diff --git a/_static/tutorials/edimax_practical.tar.gz b/_static/tutorials/edimax_practical.tar.gz new file mode 100644 index 0000000..9811aba Binary files /dev/null and b/_static/tutorials/edimax_practical.tar.gz differ diff --git a/tutorials/binexport_quickstart.ipynb b/tutorials/binexport_quickstart.ipynb new file mode 100644 index 0000000..c391157 --- /dev/null +++ b/tutorials/binexport_quickstart.ipynb @@ -0,0 +1,518 @@ +{ + "cells": [ + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# python-binexport: Quick Start\n", + "\n", + "## Introduction\n", + "\n", + "The sample to work on has been extracted from the firmware of a edimax router (BR6478AC V2) and it is known to be vulnerable to CVE-2023-49351.\n", + "It can be downloaded below." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "vscode": { + "languageId": "html" + } + }, + "outputs": [], + "source": [ + "

binary.tar.gz

" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "It's a MIPS ELF executable that acts as a HTTP server. We are interested in finding all the functions that call a potentially unsafe primitive function (like `strcpy`).\n", + "\n", + "Let's use python-binexport to list them." + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## I. Loading the program\n", + "\n", + "If the program has not been exported with BinExport, it can be exported with:" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from binexport import ProgramBinExport\n", + "\n", + "program = ProgramBinExport.from_binary_file(\"./webs\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Otherwise it can be directly loaded with:" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "metadata": {}, + "outputs": [], + "source": [ + "from binexport import ProgramBinExport\n", + "\n", + "program = ProgramBinExport(\"./webs.BinExport\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## II. Listing interesting functions\n", + "\n", + "We are interested in listing all the functions that call a potentially vulnerable function, like `strcpy` for example.\n", + "This can be achieved by using the [FunctionBinExport.parents](https://diffing.quarkslab.com/exporter/binexport.html#binexport.function.FunctionBinExport.parents) API." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "vscode": { + "languageId": "html" + } + }, + "outputs": [], + "source": [ + "" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "formiNICWdsEncrypt\n", + "dhcpClientList\n", + "CharFilter4\n", + "formWpsStart\n", + "formQoS\n", + "wlSiteSurveyTbl\n", + "getInfo\n", + "formWIRESch\n", + "get_dir\n", + "formiNICSiteSurvey\n", + "formiNICWpsStart\n", + "wliNICSiteSurveyonlyTbl\n", + "websFormDefine\n", + "formFilter\n", + "getiNICIndex\n", + "formiNICbasic\n", + "formVPNuser\n", + "wlSurveyOnlyTbl\n", + "formiNICEncrypt\n", + "formEZQoS\n", + "formTriggerPort\n", + "websAspDefine\n", + "formWlAc\n", + "CharFilter2\n", + "formWlSiteSurvey\n", + "formWdsEncrypt\n", + "WIRESchList\n", + "ACPCList\n", + "USBFolderSelect\n", + "formPortFw\n", + "sub_434E40\n", + "wliNICSiteSurveyTbl\n", + "wispSiteSurveyTbl5G\n", + "CharFilter3\n", + "formDNSProxyrules\n", + "formUSBAccount\n", + "CharFilter5\n", + "getIndex\n", + "CharFilter0\n", + "formWlEncrypt\n", + "formWlbasic\n", + "formiNICAc\n", + "CharFilter6\n", + "setWAN\n", + "getiNICInfo\n", + "wispSiteSurveyTbl\n", + "getInAddr\n", + "apmib_set\n", + "getWlSiteSurveyRequest\n", + "formSaveText\n", + "formUSBFolder\n", + "apmib_get\n", + "formVirtualSv\n" + ] + } + ], + "source": [ + "# Get the vulnerable function\n", + "strcpy = program.fun_names[\"strcpy\"]\n", + "\n", + "targets = strcpy.parents\n", + "print(\"\\n\".join(map(lambda f: f.name, targets)))" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## III. Find interesting paths in the CG\n", + "\n", + "Now what if we wanted to show the path in the CG (Call Graph) that leads to the execution of one of those functions from `main`?" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "vscode": { + "languageId": "html" + } + }, + "outputs": [], + "source": [ + "" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "main > websAspInit > formsDefine > formiNICWdsEncrypt > strcpy\n", + "main > websAspInit > formsDefine > dhcpClientList > strcpy\n", + "main > websAspInit > formsDefine > virtualSvList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > wlAcList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > portFwList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > wliNICAcList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > macFilterList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > ACPCList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > triggerPortList > CharFilter4 > strcpy\n", + "main > websAspInit > formsDefine > formWpsStart > strcpy\n", + "main > websAspInit > formsDefine > formQoS > strcpy\n", + "main > websAspInit > formsDefine > wlSiteSurveyTbl > strcpy\n", + "main > websAspInit > formsDefine > getInfo > strcpy\n", + "main > websAspInit > formsDefine > formWIRESch > strcpy\n", + "main > loop > process_requests > read_header > process_header_end > init_get > get_dir > strcpy\n", + "main > loop > process_requests > read_header > process_header_end > init_get2 > get_dir > strcpy\n", + "main > websAspInit > formsDefine > formiNICSiteSurvey > strcpy\n", + "main > websAspInit > formsDefine > formiNICWpsStart > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > strcpy\n", + "main > websAspInit > formsDefine > websFormDefine > strcpy\n", + "main > websAspInit > formsDefine > formFilter > strcpy\n", + "main > websAspInit > getiNICVar > getiNICIndex > strcpy\n", + "main > websAspInit > formsDefine > getiNICIndex > strcpy\n", + "main > websAspInit > formsDefine > formiNICbasic > strcpy\n", + "main > websAspInit > formsDefine > formVPNuser > strcpy\n", + "main > websAspInit > formsDefine > wlSurveyOnlyTbl > strcpy\n", + "main > websAspInit > formsDefine > formiNICEncrypt > strcpy\n", + "main > websAspInit > formsDefine > formEZQoS > strcpy\n", + "main > websAspInit > formsDefine > formTriggerPort > strcpy\n", + "main > websAspInit > websAspDefine > strcpy\n", + "main > websAspInit > formsDefine > websAspDefine > strcpy\n", + "main > websAspInit > formsDefine > formWlAc > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > formWlSiteSurvey > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wlSurveyOnlyTbl > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wlSiteSurveyTbl > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > getInfo > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > formiNICSiteSurvey > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > CharFilter2 > strcpy\n", + "main > websAspInit > formsDefine > formWlSiteSurvey > strcpy\n", + "main > websAspInit > formsDefine > formWdsEncrypt > strcpy\n", + "main > websAspInit > formsDefine > WIRESchList > strcpy\n", + "main > websAspInit > formsDefine > ACPCList > strcpy\n", + "main > websAspInit > formsDefine > USBFolderSelect > strcpy\n", + "main > websAspInit > formsDefine > formPortFw > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > strcpy\n", + "main > websAspInit > formsDefine > formFilter > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formiNICAc > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formTriggerPort > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formWlAc > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formVirtualSv > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formPortFw > CharFilter3 > strcpy\n", + "main > websAspInit > formsDefine > formDNSProxyrules > strcpy\n", + "main > websAspInit > formsDefine > formUSBAccount > strcpy\n", + "main > websAspInit > formsDefine > getInfo > CharFilter5 > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > CharFilter5 > strcpy\n", + "main > websAspInit > formsDefine > getIndex > strcpy\n", + "main > websAspInit > getVar > getIndex > strcpy\n", + "main > websAspInit > formsDefine > formWlbasic > CharFilter0 > strcpy\n", + "main > websAspInit > formsDefine > formWlEncrypt > strcpy\n", + "main > websAspInit > formsDefine > formWlbasic > strcpy\n", + "main > websAspInit > formsDefine > formiNICAc > strcpy\n", + "main > websAspInit > formsDefine > getInfo > CharFilter6 > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > CharFilter6 > strcpy\n", + "main > websAspInit > formsDefine > setWAN > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > getIndex > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > getVar > getIndex > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > getiNICVar > getiNICIndex > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > getiNICIndex > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > getInfo > isDhcpClientExist > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formFilter > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formrefresh > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formQoS > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formTcpipSetup > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > getInfo > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formVirtualSv > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formPortFw > getInAddr > strcpy\n", + "main > websAspInit > formsDefine > formTELBPSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > wiz_5in1_redirect > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formAdvanceSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICWdsEncrypt > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > saveAndReboot > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > chkLink > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formOpMode > opModeHandler > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formEZQoSMode > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICWpsStart > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > setWifi > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICbasic > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formVPNuser > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUSBmanage > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formTriggerPort > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPSSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPortFw > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formStcIpSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formALGSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICEnableSwitch > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWpsEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formMultipleSSID > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formDynIpSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUSBdevice > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > getInfo > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formNatEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWIRESch > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formHWNATSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formEZQoS > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formTcpipSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formReManagementSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPasswordSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUPNPSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlbasic > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formStaDrvSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formSaveText > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formTimeZoneSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formAdvManagement > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICAdvanceSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formVirtualSv > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formQoS > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICSiteSurvey > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formFwEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlanSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPPPoESetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWifiEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPPTPSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUrlb > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formDDNSSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlSiteSurvey > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWdsEncrypt > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICWpsEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formDNSProxyrules > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formLicence > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlEnableSwitch > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formIgmpEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlEncrypt > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPOWERSch > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formSDHCP > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formPreventionSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWanTcpipSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlEnable > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formVPNsetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formFilter > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICEncrypt > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formWlAc > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICMultipleSSID > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUSBAccount > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formAPModeSwitch > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formiNICAc > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > setWAN > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formL2TPSetup > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > formUSBFolder > apmib_set > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl5G > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > formWlSiteSurvey > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > wispSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > wlSurveyOnlyTbl > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > wlSiteSurveyTbl > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > formiNICSiteSurvey > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyonlyTbl > getWlSiteSurveyRequest > strcpy\n", + "main > websAspInit > formsDefine > formSaveText > strcpy\n", + "main > websAspInit > formsDefine > formUSBFolder > strcpy\n", + "main > websAspInit > formsDefine > formAdvanceSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICWdsEncrypt > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > saveAndReboot > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > wlSiteSurveyTbl > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > chkLink > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > setWifi > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > StcRoutList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUSBmanage > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICbasic > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formVPNuser > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formTriggerPort > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > DNSPROXYURLList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > WIRESchList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formPortFw > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > FolderShow > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formStcIpSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formALGSetup > apmib_get > strcpy\n", + "main > loop > process_requests > read_header > process_header_end > auth_authorize > apmib_get > strcpy\n", + "main > websAspInit > apmib_init > apmib_get > strcpy\n", + "main > resetWebs > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formSaveConfigSec > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > getiNICVar > getiNICIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getiNICIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWpsStart > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formSaveConfig > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formwizResetDefault > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > getVar > getIndex > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICWpsStart > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formResetDefault > apmib_reinit > apmib_init > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWpsEnable > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUSBdevice > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > URLBList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getInfo > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWIRESch > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > Wan1QosList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > macFilterList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > USBDevAccount > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formHWNATSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formEZQoS > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formTcpipSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formReManagementSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formApply > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > ACPCList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > wliNICSiteSurveyTbl > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formPasswordSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUPNPSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWlbasic > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > OpenVpnAccountList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > POWERSchList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formStaDrvSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formSaveText > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formTimeZoneSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICAdvanceSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formVirtualSv > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > triggerPortList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > USBDevFolder > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formQoS > apmib_get > strcpy\n", + "main > loop > process_requests > read_header > process_header_end > auth_authorize > auth_check_userpass2 > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formFwEnable > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > portFwList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > EZQosList > apmib_get > strcpy\n", + "main > websAspInit > getiNICVar > getiNICIndex > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getiNICIndex > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > wliNICAcList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formPPTPSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUrlb > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formDDNSSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWdsEncrypt > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formDNSProxyrules > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > virtualSvList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formIgmpEnable > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWlEncrypt > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > AccountShow > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formPOWERSch > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formSDHCP > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formPreventionSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > SDHCPList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWanTcpipSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > wlAcList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formFilter > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > DMZList > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICEncrypt > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formWlAc > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > QosShow > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > showWebsPasswd > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUSBAccount > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getIndex > apmib_get > strcpy\n", + "main > websAspInit > getVar > getIndex > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formAPModeSwitch > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formiNICAc > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > setWAN > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > getiNICInfo > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formL2TPSetup > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formUSBFolder > apmib_get > strcpy\n", + "main > websAspInit > formsDefine > formVirtualSv > strcpy\n" + ] + } + ], + "source": [ + "from binexport import FunctionBinExport\n", + "\n", + "\n", + "def dfs(f: FunctionBinExport, path: list[FunctionBinExport]):\n", + " if f.name == \"main\":\n", + " print(\" > \".join(map(lambda x: x.name, path[::-1])))\n", + " return\n", + " \n", + " for caller in f.parents:\n", + " path.append(caller)\n", + " dfs(caller, path)\n", + " path.pop(-1)\n", + "\n", + "for target in targets:\n", + " dfs(target, [strcpy, target])" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "This can gives us an idea of which functions to look at when searching for a vulnerability." + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": ".venv", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.11.8" + } + }, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/tutorials/ex1_string_decipher.ipynb b/tutorials/ex1_string_decipher.ipynb index 8006272..c873937 100644 --- a/tutorials/ex1_string_decipher.ipynb +++ b/tutorials/ex1_string_decipher.ipynb @@ -25,7 +25,7 @@ "id": "45ddb8be-776b-46b9-87d6-2ef56782e856", "metadata": {}, "source": [ - "Its an ELF executable, for which all strings used internally are ciphered with a custom algorithm.\n", + "It's an ELF executable, for which all strings used internally are ciphered with a custom algorithm.\n", "The deciphering function is at ``0x804f7e0`` and uses a custom calling convention where the two firsts parameters are provided through ``edx`` and ``eax``. The function takes as parameters two unrelated strings and decipher them with the\n", "key ``0x37``. Strings are deciphered in-place.\n", "\n", diff --git a/tutorials/tutorials.rst b/tutorials/tutorials.rst index 0e08f29..221aa50 100644 --- a/tutorials/tutorials.rst +++ b/tutorials/tutorials.rst @@ -4,6 +4,7 @@ Exporters .. toctree:: :maxdepth: 1 + BinExport: Quick Start Quokka: String Deciphering