This repository has been archived by the owner on Jan 18, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
lift.sh
executable file
·207 lines (174 loc) · 5.24 KB
/
lift.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
#!/bin/bash
#need to:
# pip install enum34
# pip install pyelftools
# Example entries:
# Mcsema installed to a virtualenv in /store/artem/diversity
#MCSEMA_DIR=/store/artem/diversity
# McSema source in the remill directory at /store/artem/diversity/remill/tools/mcsema
#MCSEMA_SRC=/store/artem/diversity/remill/tools/mcsema
# For now, We must use the LLVM 3.8 toolchain as thats what the multicompiler ships
LLVM_VERSION=3.8
# Location of the multicompiler
#MCOMP_DIR=/store/artem/diversity/multicompiler/install/bin/
# Set values for your installation here
MCSEMA_DIR=
MCSEMA_SRC=
MCOMP_DIR=
CXX=clang++-${LLVM_VERSION}
LIFTER=${MCSEMA_DIR}/bin/mcsema-lift-${LLVM_VERSION}
ABI_DIR=${MCSEMA_DIR}/share/mcsema/${LLVM_VERSION}/ABI/linux/
IN_DIR=$(pwd)
IN_FILE=example
OUT_DIR=$(pwd)
# This should be your IDA installation directory.
#IDA_DIR=/home/artem/ida-6.9
IDA_DIR=
function sanity_check
{
if [[ -z "${MCSEMA_DIR}" ]]
then
echo "Please edit this script and set MCSEMA_DIR to the mcsema *installation* directory"
exit 1
fi
local abi_lib="${ABI_DIR}/ABI_exceptions_amd64.bc"
if [[ ! -f "${abi_lib}" ]]
then
echo "ABI library for exceptions not found (checked: [${abi_lib}])."
echo "Please rebuild mcsema via: "
echo ""
echo " cd ${MCSEMA_SRC}/../../remill-build"
echo " cmake -DMCSEMA_DISABLED_ABI_LIBRARIES:STRING=\"\" .."
echo " make -j`nproc` install"
exit 1
fi
if [[ -z "${MCSEMA_SRC}" ]]
then
echo "Please edit this script and set MCSEMA_DIR to the mcsema *source code* directory"
exit 1
fi
if [[ -z "${IDA_DIR}" ]]
then
echo "Please edit this script and set the IDA_DIR variable to where IDA Pro is installed"
exit 1
fi
if [[ -z "${LLVM_VERSION}" ]]
then
echo "Please edit this script and set LLVM_VERSION to the desired LLVM version (e.g. 4.0)"
exit 1
fi
if [[ ! -f "${LIFTER}" ]]
then
echo "Could not find McSema installation. Looked for [${LIFTER}]"
exit 1
fi
if [[ "${1}" == "diversify" ]]
then
local mcomp_bin="${MCOMP_DIR}/clang++"
if [[ ! -f "${mcomp_bin}" ]]
then
echo "Could not find multicompiler. Looked for it in [${mcomp_bin}]"
echo "Please set MCOMP_DIR in this script to the multicompiler's installation directory"
exit 1
fi
${MCOMP_DIR}/clang++ --version | grep -q "clang version ${LLVM_VERSION}"
if [ $? -ne 0 ]
then
echo "Version mismatch between Multicompiler and McSema"
echo " Multicompiler: `${MCOMP_DIR}/clang++ --version | grep -o 'clang version ...'`"
echo " McSema: ${LLVM_VERSION}"
exit 1
fi
fi
}
function clean_and_build
{
echo "Cleaning old output..."
local in_file=${1}
rm -rf ${OUT_DIR}/${in_file}.cfg ${OUT_DIR}/${in_file}.bc ${OUT_DIR}/${in_file}_out.txt ${OUT_DIR}/${in_file}_lifted* dwarf_debug.log global.protobuf
echo "Building new 'example' binary"
${CXX} -m64 -g -Wall -O0 -o example example.cpp
}
function recover_globals
{
echo "Recovering Globals..."
local in_file=${1}
${MCSEMA_SRC}/tools/mcsema_disass/ida/var_recovery.py --binary \
${IN_DIR}/${in_file} \
--out ${OUT_DIR}/global.protobuf \
--log_file dwarf_debug.log
}
function recover_cfg
{
echo "Recovering CFG and Stack Variables..."
local in_file=${1}
${MCSEMA_DIR}/bin/mcsema-disass --disassembler ${IDA_DIR}/idal64 \
--entrypoint main \
--arch amd64 \
--os linux \
--binary ${IN_DIR}/${in_file} \
--output ${OUT_DIR}/${in_file}.cfg \
--log_file ${OUT_DIR}/${in_file}_out.txt \
--recover-exception \
--recover-stack-vars \
--recover-global-vars \
${OUT_DIR}/global.protobuf
}
function lift_binary
{
echo "Lifting binary..."
local in_file=${1}
${LIFTER} --arch amd64 \
--os linux \
--cfg ${OUT_DIR}/${in_file}.cfg \
--output ${OUT_DIR}/${in_file}.bc \
--libc_constructor __libc_csu_init \
--libc_destructor __libc_csu_fini \
--abi-libraries=${ABI_DIR}/ABI_exceptions_amd64.bc 2>lifter_errs.log
}
function new_binary
{
echo "Generating lifted binary..."
local in_file=${1}
${CXX} -std=c++11 -m64 -g -O0 -o ${OUT_DIR}/${in_file}-lifted \
${OUT_DIR}/${in_file}.bc \
-lmcsema_rt64-${LLVM_VERSION} \
-L${MCSEMA_DIR}/lib
}
function diversify_binary
{
if [[ -z "${MCOMP_DIR}" ]]
then
echo "Please edit this script and set MCOMP_DIR to the location of the multicompiler"
exit 1
fi
local MCOMP="${MCOMP_DIR}/clang++"
local in_file=${1}
local RANDOM_SEED=42
local MCOMP_CFLAGS="-flto -fuse-ld=gold -frandom-seed=${RANDOM_SEED} -g -O0 -fno-slp-vectorize"
local MCOMP_LDFLAGS="-g \
-Wl,--plugin-opt,-random-seed=${RANDOM_SEED} \
-Wl,--plugin-opt,disable-vectorization"
echo ${MCOMP} -m64 ${MCOMP_CFLAGS} \
${MCOMP_LDFLAGS} \
-rdynamic -o ${OUT_DIR}/${in_file}-diverse \
${OUT_DIR}/${in_file}.bc \
-lmcsema_rt64-${LLVM_VERSION} \
-L${MCSEMA_DIR}/lib
${MCOMP} -m64 ${MCOMP_CFLAGS} \
${MCOMP_LDFLAGS} \
-rdynamic -o ${OUT_DIR}/${in_file}-diverse \
${OUT_DIR}/${in_file}.bc \
-lmcsema_rt64-${LLVM_VERSION} \
-L${MCSEMA_DIR}/lib
}
sanity_check "${1}"
clean_and_build ${IN_FILE}
recover_globals ${IN_FILE}
recover_cfg ${IN_FILE}
lift_binary ${IN_FILE}
new_binary ${IN_FILE}
if [[ "${1}" == "diversify" ]]
then
diversify_binary ${IN_FILE}
fi