Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve the running time of SandBlaster #7

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,4 @@ TAGS
*.log
*.bin
core
.DS_STORE
30 changes: 30 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
BSD 3-Clause License

Copyright (c) 2016, North Carolina State University and University POLITEHNICA
of Bucharest.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ The reverser (in the `reverse-sandbox/` folder) runs on any Python running platf

SandBlaster may be installed and run standalone, though we recommend installing and running it from within [iExtractor](https://github.com/malus-security/iExtractor). Check the [iExtractor documentation](https://github.com/malus-security/iExtractor/blob/master/README.md) for information.

iExtractor is open source software released under the 3-clause BSD license.

## Installation

SandBlaster requires Python for the reverser (in `reverse-sandbox/`), Bash for helper scripts (in `helpers/`) and tools from the [sandbox_toolkit](https://github.com/sektioneins/sandbox_toolkit) (in `tools/`).
Expand Down
2 changes: 1 addition & 1 deletion reverse-sandbox/filters.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ def read_filters():
with open('filters.json') as data:
temp = json.load(data)

for key, value in temp.iteritems():
for key, value in temp.items():
filters[int(str(key), 16)] = value

return filters
Expand Down
28 changes: 13 additions & 15 deletions reverse-sandbox/operation_node.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/python3

import sys
import struct
Expand Down Expand Up @@ -384,7 +384,7 @@ def convert_filter(self, convert_fn, f, regex_list, ios10_release, keep_builtin_
self.non_terminal.convert_filter(convert_fn, f, regex_list, ios10_release, keep_builtin_filters, global_vars)

def str_debug(self):
ret = "(%02x) " % (self.offset)
ret = "(%02x) " % (int)(self.offset)
if self.is_terminal():
ret += "terminal: "
ret += str(self.terminal)
Expand Down Expand Up @@ -419,7 +419,7 @@ def __eq__(self, other):
return self.raw == other.raw

def __hash__(self):
return self.offset
return (int)(self.offset)


# Operation nodes processed so far.
Expand Down Expand Up @@ -449,13 +449,11 @@ def build_operation_nodes(f, num_operation_nodes):
operation_nodes.append(build_operation_node(raw, offset))

# Fill match and unmatch fields for each node in operation_nodes.
for i in range(len(operation_nodes)):
if operation_nodes[i].is_non_terminal():
for j in range(len(operation_nodes)):
if operation_nodes[i].non_terminal.match_offset == operation_nodes[j].offset:
operation_nodes[i].non_terminal.match = operation_nodes[j]
if operation_nodes[i].non_terminal.unmatch_offset == operation_nodes[j].offset:
operation_nodes[i].non_terminal.unmatch = operation_nodes[j]
offsets = {node.offset: node for node in operation_nodes}
for node in operation_nodes:
if node.is_non_terminal():
node.non_terminal.match = offsets[node.non_terminal.match_offset]
node.non_terminal.unmatch = offsets[node.non_terminal.unmatch_offset]

return operation_nodes

Expand Down Expand Up @@ -589,9 +587,9 @@ def print_operation_node_graph(g):
return
message = ""
for node_iter in g.keys():
message += "0x%x (%s) (%s) (decision: %s): [ " % (node_iter.offset, str(node_iter), g[node_iter]["type"], g[node_iter]["decision"])
message += "0x%x (%s) (%s) (decision: %s): [ " % ((int)(node_iter.offset), str(node_iter), g[node_iter]["type"], g[node_iter]["decision"])
for edge in g[node_iter]["list"]:
message += "0x%x (%s) " % (edge.offset, str(edge))
message += "0x%x (%s) " % ((int)(edge.offset), str(edge))
message += "]\n"
logger.debug(message)

Expand Down Expand Up @@ -1675,7 +1673,7 @@ def reduce_operation_node_graph(g):
c_idx += 1
if c_idx >= l:
break
rn = rg.get_vertice_by_value(g.keys()[c_idx])
rn = rg.get_vertice_by_value(list(g.keys())[c_idx])
if not re.search("entitlement-value", str(rn)):
break
prevs_rv = rg.get_prev_vertices(rv)
Expand Down Expand Up @@ -1715,7 +1713,7 @@ def main():

# Extract node for 'default' operation (index 0).
default_node = find_operation_node_by_offset(operation_nodes, sb_ops_offsets[0])
print "(%s default)" % (default_node.terminal)
print("(%s default)" % (default_node.terminal))

# For each operation expand operation node.
#for idx in range(1, len(sb_ops_offsets)):
Expand All @@ -1736,7 +1734,7 @@ def main():
else:
if node.terminal:
if node.terminal.type != default_node.terminal.type:
print "(%s %s)" % (node.terminal, operation)
print("(%s %s)" % (node.terminal, operation))


if __name__ == "__main__":
Expand Down
12 changes: 6 additions & 6 deletions reverse-sandbox/reverse_sandbox.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python3

"""
iOS/OS X sandbox decompiler
Expand Down Expand Up @@ -154,7 +154,7 @@ def display_sandbox_profiles(f, re_table_offset, num_sb_ops, ios10_release):
boundary = struct.unpack("<H", f.read(2))[0]
name = extract_string_from_offset(f, name_offset)

print name
print(name)

logger.info("Found %d sandbox profiles." % num_profiles)

Expand Down Expand Up @@ -196,7 +196,7 @@ def main():

if args.filename is None:
parser.print_usage()
print "no sandbox profile/bundle file to reverse"
print("no sandbox profile/bundle file to reverse")
sys.exit(1)

# Read sandbox operations.
Expand All @@ -209,7 +209,7 @@ def main():
for op in args.operation:
if op not in sb_ops:
parser.print_usage()
print "unavailable operation: {}".format(op)
print("unavailable operation: {}".format(op))
sys.exit(1)
ops_to_reverse.append(op)

Expand Down Expand Up @@ -247,7 +247,7 @@ def main():
if header == 0x8000:
display_sandbox_profiles(f, re_table_offset, num_sb_ops, is_ios_more_than_10_release(args.release))
else:
print "cannot print sandbox profiles list; filename {} is not a sandbox bundle".format(args.filename)
print("cannot print sandbox profiles list; filename {} is not a sandbox bundle".format(args.filename))
sys.exit(0)

global_vars = None
Expand Down Expand Up @@ -279,7 +279,7 @@ def main():
break
start = f.tell()
end = re_table_offset * 8
num_operation_nodes = (end - start) / 8
num_operation_nodes = (end - start) // 8
logger.info("number of operation nodes: %u" % num_operation_nodes)

operation_nodes = create_operation_nodes(f, regex_list, num_operation_nodes, is_ios_more_than_10_release(args.release), args.keep_builtin_filters, global_vars)
Expand Down
2 changes: 1 addition & 1 deletion reverse-sandbox/reverse_string.py
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ def main():
ss = SandboxString()
my_global_vars = ["FRONT_USER_HOME", "HOME", "PROCESS_TEMP_DIR"]
l = ss.parse_byte_string(s[4:], my_global_vars)
print list(set(l))
print(list(set(l)))


if __name__ == "__main__":
Expand Down
4 changes: 2 additions & 2 deletions reverse-sandbox/sandbox_regex.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python3

import logging
import logging.config
Expand Down Expand Up @@ -491,7 +491,7 @@ def main():
logger.info("total_re_length: 0x%x", re_length)
re_debug_str = "re: [", ", ".join([hex(i) for i in re]), "]"
logger.info(re_debug_str)
print parse_regex(re)
print(parse_regex(re))


if __name__ == "__main__":
Expand Down