/to a point, etc...
• Basic block's data: The start and end addresses of basic blocks, xrefs, a way to iterate through the instructions of each basic block, etc...
• GetInstructionList: The supported list of instructions for the current instruction set. Complex.
• get_imagebase: A way to get the binary's base address (required to get the relative address of things.)
• GetMnem, GetDisasm, ItemSize, GetManyBytes: A way to get the mnemonic, the disassembly text, the disassembly instruction's size as well as raw bytes from the database.
• A way to get the flags for each operand in an assembler instruction. Check this: https://github.com/joxeankoret/diaphora/blob/master/diaphora.py#L1218
• A way to retrieve switch construction's information. Non trivial.
• A way to retrieve the prototype, calling convention, etc... of each function.
• A way to retrieve pseudo-code or intermediate code for each function.
• A way to get line comments, if appropriate for the target program.

And, "basically", that's it. Is no trivial to get that many information from other RE toolkits, this is why I haven't ported yet to other things.

[psifertex]

Looking through it at a glance, we don't have an equivalent to GetInstructionList, and would additionally have to do a fair amount of wrapping/convert to get our data for Flow, Switches, type/calling convention to mesh nicely.

Also, I don't know how well our IL would work for the intermediate representation, we might have to hold off on that until we optimized IL is finished. (our intermediate step before our decompiler). How is the intermediate representation or pseudo-code for a function used?

Otherwise everything else looks good. Just a few tiny changes. ;-)

Thanks for putting that list together.

[hksuki]

+1

[rgov]

@joxeankoret If you need a license for Hopper in order to develop this, I would gladly donate it, or perhaps @bSr43 would be willing to.

[joxeankoret]

There are, or there were, 2 problems with Hopper:

1. No batch mode.
2. The APIs were not powerful enough.

I don't care that much about reason #2, but if Hopper still don't have a batch mode, I don't see how it could be any useful.

[joxeankoret]

Support for Hopper is on hold for long. I don't know how to support it because of the so many features it lacks as of today. Closing for now the issue.

[Benjamin-Dobell]

@joxeankoret If you've got time, would you mind highlighting which functionality you found to be missing in your list above?

It'd be handy to have an idea of what's missing, that way we can make corresponding feature requests for the missing APIs.

[joxeankoret]

Are you talking about BinaryNinja or Hopper?

[Benjamin-Dobell]

Hopper 😊

[joxeankoret]

I will take a look, again, to the Hopper's API. However, there is always one big problem with anything that is not IDA: there is no independent GUI, thus, there is no way to display results in Hopper.

[rgov]

One way might be to have the plugin write out JSON or whatever to a file or socket, and then a companion app (or some other post-processing script) could interpret the data.

[Benjamin-Dobell]

I'd be stoked with JSON output. I'm sure myself (and many others) can help put together a GUI, but Diaphora's underlying magic is a bit over my head!

[joxeankoret]

Diaphora outputs SQLite3 databases which are rather easy to read. If you need databases of exported databases as well as diffed databases, just tell me and I will write a repository. An independent GUI would just need to read such databases and then, mimic or port what I did in the IDA "choosers" (class CIDAChooser): https://github.com/joxeankoret/diaphora/blob/master/diaphora_ida.py#L169