https://github.com/vasco-jofra/format-string-finder-binja
A binary ninja plugin that finds format string vulnerabilities
https://github.com/vasco-jofra/format-string-finder-binja
binary-ninja binary-ninja-plugin format-string-attack
Last synced: 3 months ago
JSON representation
A binary ninja plugin that finds format string vulnerabilities
- Host: GitHub
- URL: https://github.com/vasco-jofra/format-string-finder-binja
- Owner: Vasco-jofra
- License: mit
- Created: 2019-07-15T10:10:28.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2020-09-29T09:48:22.000Z (over 5 years ago)
- Last Synced: 2025-07-05T18:32:38.107Z (11 months ago)
- Topics: binary-ninja, binary-ninja-plugin, format-string-attack
- Language: Python
- Homepage:
- Size: 2.26 MB
- Stars: 24
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Format String Finder
Author: **jofra**
_Finds format string vulnerabilities_
## Description:
This plugin will detect format string vulnerabilities and printf-like functions.
## Example
## How it works
1. Loads [known functions](https://raw.githubusercontent.com/Vasco-jofra/format-string-finder-binja/master/src/data/default_printf_like_functions.data) that receive a format parameter.
2. For each xref of these functions find where the fmt parameter comes from:
1. If it comes from an **argument** we mark it as a **printf-like function** and test its xrefs
2. If it is a **constant** value located in a **read-only** area we mark it as **safe**
3. If it comes from a known **'safe' function call result** (functions from the `dgettext` family) we mark it as **safe**
4. Otherwise we mark it as **vulnerable**
3. Prints a markdown report
## Settings
- `format_string_finder.should_highlight_variable_trace`:
- Highlight instructions that are used in the trace of the format parameter origin.
- `format_string_finder.should_enable_tests_plugin`
- Enable the tests plugin. Only for development.