geekscrapy
commented
2 years ago Same error with iTj and iRj
Closed geekscrapy closed 2 years ago
geekscrapy
commented
2 years ago Same error with iTj and iRj
wargio
commented
2 years ago ìT is not a valid command and the other 2 works on mine.
wargio
commented
2 years ago which version of rizin are you using? also which OS ? looks like linux from the path
geekscrapy
commented
2 years ago I'm on Mac 10.15.7 0.3.0 rizin Python 3.7.10
ìTis not a valid command and the other 2 works on mine.
The i in the comment is the wrong type: ìT vs iT
iT is the File Signature analysis
Did you try with that specific file?
wargio
commented
2 years ago [0x00002150]> i?
Usage: i[?] # Get info about opened binary file
| i[jqt] # Show info of current file
| ia[jq] # Show a summary of all info (imports, exports, sections, etc.)
| iA[jqt] # List archs
| ic[?] # List classes, fields and methods
| iC[j] # Show signature info (entitlements, ...)
| id[jqp] # Debug commands
| iD[l] # Demangle symbol for given language
| ie[jqt] # List entrypoints
| iee[jqt] # List entries/exits functions (e.g. preinit, init, fini)
| iE[jqt.] # List exports
| ih[jqt] # Show binary fields
| iH # Show binary headers
| ii[jqt] # List imports
| iI[jqt] # Show binary info
| ik[?] [<query>] # Key-value database from RzBinObject
| il[jqt] # List libraries
| iL[jqt] [<plugin>] # List all binary plugins loaded / Show plugin details
| im[jqt] # Show info about predefined memory allocation
| iM[jqt] # Show main address
| ir[jqt] # List relocations
| iR[jt] # List Resources
| is[jqQt] # List symbols
| is.[jqt] # Current symbol
| iS[jqt] [<digests0> [<digests1> ...]] # List sections
| iS.[jt] # Current section
| iS= # Show ascii-art color bars with the section ranges
| iSS[jt] [<digests0> [<digests1> ...]] # List segments
| it[j] # Show file hashes
| iV[j] # Display file version info
| iw[*] # Show try/catch blocks
| ix[j] # Display source file line info
| ix.[j] # Display source file line info at current address
| ixf[j] # Display source file info
| iz[jqQt] # List strings
| izz[jqQt] # List strings in the whole binary
| izzz[jqt] # Dump Strings from whole binary to rizin shell (for huge files)
| iz- # Purge string at current address via bin.str.purge
| iZ[j*] # Guess size of binary program
[0x00002150]> iT
Command 'iT' does not exist.
[0x00002150]>can you just upload it here? i do not have access to download from VT
geekscrapy
commented
2 years ago $ rizin /usr/bin/true
[0x100000f53]> i?
Usage: i Get info from opened file (see rz-bin's manpage)
Output mode:
| '*' Output in rizin commands
| 'j' Output in json
| 'q' Simple quiet output
Actions:
| i|ij Show info of current file (in JSON)
| iA List archs
| ia Show all info (imports, exports, sections..)
| ib Reload the current buffer for setting of the bin (use once only)
| ic List classes, methods and fields
| icc List classes, methods and fields in Header Format
| icg List classes as agn/age commands to create class hirearchy graphs
| icq List classes, in quiet mode (just the classname)
| icqq List classes, in quieter mode (only show non-system classnames)
| iC[j] Show signature info (entitlements, ...)
| id Show DWARF source lines information
| idp [file.pdb] Load pdb file information
| idpi [file.pdb] Show pdb file information
| idpi* Show symbols from pdb as flags (prefix with dot to import)
| idpd Download pdb file on remote server
| iD lang sym demangle symbolname for given language
| ie Entrypoint
| iee Show Entry and Exit (preinit, init and fini)
| iE Exports (global symbols)
| iE. Current export
| ih Headers (alias for iH)
| iHH Verbose Headers in raw text
| ii Imports
| iI Binary info
| ik [query] Key-value database from RzBinObject
| il Libraries
| iL [plugin] List all RzBin plugins loaded or plugin details
| im Show info about predefined memory allocation
| iM Show main address
| io [file] Load info from file (or last opened) use bin.baddr
| iO[?] Perform binary operation (dump, show binary info)
| ir List the Relocations
| iR List the Resources
| is List the Symbols
| is. Current symbol
| iS [entropy,sha1] Sections (choose which hash algorithm to use)
| iS. Current section
| iS= Show ascii-art color bars with the section ranges
| iSS List memory segments (maps with om)
| it File hashes
| iT File signature
| iV Display file version info
| iw try/catch blocks
| ix[.fj?] Display source file line info (from debug info)
| iz|izj Strings in data sections (in JSON/Base64)
| izz Search for Strings in the whole binary
| izzz Dump Strings from whole binary to rizin shell (for huge files)
| iz- [addr] Purge string via bin.str.purge
| iZ Guess size of binary programWhich version and OS are you on?
wargio
commented
2 years ago i think you are on 0.2.x run rizin -v because that output is from the oldshell not newshell.
ret2libc
commented
2 years ago Yes, he's probably on an older version but the problem in iVj is there anyway. It's just because iVj returns nothing because we do not support version info for mach-o files. A quick fix for this would be to just return [] as many other i commands, but I believe this is a bigger problem from the design point of view... This means that no j command can output empty strings because it seems that rzpipe always assumes cmdj returns something. We can try to fix this at the rzpipe level instead.
wargio
commented
2 years ago no, i think the output is ok, because the old shell returns sometimes invalid json, meanwhile the new shell always return a valid json unless you do something wrong, like an invalid cmd. probably we should throw the output as the error. we can do by catching the error and check if the original output starts with { or [ and if it does, then is an invalid json, otherwise is something to print and return as an exception.
geekscrapy
commented
2 years ago @ret2libc this is correct. I believe there should always be a valid json/dict object from .cmdj even on error
geekscrapy
commented
2 years ago Ok, I seem to have updated again (but it had the same version number as before 🤦♂️):
rizin 0.3.0 @ darwin-x86-64
commit: be157e869c4e71419433dfcbe838dfa8f828c597, build: 2021-09-24__14:24:06With that updated version:
>>> import rzpipe
>>> o = rzpipe.open('radare2-testbins/pe/tinyXP.exe', flags=['-2'])
>>> o.cmdj('iVj')
rzpipe.cmdj.Error: Expecting value: line 2 column 1 (char 1)
>>> str(o.cmdj('iVj'))
rzpipe.cmdj.Error: Expecting value: line 2 column 1 (char 1)
'None'There are multiple ways that items are returned from iVj it seems
>>> o = rzpipe.open('radare2-testbins/pe/base.exe', flags=['-2'])
>>> str(o.cmdj('iVj'))
'{}'can you open the bin in rizin and just return here the following output?
rizin /usr/bin/true
i?
iVj$ rizin /usr/bin/true
-- Use 'e asm.offset=true' to show offsets in 16bit segment addressing mode.
[0x100000f53]> i?
Usage: i[?] # Get info about opened binary file
| i[jqt] # Show info of current file
| ia[jq] # Show a summary of all info (imports, exports, sections, etc.)
| iA[jqt] # List archs
| ic[?] # List classes, fields and methods
| iC[j] # Show signature info (entitlements, ...)
| id[jqp] # Debug commands
| iD <lang> <symbol> # Demangle symbol for given language
| ie[jqt] # List entrypoints
| iee[jqt] # List entries/exits functions (e.g. preinit, init, fini)
| iE[jqt.] # List exports
| ih[jqt] # Show binary fields
| iH # Show binary headers
| ii[jqt] # List imports
| iI[jqt] # Show binary info
| ik[?] [<query>] # Key-value database from RzBinObject
| il[jqt] # List libraries
| iL[jqt] [<plugin>] # List all binary plugins loaded / Show plugin details
| im[jqt] # Show info about predefined memory allocation
| iM[jqt] # Show main address
| ir[jqt] # List relocations
| iR[j] # List Resources
| is[jqQt] # List symbols
| is.[jqt] # Current symbol
| iS[jqt] [<digests0> [<digests1> ...]] # List sections
| iS.[jt] # Current section
| iS= # Show ascii-art color bars with the section ranges
| iSS[jt] [<digests0> [<digests1> ...]] # List segments
| it[j] # Show file hashes
| iV[j] # Display file version info
| iw[*] # Show try/catch blocks
| ix[j] # Display source file line info
| ix.[j] # Display source file line info at current address
| ixf[j] # Display source file info
| iz[jqQt] # List strings
| izz[jqQt] # List strings in the whole binary
| izzz[jqt] # Dump Strings from whole binary to rizin shell (for huge files)
| iz- # Purge string at current address via bin.str.purge
| iZ[j*] # Guess size of binary program
[0x100000f53]> iVj
[0x100000f53]>ok, now it seems that you are indeed running 0.3.0 the fact that iVj does not return a valid json looks like a bug on rizin @ret2libc
ret2libc
commented
2 years ago @wargio please see https://github.com/rizinorg/rz-pipe/pull/32 .
iVj returns nothing because versions info are not provided for mach-o binaries and in other cases as well. The issue is that cmdj in rzpipe expects to always find a valid json, but that is not going to happen IMO. For example, if you haven't even opened a binary in Rizin, I don't expect iVj to return anything at all. That is why iV (and other commands as well or at least they should) does not return anything. I think there is a difference between returning [] and returning (without space).
The PR above allows rz-pipe to support (without space) as well.
/usr/bin/true is https://www.virustotal.com/gui/file/409b33a9b8702e77546c44d58362011d0634ef8dd811975e42a5ed01bd748fcb