From 05b8359e3f798d54c67d095ae30b9e51fb07c3f0 Mon Sep 17 00:00:00 2001 From: bloodstalker Date: Wed, 6 Dec 2017 10:14:43 +0330 Subject: obfuscator doesnt mess up var declations with init values, python driver has been updated, not finished yet, bruiser now gets the objects from load.py, executioner will handle running the objects and registering them with lua --- bruiser/bruiser-extra.h | 3 +- bruiser/bruiser.cpp | 85 ++++++++++++++++++++++++++++++---- bruiser/bruiser.h | 121 ++++++++++++++++++++++++++++++++++++++++++++++-- bruiser/executioner.cpp | 47 +++++++++++++++++++ 4 files changed, 243 insertions(+), 13 deletions(-) create mode 100644 bruiser/executioner.cpp (limited to 'bruiser') diff --git a/bruiser/bruiser-extra.h b/bruiser/bruiser-extra.h index 40af99f..40e22f0 100644 --- a/bruiser/bruiser-extra.h +++ b/bruiser/bruiser-extra.h @@ -121,7 +121,8 @@ std::vector LUA_FUNCS = "changedirectory", "yolo", "pwd()", - "objload", + "objload()", + "listObjects", "_G", "_VERSION", "assert", diff --git a/bruiser/bruiser.cpp b/bruiser/bruiser.cpp index dfd12f6..3197a5e 100644 --- a/bruiser/bruiser.cpp +++ b/bruiser/bruiser.cpp @@ -231,12 +231,11 @@ class PyExec { pArgs = nullptr; std::cout << BLUE << "calling python function..." << NORMAL << "\n"; pValue = PyObject_CallObject(pFunc, pArgs); - //std::cout << BLUE << "i made it here" << NORMAL << "\n"; //Py_DECREF(pArgs); if (pValue != nullptr) { std::cout << GREEN << "call finished successfully." << NORMAL << "\n"; printf("Result of call: %ld\n", PyLong_AsLong(pValue)); - Py_DECREF(pValue); + //Py_DECREF(pValue); } else { Py_DECREF(pFunc); Py_DECREF(pModule); @@ -262,18 +261,77 @@ class PyExec { return 0; } + int getAsCppStringVec(void) { + if (PyList_Check(pValue)) { + std::cout << GREEN << "got a python list\n" << NORMAL; + int list_length = PyList_Size(pValue); + std::cout << BLUE << "length of list: " << list_length << "\n" << NORMAL; + for (int i = 0; i < list_length; ++i) { + PyObject* pybytes = PyList_GetItem(pValue, i); + std::cout << CYAN << "bytes size: " << PyBytes_Size(pybytes) << "\n" << NORMAL; + PyObject* pyrepr = PyObject_Repr(pybytes); + PyObject* pyunicode = PyUnicode_AsEncodedString(pyrepr, "utf-8", "surrogateescape"); + const char* dummy = PyBytes_AsString(pyunicode); + std::cout << RED << dummy << "\n" << NORMAL; + hexobj_str.push_back(std::string(dummy)); + } + } + return 0; + } + + int getAsCppByte(void) { + std::vector tempvec; + if(PyList_Check(pValue)) { + int list_length = PyList_Size(pValue); + for(int i = 0; i < list_length; ++i) { + PyObject* pybytes = PyList_GetItem(pValue, i); + if(PyList_Check(pybytes)) { + int list_length_2 = PyList_Size(pybytes); + for(int j = 0; j < list_length_2; ++j) { + PyObject* dummy_int = PyList_GetItem(pybytes, j); + if (PyLong_Check(dummy_int)) { + unsigned char byte = PyLong_AsLong(dummy_int); + tempvec.push_back(int(byte)); + } + } + hexobj.push_back(tempvec); + } + } + } + return 0; + } + + void killPyObj(void) { + Py_DECREF(pValue); + } + + void printHexObjs(void) { + for (auto &iter : hexobj) { + for (auto &iterer : iter) { + std::cout << RED << int(iterer) << " "; + } + std::cout << "\n" << NORMAL; + } + } + + std::vector> exportObjs(void) { + return hexobj; + } + private: std::string py_script_name; std::string py_func_name; std::string obj_path; - PyObject *pName; - PyObject *pModule; - PyObject *pDict; - PyObject *pFunc; - PyObject *pArgs; - PyObject *pValue; + PyObject* pName; + PyObject* pModule; + PyObject* pDict; + PyObject* pFunc; + PyObject* pArgs; + PyObject* pValue; int argc; char** argv; + std::vector hexobj_str; + std::vector> hexobj; }; /**********************************************************************************************************************/ class CompilationDatabaseProcessor @@ -1154,6 +1212,10 @@ class LuaWrapper { std::cout << BLUE << "running load.py: " << NORMAL << "\n"; py.run(); + //py.getAsCppStringVec(); + py.getAsCppByte(); + py.printHexObjs(); + //py.killPyObj(); lua_pushnumber(__ls, 0); exit(EXIT_SUCCESS); } @@ -1596,6 +1658,11 @@ class LuaWrapper return 0; } + int BruiserLuaListObjects(lua_State* __ls) { + // @DEVI-has one string object to signify what kind of object to list + return 0; + } + int BruiserLuaPWD(lua_State* __ls) { pid_t pid = fork(); @@ -1756,6 +1823,7 @@ int main(int argc, const char **argv) lua_register(LE.GetLuaState(), "yolo", &LuaDispatch<&LuaWrapper::BruiserLuaYolo>); lua_register(LE.GetLuaState(), "pwd", &LuaDispatch<&LuaWrapper::BruiserLuaPWD>); lua_register(LE.GetLuaState(), "objload", &LuaDispatch<&LuaWrapper::BruiserPyLoader>); + lua_register(LE.GetLuaState(), "listObjects", &LuaDispatch<&LuaWrapper::BruiserLuaListObjects>); /*its just regisering the List function from LuaWrapper with X-macros.*/ #define X(__x1, __x2) lua_register(LE.GetLuaState(), #__x1, &LuaDispatch<&LuaWrapper::List##__x1>); @@ -1812,5 +1880,6 @@ int main(int argc, const char **argv) } //end of cli block } //end of main +/**********************************************************************************************************************/ /*last line intentionally left blank.*/ diff --git a/bruiser/bruiser.h b/bruiser/bruiser.h index e311c7e..3cd8eaa 100644 --- a/bruiser/bruiser.h +++ b/bruiser/bruiser.h @@ -144,7 +144,8 @@ help CMDHelp[] = { {"getsourcefiles()", "getsourcefiles()", "gets the currently loaded source files that bruiser will look through", "none", "array of strings"}, {"changedirectory()", "changedirectory()", "changes bruiser's working directory. only use it when you know what you are doing.", "destination directory, [string]", "return value"}, {"pwd()", "pwd()", "pwd", "", ""}, - {"objload()", "objload(\"main\", \"../bfd/test/test.so\")", "load the compiled functions into bruiser", "string", "success or failure"} + {"objload()", "objload(\"main\", \"../bfd/test/test.so\")", "load the compiled functions into bruiser", "string", "success or failure"}, + {"listObjects()", "listObjects(\"function\")", "lists the loaded objects of the given type", "string", "success or failure"} }; /**********************************************************************************************************************/ /** @@ -263,7 +264,6 @@ class SearchM0 if (!RootPointer->NoChildren()) { const XMLElement* XMLE [[maybe_unused]] = RootPointer->FirstChildElement(); - } } @@ -276,13 +276,126 @@ class Daemonize public: Daemonize (std::string __exe, std::string __opts) : Exe(__exe), Opts(__opts) {} - - private: std::string Exe; std::string Opts; }; /**********************************************************************************************************************/ +/*structs to hold load.py's return values*/ +/*@DEVI-at some point in the future i might revert to using libbfd or libelf.*/ + +/*elf*/ +#define ELF_EI_MAGIC = 0x000000000000ffff; +#define ELF_EI_CLASS = 0x00000000000f0000; +#define ELF_EI_DATA = 0x0000000000f00000; +#define ELF_EI_VERSION = 0x000000000f000000; +#define ELF_EI_OSABI = 0x00000000f0000000; +#define ELF_EI_ABIVERSION = 0x0000000f00000000; +#define ELF_EI_PAD = 0xfffffff000000000; + +// @DEVI-FIXME-using uint128 here +struct ELFHDR_64 { + public: + ELFHDR_64() = default; + ELFHDR_64(__uint128_t _ident, uint16_t _type, uint16_t _machine, + uint32_t _version, uint64_t _entry, uint64_t _phoff, uint64_t _shoff, + uint32_t _flags, uint16_t _ehsize, uint16_t _phentsize, + uint16_t _phnum, uint16_t _shentsize, uint16_t _shnum, uint16_t _shstrndx) { + e_ident = _ident; e_type = _type; e_machine = _machine; e_version = _version; + e_entry = _entry; e_phoff = _phoff; e_shoff = _shoff; e_flags = _flags; + e_ehsize = _ehsize; e_phentsize = _phentsize; e_phnum = _phnum; + e_shentsize = _shentsize; e_shnum = _shnum; e_shstrndx = _shstrndx; + } + __uint128_t e_ident; uint16_t e_type; uint16_t e_machine; uint32_t e_version; + uint64_t e_entry; uint64_t e_phoff; uint64_t e_shoff; uint32_t e_flags; + uint16_t e_ehsize; uint16_t e_phentsize; uint16_t e_phnum; uint16_t e_shentsize; + uint16_t e_shnum; uint16_t e_shstrndx; +}; + +// @DEVI-FIXME-using uint128 here +struct ELFHDR_32 { + public: + ELFHDR_32() = default; + ELFHDR_32(__uint128_t _ident, uint16_t _type, uint16_t _machine, uint32_t _version, + uint32_t _entry, uint32_t _phoff, uint32_t _shoff, uint32_t _flags, + uint16_t _ehsize, uint16_t _phentsize, uint16_t _phnum, uint16_t _shentsize, + uint16_t _shnum, uint16_t _shstrndx) { + e_ident = _ident; e_type = _type; e_machine = _machine; e_version = _version; + e_entry = _entry; e_phoff = _phoff; e_shoff = _shoff; e_flags = _flags; + e_ehsize = _ehsize; e_phentsize = _phentsize; e_phnum = _phnum; + e_shentsize = _shentsize; e_shnum = _shnum; e_shstrndx = _shstrndx; + } + + __uint128_t e_ident; uint16_t e_type; uint16_t e_machine; uint32_t e_version; + uint32_t e_entry; uint32_t e_phoff; uint32_t e_shoff; uint32_t e_flags; + uint16_t e_ehsize; uint16_t e_phentsize; uint16_t e_phnum; uint16_t e_shentsize; + uint16_t e_shnum; uint16_t e_shstrndx; +}; +/*program header*/ +struct PHDR_64 { + public: + PHDR_64() = default; + PHDR_64(uint32_t _type, uint32_t _flags, uint64_t _offset, uint64_t _vaddr, + uint64_t _paddr, uint64_t _filesz, uint64_t _memsz, uint64_t _align) { + p_type = _type; p_flags = _flags; p_offset = _offset; p_vaddr = _vaddr; + p_paddr = _paddr; p_filesz = _filesz; p_memsz = _memsz; p_align = _align; + } + + uint32_t p_type; uint32_t p_flags; uint64_t p_offset; uint64_t p_vaddr; + uint64_t p_paddr; uint64_t p_filesz; uint64_t p_memsz; uint64_t p_align; +}; +struct PHDR_32 { + public: + PHDR_32() = default; + PHDR_32(uint32_t _type, uint32_t _offset, uint32_t _vaddr, uint32_t _paddr, + uint32_t _filesz, uint32_t _memsz, uint32_t _flags, uint32_t _align) { + p_type = _type; p_flags = _flags; p_offset = _offset; p_vaddr = _vaddr; + p_paddr = _paddr; p_filesz = _filesz; p_memsz = _memsz; p_align = _align; + }; + + uint32_t p_type; + uint32_t p_offset; + uint32_t p_vaddr; + uint32_t p_paddr; + uint32_t p_filesz; + uint32_t p_memsz; + uint32_t p_flags; + uint32_t p_align; +}; +/*section header*/ +struct SHDR_64 { + public: + SHDR_64() = default; + SHDR_64(uint32_t _name, uint32_t _type, uint64_t _flags, uint64_t _addr, + uint64_t _offset, uint64_t _size, uint32_t _link, uint32_t _info, + uint64_t _addralign, uint64_t _entsize) { + sh_name = _name; sh_type = _type; sh_flags = _flags; sh_addr = _addr; + sh_offset = _offset; sh_size = _size; sh_link = _link; sh_info = _info; + sh_addralign = _addralign; sh_entsize = _entsize; + }; + + uint32_t sh_name; uint32_t sh_type; uint64_t sh_flags; uint64_t sh_addr; + uint64_t sh_offset; uint64_t sh_size; uint32_t sh_link; uint32_t sh_info; + uint64_t sh_addralign; uint64_t sh_entsize; +}; +struct SHDR_32 { + public: + SHDR_32() = default; + SHDR_32(uint32_t _name, uint32_t _type, uint32_t _flags, uint32_t _addr, + uint32_t _offset, uint32_t _size, uint32_t _link, uint32_t _info, + uint32_t _addralign, uint32_t _entsize) { + sh_name = _name; sh_type = _type; sh_flags = _flags; sh_addr = _addr; + sh_offset = _offset; sh_size = _size; sh_link = _link; sh_info = _info; + sh_addralign = _addralign; sh_entsize = _entsize; + }; + + uint32_t sh_name; uint32_t sh_type; uint32_t sh_flags; uint32_t sh_addr; + uint32_t sh_offset; uint32_t sh_size; uint32_t sh_link; uint32_t sh_info; + uint32_t sh_addralign; uint32_t sh_entsize; +}; +/*symbol table entry*/ +struct ST_Entry_64 {}; +struct ST_Entry_32 {}; /**********************************************************************************************************************/ } // end of namespace bruiser #endif diff --git a/bruiser/executioner.cpp b/bruiser/executioner.cpp new file mode 100644 index 0000000..5aad56b --- /dev/null +++ b/bruiser/executioner.cpp @@ -0,0 +1,47 @@ + +/***************************************************Project Mutator****************************************************/ +//-*-c++-*- +/*first line intentionally left blank.*/ +/*loads the objects into executable memory and registers them with lua.*/ +/*Copyright (C) 2017 Farzad Sadeghi + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.*/ +/**********************************************************************************************************************/ +#include +#include +#include "lua-5.3.4/src/lua.hpp" +/**********************************************************************************************************************/ +namespace { + constexpr int MEMORY_SIZE = 30000; + std::vector memory(MEMORY_SIZE, 0); +} + +class Executioner { + public: + Executioner() {} + ~Executioner() {} + + void getObjs(std::vector> _objs) { + objs = _objs; + } + + void registerWithLua(lua_State* _lua_State) {} + + private: + std::vector> objs; +}; +/**********************************************************************************************************************/ +/*last line intentionally left blank.*/ + -- cgit v1.2.3