CalvinBackup/SnakeAppleSecurityFiles
1
0
Fork 0
mirror of https://github.com/Karmaz95/Snake_Apple.git synced 2026-05-21 17:06:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to lief 15.0.1

Browse Source
This commit is contained in:
Karmaz95
2024-10-28 22:27:22 +01:00
parent 3f53729587
commit 24c94e2a70
3 changed files with 56 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
IX. TCC/python/CrimsonUroboros.py
+39 -12
View File
@@ -507,7 +507,7 @@ class SnakeI(SnakeAppBundleExtension):
If not, it exits the program.
'''
for binary in binaries:
if binary.header.cpu_type == lief.MachO.CPU_TYPES.ARM64:
if binary.header.cpu_type == lief.MachO.Header.CPU_TYPE.ARM64:
return binary
print('The specified Mach-O file is not in ARM64 architecture.')
@@ -643,8 +643,8 @@ class SnakeI(SnakeAppBundleExtension):
imported_symbols = []
for symbol in self.getSymbols():
if (symbol.type & self.symbol_types['N_EXT']):
if (symbol.type & self.symbol_types['N_TYPE']) == self.symbol_types['N_TYPES']['N_UNDF']:
if (symbol.type.value & self.symbol_types['N_EXT']):
if (symbol.type.value & self.symbol_types['N_TYPE']) == self.symbol_types['N_TYPES']['N_UNDF']:
imported_symbols.append(symbol)
return(imported_symbols)
@@ -659,8 +659,8 @@ class SnakeI(SnakeAppBundleExtension):
exported_symbols = []
for symbol in self.getSymbols():
if (symbol.type & self.symbol_types['N_EXT']):
if (symbol.type & self.symbol_types['N_TYPE']) != self.symbol_types['N_TYPES']['N_UNDF']:
if (symbol.type.value & self.symbol_types['N_EXT']):
if (symbol.type.value & self.symbol_types['N_TYPE']) != self.symbol_types['N_TYPES']['N_UNDF']:
exported_symbols.append(symbol)
return(exported_symbols)
@@ -719,7 +719,7 @@ class SnakeI(SnakeAppBundleExtension):
'''Return strings from the __cstring (string table).'''
extracted_strings = []
for section in self.binary.sections:
if section.type == lief.MachO.SECTION_TYPES.CSTRING_LITERALS:
if section.type == lief.MachO.Section.TYPE.CSTRING_LITERALS:
strings_bytes = section.content.tobytes()
strings = strings_bytes.decode('utf-8', errors='ignore')
extracted_strings.extend(strings.split('\x00'))
@@ -1232,7 +1232,7 @@ class SnakeIII(SnakeII):
filter_symbols = ['radr://5614542', '__mh_execute_header']
for symbol in self.binary.symbols:
symbol_type = symbol.type
symbol_type = symbol.type.value
symbol_name = symbol.name.lower().strip()
is_symbol_stripped = (symbol_type & 0xe0 > 0) or (symbol_type in [0x0e, 0x1e, 0x0f])
@@ -1252,11 +1252,11 @@ class SnakeIII(SnakeII):
def hasNXstack(self):
'''Check if MH_ALLOW_STACK_EXECUTION (0x00020000 ) is not set in the header flags.'''
return not bool(self.binary.header.flags & lief.MachO.HEADER_FLAGS.ALLOW_STACK_EXECUTION.value)
return not bool(self.binary.header.flags & lief.MachO.Header.FLAGS.ALLOW_STACK_EXECUTION.value)
def hasNXheap(self):
'''Check if MH_NO_HEAP_EXECUTION (0x01000000 ) is set in the header flags.'''
return bool(self.binary.header.flags & lief.MachO.HEADER_FLAGS.NO_HEAP_EXECUTION.value)
return bool(self.binary.header.flags & lief.MachO.Header.FLAGS.NO_HEAP_EXECUTION.value)
def isXNos():
'''Check if the OS is running on the ARM architecture.'''
@@ -1313,7 +1313,7 @@ class SnakeIII(SnakeII):
def checkIfCompiledForOtherThanARM(self):
'''Iterates over FatBinary and check if there are other architectures than ARM.'''
XN_types = [lief.MachO.CPU_TYPES.ARM64, lief.MachO.CPU_TYPES.ARM]
XN_types = [lief.MachO.Header.CPU_TYPE.ARM64, lief.MachO.Header.CPU_TYPE.ARM]
for binary in binaries:
if binary.header.cpu_type not in XN_types:
print(f"[INFO -> XN]: {os.path.basename(self.file_path)} is compiled for other CPUs than ARM or ARM64.")
@@ -2885,7 +2885,6 @@ class SandboxProcessor:
if args.extract_sandbox_operations: # Extract sandbox operations from the kernelcache.decompressed file
snake_instance.printSandboxOperations()
class SnakeVIII(SnakeVII):
def __init__(self, binaries, file_path):
super().__init__(binaries, file_path)
@@ -3115,6 +3114,25 @@ class SnakeVIII(SnakeVII):
for operation in operations:
print(operation)
### ---- IX. TCC --- ###
class TCCProcessor:
def __init__(self):
'''This class contains part of the code from the main() for the SnakeIX: TCC.'''
pass
def process(self, args):
if args.test: #
snake_instance.test()
class SnakeIX(SnakeVIII):
def __init__(self, binaries, file_path):
super().__init__(binaries, file_path)
def test(self):
''' test '''
print('test')
### --- ARGUMENT PARSER --- ###
class ArgumentParser:
def __init__(self):
@@ -3130,6 +3148,7 @@ class ArgumentParser:
self.addAMFIArgs()
self.addAntivirusArgs()
self.addSandboxArgs()
self.addTCCArgs()
def addGeneralArgs(self):
general_group = self.parser.add_argument_group('GENERAL ARGS')
@@ -3278,6 +3297,10 @@ class ArgumentParser:
sandbox_group.add_argument('--dump_kext', help="Dump the kernel extension binary from the kernelcache.decompressed file", metavar='kext_name')
sandbox_group.add_argument('--extract_sandbox_operations', action='store_true', help="Extract sandbox operations from the Sandbox.kext file")
def addTCCArgs(self):
tcc_group = self.parser.add_argument_group('TCC ARGS')
tcc_group.add_argument('--test', action='store_true', help="test")
def parseArgs(self):
args = self.parser.parse_args()
@@ -3648,7 +3671,7 @@ if __name__ == "__main__":
args = arg_parser.parseArgs()
### --- APP BUNDLE EXTENSION --- ###
snake_hatchery = SnakeHatchery(args, SnakeVIII)
snake_hatchery = SnakeHatchery(args, SnakeIX)
snake_hatchery.hatch()
### --- I. MACH-O --- ###
@@ -3682,3 +3705,7 @@ if __name__ == "__main__":
### --- VIII. SANDBOX --- ###
sandbox_processor = SandboxProcessor()
sandbox_processor.process(args)
### --- IX. TCC --- ###
tcc_processor = TCCProcessor()
tcc_processor.process(args)
requirements.txt
+7 -7
View File
@@ -1,7 +1,7 @@
lief
uuid
argparse
asn1crypto
pyimg4
treelib
xattr
lief=0.15.1
uuid=1.30
argparse=1.4.0
asn1crypto=1.5.1
pyimg4=0.8
treelib=1.7.0
xattr=1.1.0
tests/test_CrimsonUroboros.py
+10 -10
View File
@@ -368,7 +368,7 @@ class TestSnakeI():
macho_processor.process(args)
uroboros_output = executeCodeBlock(code_block)
expected_output = 'Header flags: TWOLEVEL NOUNDEFS DYLDLINK PIE'
expected_output = 'Header flags: NOUNDEFS DYLDLINK TWOLEVEL PIE'
assert uroboros_output == expected_output
@@ -402,7 +402,7 @@ class TestSnakeI():
uroboros_output = executeCodeBlock(code_block)
expected_output_1 = 'ARM64'
expected_output_2 = 'EXECUTE'
expected_output_3 = 'NOUNDEFS DYLDLINK TWOLEVEL PIE'
expected_output_3 = 'Flags: 2097285'
assert expected_output_1 in uroboros_output
assert expected_output_2 in uroboros_output
@@ -490,11 +490,11 @@ class TestSnakeI():
macho_processor.process(args)
uroboros_output = executeCodeBlock(code_block)
expected_output_1 = '__TEXT __text REGULAR 0x100003f58-0x100007eb0 0x3f58-0x3f8c (SOME_INSTRUCTIONS PURE_INSTRUCTIONS)'
expected_output_2 = '__TEXT __stubs SYMBOL_STUBS 0x100003f8c-0x100007f18 0x3f8c-0x3f98 (SOME_INSTRUCTIONS PURE_INSTRUCTIONS)'
expected_output_3 = '__TEXT __cstring CSTRING_LITERALS 0x100003f98-0x100007f30 0x3f98-0x3fa7 ()'
expected_output_4 = '__TEXT __unwind_info REGULAR 0x100003fa8-0x100007f50 0x3fa8-0x4000 ()'
expected_output_5 = '__DATA_CONST __got NON_LAZY_SYMBOL_POINTERS 0x100004000-0x100008000 0x4000-0x4008 ()'
expected_output_1 = '__TEXT __text'
expected_output_2 = '__TEXT __stubs'
expected_output_3 = '__TEXT __cstring'
expected_output_4 = '__TEXT __unwind_info'
expected_output_5 = '__DATA_CONST __got'
assert expected_output_1 in uroboros_output
assert expected_output_2 in uroboros_output
@@ -710,9 +710,9 @@ class TestSnakeI():
expected_output_1 = 'Entry point: 0x3f58'
expected_output_2 = '__mh_execute_header'
expected_output_3 = '__PAGEZERO ---/--- VM: 0x0000000000000000-0x0000000100000000 FILE: 0x0-0x0'
expected_output_4 = '__DATA_CONST0x100004000: _printf (libSystem.B.dylib) addend: 0x0'
expected_output_5 = 'Command : SEGMENT_64'
expected_output_3 = '__PAGEZERO'
expected_output_4 = '__DATA_CONST0x100004000'
expected_output_5 = 'Command: SEGMENT_64'
assert expected_output_1 in uroboros_output
assert expected_output_2 in uroboros_output