Skip C native functions

This commit is contained in:
hyugogirubato 2024-06-22 18:07:30 +02:00
parent 36d5f0db6a
commit c9d452e7c6
3 changed files with 90 additions and 3 deletions

60
extractor/constants.py Normal file
View File

@ -0,0 +1,60 @@
from enum import Enum
class Native(Enum):
STDIO = {
'fclose', 'fflush', 'fgetc', 'fgetpos', 'fgets', 'fopen', 'fprintf', 'fputc', 'fputs', 'fread', 'freopen',
'fscanf', 'fseek', 'fsetpos', 'ftell', 'fwrite', 'getc', 'getchar', 'gets', 'perror', 'printf', 'putc',
'putchar', 'puts', 'remove', 'rename', 'rewind', 'scanf', 'setbuf', 'setvbuf', 'sprintf', 'sscanf', 'tmpfile',
'tmpnam', 'ungetc', 'vfprintf', 'vprintf', 'vsprintf', 'fileno', 'feof', 'ferror'}
STDLIB = {
'abort', 'abs', 'atexit', 'atof', 'atoi', 'atol', 'bsearch', 'calloc', 'div', 'exit', 'free', 'getenv', 'labs',
'ldiv', 'malloc', 'mblen', 'mbstowcs', 'mbtowc', 'qsort', 'rand', 'realloc', 'srand', 'strtod', 'strtol',
'strtoul', 'system', 'wcstombs', 'wctomb'}
STRING = {
'memchr', 'memcmp', 'memcpy', 'memmove', 'memset', 'strcat', 'strchr', 'strcmp', 'strcoll', 'strcpy', 'strcspn',
'strerror', 'strlen', 'strncat', 'strncmp', 'strncpy', 'strpbrk', 'strrchr', 'strspn', 'strstr', 'strtok',
'strxfrm', 'strncasecmp'}
MATH = {
'acos', 'asin', 'atan', 'atan2', 'cos', 'cosh', 'exp', 'fabs', 'floor', 'fmod', 'frexp', 'ldexp', 'log',
'log10', 'modf', 'pow', 'sin', 'sinh', 'sqrt', 'tan', 'tanh'}
CTYPE = {
'isalnum', 'isalpha', 'iscntrl', 'isdigit', 'isgraph', 'islower', 'isprint', 'ispunct', 'isspace', 'isupper',
'isxdigit', 'tolower', 'toupper'}
TIME = {'asctime', 'clock', 'ctime', 'difftime', 'gmtime', 'localtime', 'mktime', 'strftime', 'time'}
UNISTD = {
'access', 'alarm', 'chdir', 'chown', 'close', 'dup', 'dup2', 'execle', 'execv', 'execve', 'execvp', 'fork',
'fpathconf', 'getcwd', 'getegid', 'geteuid', 'getgid', 'getgroups', 'getlogin', 'getopt', 'getpgid', 'getpgrp',
'getpid', 'getppid', 'getuid', 'isatty', 'lseek', 'pathconf', 'pause', 'pipe', 'read', 'rmdir', 'setgid',
'setpgid', 'setsid', 'setuid', 'sleep', 'sysconf', 'tcgetpgrp', 'tcsetpgrp', 'ttyname', 'ttyname_r', 'write',
'fsync', 'unlink', 'syscall', 'getpagesize'}
FCNTL = {'creat', 'fcntl', 'open'}
SYS_TYPE = {'fd_set', 'FD_CLR', 'FD_ISSET', 'FD_SET', 'FD_ZERO'}
SYS_STAT = {'chmod', 'fchmod', 'fstat', 'mkdir', 'mkfifo', 'stat', 'umask'}
SYS_TIME = {'gettimeofday', 'select', 'settimeofday'}
SIGNAL = {
'signal', 'raise', 'kill', 'sigaction', 'sigaddset', 'sigdelset', 'sigemptyset', 'sigfillset', 'sigismember',
'sigpending', 'sigprocmask', 'sigsuspend', 'alarm', 'pause'}
SETJMP = {'longjmp', 'setjmp'}
ERRNO = {'errno', 'strerror', 'perror'}
ASSERT = {'assert'}
LOCAL = {'localeconv', 'setlocale'}
WCHAR = {
'btowc', 'fgetwc', 'fgetws', 'fputwc', 'fputws', 'fwide', 'fwprintf', 'fwscanf', 'getwc', 'getwchar', 'mbrlen',
'mbrtowc', 'mbsinit', 'mbsrtowcs', 'putwc', 'putwchar', 'swprintf', 'swscanf', 'ungetwc', 'vfwprintf',
'vfwscanf',
'vwprintf', 'vwscanf', 'wcrtomb', 'wcscat', 'wcschr', 'wcscmp', 'wcscoll', 'wcscpy', 'wcscspn', 'wcsftime',
'wcslen', 'wcsncat', 'wcsncmp', 'wcsncpy', 'wcspbrk', 'wcsrchr', 'wcsrtombs', 'wcsspn', 'wcsstr', 'wcstod',
'wcstok', 'wcstol', 'wcstombs', 'wcstoul', 'wcsxfrm', 'wctob', 'wmemchr', 'wmemcmp', 'wmemcpy', 'wmemmove',
'wmemset', 'wprintf', 'wscanf'}
WCTYPE = {
'iswalnum', 'iswalpha', 'iswcntrl', 'iswdigit', 'iswgraph', 'iswlower', 'iswprint', 'iswpunct', 'iswspace',
'iswupper', 'iswxdigit', 'towlower', 'towupper', 'iswctype', 'wctype'}
STDDEF = {'NULL', 'offsetof', 'ptrdiff_t', 'size_t', 'wchar_t'}
STDARG = {'va_arg', 'va_end', 'va_start'}
DLFCN = {'dlclose', 'dlerror', 'dlopen', 'dlsym'}
DIRENT = {'closedir', 'opendir', 'readdir'}
SYS_SENDFILE = {'sendfile'}
SYS_MMAN = {'mmap', 'mprotect', 'munmap'}
SYS_UTSNAME = {'uname'}
LINK = {'dladdr'}

View File

@ -7,6 +7,7 @@
// Placeholder values dynamically replaced at runtime. // Placeholder values dynamically replaced at runtime.
const SDK_API = parseInt('${SDK_API}', 10); const SDK_API = parseInt('${SDK_API}', 10);
const OEM_CRYPTO_API = JSON.parse('${OEM_CRYPTO_API}'); const OEM_CRYPTO_API = JSON.parse('${OEM_CRYPTO_API}');
const NATIVE_C_API = JSON.parse('${NATIVE_C_API}');
const SYMBOLS = JSON.parse('${SYMBOLS}'); const SYMBOLS = JSON.parse('${SYMBOLS}');
@ -78,9 +79,9 @@ const hookLibrary = (name) => {
let functions, target; let functions, target;
if (SYMBOLS.length > 0) { if (SYMBOLS.length > 0) {
functions = SYMBOLS.map(symbol => ({ functions = SYMBOLS.map(symbol => ({
'type': 'function', type: 'function',
'name': symbol.name, name: symbol.name,
'address': ptr(parseInt(symbol.address, 16) + parseInt(library.base, 16)) address: ptr(parseInt(symbol.address, 16) + parseInt(library.base, 16))
})); }));
} else { } else {
functions = library.enumerateExports(); functions = library.enumerateExports();
@ -88,6 +89,9 @@ const hookLibrary = (name) => {
target = functions.find(func => OEM_CRYPTO_API.includes(func.name)); target = functions.find(func => OEM_CRYPTO_API.includes(func.name));
} }
// Remove native C functions
functions = functions.filter(func => !NATIVE_C_API.includes(func.name));
let hookedCount = 0; let hookedCount = 0;
functions.forEach((func) => { functions.forEach((func) => {
if (func.type !== 'function') return; if (func.type !== 'function') return;

23
extractor/uils.py Normal file
View File

@ -0,0 +1,23 @@
import re
from typing import Union
from pathlib import Path
def sanitize(path: Union[Path, str]) -> Path:
if isinstance(path, str):
path = Path(path)
paths = [path.name, *[p.name for p in path.parents if p.name]][::-1]
for i, p in enumerate(paths):
p = p.replace('...', '').strip()
p = re.sub(r'[<>:"/|?*\x00-\x1F]', '_', p)
paths[i] = p
return Path().joinpath(*paths)
if __name__ == '__main__':
path = Path() / 'hello rgtgr/sdg'
print(path)
path = sanitize(path)
print(path)