From 24c94e2a70d1fe7e74f91380554c860c03f21984 Mon Sep 17 00:00:00 2001
From: Karmaz95 <karol.mazurek95@gmail.com>
Date: Mon, 28 Oct 2024 22:27:22 +0100
Subject: [PATCH] Update to lief 15.0.1

---
 IX. TCC/python/CrimsonUroboros.py | 51 +++++++++++++++++++++++--------
 requirements.txt                  | 14 ++++-----
 tests/test_CrimsonUroboros.py     | 20 ++++++------
 3 files changed, 56 insertions(+), 29 deletions(-)

diff --git a/IX. TCC/python/CrimsonUroboros.py b/IX. TCC/python/CrimsonUroboros.py
index ec96c31..5bb7fbf 100755
--- a/IX. TCC/python/CrimsonUroboros.py	
+++ b/IX. TCC/python/CrimsonUroboros.py	
@@ -507,7 +507,7 @@ class SnakeI(SnakeAppBundleExtension):
             If not, it exits the program.
         '''
         for binary in binaries:
-            if binary.header.cpu_type == lief.MachO.CPU_TYPES.ARM64:
+            if binary.header.cpu_type == lief.MachO.Header.CPU_TYPE.ARM64:
                 return binary
 
         print('The specified Mach-O file is not in ARM64 architecture.')
@@ -643,8 +643,8 @@ class SnakeI(SnakeAppBundleExtension):
         imported_symbols = []
 
         for symbol in self.getSymbols():
-            if (symbol.type & self.symbol_types['N_EXT']):
-                if (symbol.type & self.symbol_types['N_TYPE']) == self.symbol_types['N_TYPES']['N_UNDF']:
+            if (symbol.type.value & self.symbol_types['N_EXT']):
+                if (symbol.type.value & self.symbol_types['N_TYPE']) == self.symbol_types['N_TYPES']['N_UNDF']:
                     imported_symbols.append(symbol)
 
         return(imported_symbols)
@@ -659,8 +659,8 @@ class SnakeI(SnakeAppBundleExtension):
         exported_symbols = []
 
         for symbol in self.getSymbols():
-            if (symbol.type & self.symbol_types['N_EXT']):
-                if (symbol.type & self.symbol_types['N_TYPE']) != self.symbol_types['N_TYPES']['N_UNDF']:
+            if (symbol.type.value & self.symbol_types['N_EXT']):
+                if (symbol.type.value & self.symbol_types['N_TYPE']) != self.symbol_types['N_TYPES']['N_UNDF']:
                     exported_symbols.append(symbol)
 
         return(exported_symbols)
@@ -719,7 +719,7 @@ class SnakeI(SnakeAppBundleExtension):
         '''Return strings from the __cstring (string table).'''
         extracted_strings = []
         for section in self.binary.sections:
-            if section.type == lief.MachO.SECTION_TYPES.CSTRING_LITERALS:
+            if section.type == lief.MachO.Section.TYPE.CSTRING_LITERALS:
                 strings_bytes = section.content.tobytes()
                 strings = strings_bytes.decode('utf-8', errors='ignore')
                 extracted_strings.extend(strings.split('\x00'))
@@ -1232,7 +1232,7 @@ class SnakeIII(SnakeII):
         filter_symbols = ['radr://5614542', '__mh_execute_header']
 
         for symbol in self.binary.symbols:
-            symbol_type = symbol.type
+            symbol_type = symbol.type.value
             symbol_name = symbol.name.lower().strip()
 
             is_symbol_stripped = (symbol_type & 0xe0 > 0) or (symbol_type in [0x0e, 0x1e, 0x0f])
@@ -1252,11 +1252,11 @@ class SnakeIII(SnakeII):
 
     def hasNXstack(self):
         '''Check if MH_ALLOW_STACK_EXECUTION (0x00020000 ) is not set in the header flags.'''
-        return not bool(self.binary.header.flags & lief.MachO.HEADER_FLAGS.ALLOW_STACK_EXECUTION.value)
+        return not bool(self.binary.header.flags & lief.MachO.Header.FLAGS.ALLOW_STACK_EXECUTION.value)
 
     def hasNXheap(self):
         '''Check if MH_NO_HEAP_EXECUTION (0x01000000 ) is set in the header flags.'''
-        return bool(self.binary.header.flags & lief.MachO.HEADER_FLAGS.NO_HEAP_EXECUTION.value)
+        return bool(self.binary.header.flags & lief.MachO.Header.FLAGS.NO_HEAP_EXECUTION.value)
 
     def isXNos():
         '''Check if the OS is running on the ARM architecture.'''
@@ -1313,7 +1313,7 @@ class SnakeIII(SnakeII):
 
     def checkIfCompiledForOtherThanARM(self):
         '''Iterates over FatBinary and check if there are other architectures than ARM.'''
-        XN_types = [lief.MachO.CPU_TYPES.ARM64, lief.MachO.CPU_TYPES.ARM]
+        XN_types = [lief.MachO.Header.CPU_TYPE.ARM64, lief.MachO.Header.CPU_TYPE.ARM]
         for binary in binaries:
             if binary.header.cpu_type not in XN_types:
                 print(f"[INFO -> XN]: {os.path.basename(self.file_path)} is compiled for other CPUs than ARM or ARM64.")
@@ -2885,7 +2885,6 @@ class SandboxProcessor:
         if args.extract_sandbox_operations: # Extract sandbox operations from the kernelcache.decompressed file
             snake_instance.printSandboxOperations()
 
-
 class SnakeVIII(SnakeVII):
     def __init__(self, binaries, file_path):
         super().__init__(binaries, file_path)
@@ -3115,6 +3114,25 @@ class SnakeVIII(SnakeVII):
         for operation in operations:
             print(operation)
 
+### ---- IX. TCC --- ###
+class TCCProcessor:
+    def __init__(self):
+        '''This class contains part of the code from the main() for the SnakeIX: TCC.'''
+        pass
+
+    def process(self, args):
+        if args.test: # 
+            snake_instance.test()
+
+class SnakeIX(SnakeVIII):
+    def __init__(self, binaries, file_path):
+        super().__init__(binaries, file_path)
+
+    def test(self):
+        ''' test '''
+        print('test')
+
+
 ### --- ARGUMENT PARSER --- ###  
 class ArgumentParser:
     def __init__(self):
@@ -3130,6 +3148,7 @@ class ArgumentParser:
         self.addAMFIArgs()
         self.addAntivirusArgs()
         self.addSandboxArgs()
+        self.addTCCArgs()
 
     def addGeneralArgs(self):
         general_group = self.parser.add_argument_group('GENERAL ARGS')
@@ -3278,6 +3297,10 @@ class ArgumentParser:
         sandbox_group.add_argument('--dump_kext', help="Dump the kernel extension binary from the kernelcache.decompressed file", metavar='kext_name')
         sandbox_group.add_argument('--extract_sandbox_operations', action='store_true', help="Extract sandbox operations from the Sandbox.kext file")
 
+    def addTCCArgs(self):
+        tcc_group = self.parser.add_argument_group('TCC ARGS')
+        tcc_group.add_argument('--test', action='store_true', help="test")
+
     def parseArgs(self):
         args = self.parser.parse_args()
 
@@ -3648,7 +3671,7 @@ if __name__ == "__main__":
     args = arg_parser.parseArgs()
 
     ### --- APP BUNDLE EXTENSION --- ###
-    snake_hatchery = SnakeHatchery(args, SnakeVIII)
+    snake_hatchery = SnakeHatchery(args, SnakeIX)
     snake_hatchery.hatch()
 
     ### --- I. MACH-O --- ###
@@ -3682,3 +3705,7 @@ if __name__ == "__main__":
     ### --- VIII. SANDBOX --- ###
     sandbox_processor = SandboxProcessor()
     sandbox_processor.process(args)
+
+    ### --- IX. TCC --- ###
+    tcc_processor = TCCProcessor()
+    tcc_processor.process(args)
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 254838f..93c0031 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
-lief
-uuid
-argparse
-asn1crypto
-pyimg4
-treelib
-xattr
\ No newline at end of file
+lief=0.15.1
+uuid=1.30
+argparse=1.4.0
+asn1crypto=1.5.1
+pyimg4=0.8
+treelib=1.7.0
+xattr=1.1.0
\ No newline at end of file
diff --git a/tests/test_CrimsonUroboros.py b/tests/test_CrimsonUroboros.py
index 223e2d9..1335d9b 100644
--- a/tests/test_CrimsonUroboros.py
+++ b/tests/test_CrimsonUroboros.py
@@ -368,7 +368,7 @@ class TestSnakeI():
             macho_processor.process(args)
             
         uroboros_output = executeCodeBlock(code_block)
-        expected_output = 'Header flags: TWOLEVEL NOUNDEFS DYLDLINK PIE'
+        expected_output = 'Header flags: NOUNDEFS DYLDLINK TWOLEVEL PIE'
         
         assert uroboros_output == expected_output
     
@@ -402,7 +402,7 @@ class TestSnakeI():
         uroboros_output = executeCodeBlock(code_block)
         expected_output_1 = 'ARM64'
         expected_output_2 = 'EXECUTE'
-        expected_output_3 = 'NOUNDEFS DYLDLINK TWOLEVEL PIE'
+        expected_output_3 = 'Flags: 2097285'
         
         assert expected_output_1 in uroboros_output
         assert expected_output_2 in uroboros_output
@@ -490,11 +490,11 @@ class TestSnakeI():
             macho_processor.process(args)
             
         uroboros_output = executeCodeBlock(code_block)
-        expected_output_1 = '__TEXT        __text              REGULAR                     0x100003f58-0x100007eb0         0x3f58-0x3f8c		(SOME_INSTRUCTIONS PURE_INSTRUCTIONS)'
-        expected_output_2 = '__TEXT        __stubs             SYMBOL_STUBS                0x100003f8c-0x100007f18         0x3f8c-0x3f98		(SOME_INSTRUCTIONS PURE_INSTRUCTIONS)'
-        expected_output_3 = '__TEXT        __cstring           CSTRING_LITERALS            0x100003f98-0x100007f30         0x3f98-0x3fa7		()'
-        expected_output_4 = '__TEXT        __unwind_info       REGULAR                     0x100003fa8-0x100007f50         0x3fa8-0x4000		()'
-        expected_output_5 = '__DATA_CONST  __got               NON_LAZY_SYMBOL_POINTERS    0x100004000-0x100008000         0x4000-0x4008		()'
+        expected_output_1 = '__TEXT        __text'
+        expected_output_2 = '__TEXT        __stubs'
+        expected_output_3 = '__TEXT        __cstring'
+        expected_output_4 = '__TEXT        __unwind_info'
+        expected_output_5 = '__DATA_CONST  __got'
         
         assert expected_output_1 in uroboros_output
         assert expected_output_2 in uroboros_output
@@ -710,9 +710,9 @@ class TestSnakeI():
 
         expected_output_1 = 'Entry point: 0x3f58'
         expected_output_2 = '__mh_execute_header'
-        expected_output_3 = '__PAGEZERO      ---/---      VM: 0x0000000000000000-0x0000000100000000       FILE: 0x0-0x0'
-        expected_output_4 = '__DATA_CONST0x100004000: _printf (libSystem.B.dylib) addend: 0x0'
-        expected_output_5 = 'Command : SEGMENT_64'
+        expected_output_3 = '__PAGEZERO'
+        expected_output_4 = '__DATA_CONST0x100004000'
+        expected_output_5 = 'Command: SEGMENT_64'
 
         assert expected_output_1 in uroboros_output
         assert expected_output_2 in uroboros_output