Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/push0ebp/allirt
Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
https://github.com/push0ebp/allirt
Last synced: 7 minutes ago
JSON representation
Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
- Host: GitHub
- URL: https://github.com/push0ebp/allirt
- Owner: push0ebp
- Created: 2018-03-31T17:41:41.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2022-12-08T02:08:17.000Z (almost 2 years ago)
- Last Synced: 2024-08-03T10:01:51.092Z (3 months ago)
- Language: Python
- Size: 3.93 MB
- Stars: 155
- Watchers: 7
- Forks: 30
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ALLIRT
Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
## Usage
```
$ python3 allirt.py
```
```
Usage : python3 alirt.py (-o -s -e -f -c )
```
*you must have* `flair` *utilities.* (`pelf`, `sigmake`, `zipsig`)
### Options
```
$ allirt.py -h
```
```
Usage: allirt.py -o
Options:
-h, --help show this help message and exit
-o OUT_DIR, --outdir=OUT_DIR
set result directory
-s START, --start=START
set series start range
-e END, --end=END set series end range
-f FLAIR, --flair=FLAIR
set flair util directory
-c, --no-compress sig not compress
```
`-f` option is flair utilities directory ( default : `flair` )
```
├── dumpsig
├── pcf
├── pelf
├── pelf.rtb
├── plb
├── pmacho
├── pomf166
├── ppsx
├── ptmobj
├── sigmake
└── zipsig
```
requires `pelf` `sigmake` `zipsig`
### Get all of signatures of libc packages
```
$ python3 allirt.py -f flair -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev
[INFO] OS Series (1/30) : warty (4.10)
[INFO] Architecture (1/3) : amd64
[INFO] Package Version (1/3) : 2.3.2.ds1-13ubuntu2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2 2018-06-03 02:09:52.441499
[INFO] Download Completed : http://launchpadlibrarian.net/1251110/libc6-dev_2.3.2.ds1-13ubuntu2_amd64.deb (2961464 bytes)
[INFO] Target library : ./usr/lib/libc.a
[INFO] Signature has been generated. -> tmp/ubuntu/4.10 (warty)/amd64/libc6_2.3.2.ds1-13ubuntu2_amd64.sig
[INFO] Package Version (2/3) : 2.3.2.ds1-13ubuntu2.2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.2 2018-06-03 02:10:10.521781
[WARNING] Package deleted
[INFO] Package Version (3/3) : 2.3.2.ds1-13ubuntu2.3
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.3 2018-06-03 02:10:11.242
.........................
[INFO] Architecture (5/5) : sparc
[WARNING] SKIPPED
[INFO] Finished
```
### Get signatures of some libc packages
using `-s` start `-e` end options.
range of os series
```
$ python3 allirt.py -f flair -s 1 -e 2 -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev
[INFO] OS Series (1/1) : hoary (5.04)
[INFO] Architecture (1/5) : amd64
[INFO] Package Version (1/3) : 2.3.2.ds1-20ubuntu13
[INFO] ubuntu 5.04 libc6-dev amd64 2.3.2.ds1-20ubuntu13 2018-06-03 02:04:58.0489
```
### Result
```
└── ubuntu
├── 4.10\ (warty)
│ └── amd64
│ └── libc6_2.3.2.ds1-13ubuntu2_amd64.sig
└── 5.04\ (hoary)
├── amd64
│ ├── libc6_2.3.2.ds1-20ubuntu13_amd64.sig
│ └── libc6_2.3.2.ds1-20ubuntu15_amd64.sig
├── i386
│ ├── libc6_2.3.2.ds1-20ubuntu13_i386.sig
│ └── libc6_2.3.2.ds1-20ubuntu15_i386.sig
├── ia64
└── powerpc
├── libc6_2.3.2.ds1-20ubuntu13_powerpc.sig
└── libc6_2.3.2.ds1-20ubuntu15_powerpc.sig
```
## TODO
* save a file (static library ex: libc.a)
* fliar.py command line interface
*suggests me your idea and issue*
this tool uses `launchpad.net` mirror. I am finding package mirrors.
Thanks to @hstocks - `Unknown relocation type`