고정 헤더 영역
상세 컨텐츠
본문
반응형
오호..
엄청난 툴이 나왔습니다..!!
최근에 멀티 아키텍쳐를 지원하는 opcode generator 를 만들고 있었는데 버그를 만나서 때려쳤는데 얼마 지나지 않아 Keystone 이라고 하는 어셈블러가 나왔네요.
오예
프로젝트의 주소는 https://github.com/keystone-engine/keystone 에서 받고 빌드하실 수 있습니다...!!
공식 홈페이지의 주소는 http://www.keystone-engine.org/ 입니다.
깃에 써있는것을 보면..
Keystone is a lightweight multi-platform, multi-architecture assembler framework. It offers some unparalleled features:
- Multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ & X86 (include 16/32/64bit).
- Clean/simple/lightweight/intuitive architecture-neutral API.
- Implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go, Rust & Haskell available.
- Native support for Windows & *nix (with Mac OSX, Linux, *BSD & Solaris confirmed).
- Thread-safe by design.
- Open source - with a dual license.
Keystone is based on LLVM, but it goes much further with a lot more to offer.
Further information is available at http://www.keystone-engine.org
이렇게 써있군요.
오픈소스에 멀티아키텍쳐 및 다양한 언어 지원!! 얼른 써봅시다
Git clone 으로 서버에 받고 나서 빌드 스크립트를 실행하기 전에 아래 Dependency 를 해결해줍시다.
sudo apt-get install cmake
그 이후 keystone의 루트 디렉터리에 build 라는 폴더를 만들고 이동합니다.
그리고 ../make-share.sh 스크립트를 실행해주면 알아서 make를 날려줍니다.
[sweetchip@ubuntu keystone]$ mkdir build
[sweetchip@ubuntu keystone]$ cd build/
[sweetchip@ubuntu build]$ l
[sweetchip@ubuntu build]$ ../make-share.sh
+ [ -n ]
+ cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON -DLLVM_TARGETS_TO_BUILD=all -G Unix Makefiles ..
-- The C compiler identification is GNU 5.3.1
-- The CXX compiler identification is GNU 5.3.1
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- The ASM compiler identification is GNU
....
[ 98%] Linking CXX shared library ../lib/libkeystone.so
[ 98%] Built target keystone
Scanning dependencies of target kstool
[ 99%] Building CXX object kstool/CMakeFiles/kstool.dir/kstool.cpp.o
[100%] Linking CXX executable kstool
[100%] Built target kstool
make가 끝났으면 make install로 마무리 해줍니다.
[sweetchip@ubuntu build]$ sudo make install
[ 98%] Built target keystone
[100%] Built target kstool
Install the project...
-- Install configuration: "Release"
-- Installing: /usr/local/lib/pkgconfig/keystone.pc
-- Installing: /usr/local/include/keystone
-- Installing: /usr/local/include/keystone/x86.h
-- Installing: /usr/local/include/keystone/systemz.h
-- Installing: /usr/local/include/keystone/hexagon.h
-- Installing: /usr/local/include/keystone/sparc.h
-- Installing: /usr/local/include/keystone/arm64.h
-- Installing: /usr/local/include/keystone/ppc.h
-- Installing: /usr/local/include/keystone/mips.h
-- Installing: /usr/local/include/keystone/keystone.h
-- Installing: /usr/local/include/keystone/arm.h
-- Installing: /usr/local/lib/libkeystone.so.0
-- Installing: /usr/local/lib/libkeystone.so
-- Installing: /usr/local/bin/kstool
-- Set runtime path of "/usr/local/bin/kstool" to ""
자 이러면 설치 끝!
매우 쉽죠?
간단하게 사용해봅시다.
우선 커맨드라인으로 빠르게 보고싶다면..
[sweetchip@ubuntu build]$ kstool x32 "nop"
nop = [ 90 ]
[sweetchip@ubuntu build]$ kstool x32 "add eax, ebx"
add eax, ebx = [ 01 d8 ]
[sweetchip@ubuntu build]$ kstool arm "mov r1, r1"
mov r1, r1 = [ 01 10 a0 e1 ]
오홍.. 역시 기대한 대로 잘 나오는군요
Kstool v1.0 for Keystone Assembler Engine (www.keystone-engine.org)
By Nguyen Anh Quynh, 2016
Syntax: kstool <arch+mode> <assembly-string> or cat <asmfile> | kstool <arch+mode>
The following <arch+mode> options are supported:
x16: X86 16bit, Intel syntax
x32: X86 32bit, Intel syntax
x64: X86 64bit, Intel syntax
x16att: X86 16bit, AT&T syntax
x32att: X86 32bit, AT&T syntax
x64att: X86 64bit, AT&T syntax
x16nasm: X86 16bit, NASM syntax
x32nasm: X86 32bit, NASM syntax
x64nasm: X86 64bit, NASM syntax
arm: ARM - little endian
armbe: ARM - big endian
thumb: Thumb - little endian
thumbbe: Thumb - big endian
arm64: AArch64
hexagon: Hexagon
mips: Mips - little endian
mipsbe: Mips - big endian
mips64: Mips64 - little endian
mips64be: Mips64 - big endian
ppc32be: PowerPC32 - big endian
ppc64: PowerPC64 - little endian
ppc64be: PowerPC64 - big endian
sparc: Sparc - little endian
sparcbe: Sparc - big endian
sparc64: Sparc64 - little endian
sparc64be: Sparc64 - big endian
systemz: SystemZ (S390x)
위는 지원하는 목록입니다.
[sweetchip@ubuntu python]$ ls
keystone LICENSE.TXT Makefile MANIFEST.in README.md sample.py setup.py
[sweetchip@ubuntu python]$ sudo python setup.py install
running install
running build
running build_py
creating build
...
만약 python에서도 사용하고 싶다면 keystone/bindings/python/ 로 이동후에 설치해줍니다!
[sweetchip@ubuntu python]$ python sample.py
add eax, ecx = [ 66 01 c8 ]
add eax, ecx = [ 01 c8 ]
add rax, rcx = [ 48 01 c8 ]
add %ecx, %eax = [ 01 c8 ]
add %rcx, %rax = [ 48 01 c8 ]
sub r1, r2, r5 = [ 05 10 42 e0 ]
sub r1, r2, r5 = [ e0 42 10 05 ]
movs r4, #0xf0 = [ f0 24 ]
movs r4, #0xf0 = [ 24 f0 ]
ldr w1, [sp, #0x8] = [ e1 0b 40 b9 ]
v23.w=vavg(v11.w,v2.w):rnd = [ d7 cb e2 1c ]
and $9, $6, $7 = [ 24 48 c7 00 ]
and $9, $6, $7 = [ 00 c7 48 24 ]
and $9, $6, $7 = [ 24 48 c7 00 ]
and $9, $6, $7 = [ 00 c7 48 24 ]
add 1, 2, 3 = [ 7c 22 1a 14 ]
add 1, 2, 3 = [ 14 1a 22 7c ]
add 1, 2, 3 = [ 7c 22 1a 14 ]
add %g1, %g2, %g3 = [ 02 40 00 86 ]
add %g1, %g2, %g3 = [ 86 00 40 02 ]
a %r0, 4095(%r15,%r1) = [ 5a 0f 1f ff ]
설치 후 sample.py를 실행시켜 제대로 작동하는지 확인하니 잘 나오네요.
이제 이걸로 뭘 할까나..
반응형
'0x10 정보보안 > 0x14 Reverse Engineering' 카테고리의 다른 글
| 메모리 버그 디텍터 - ASAN (AddressSanitizer) 사용법 (5) | 2016.06.09 |
|---|---|
| 윈도우 XP, 7에서의 WINDBG 를 이용한 Kernel Debugging (커널 디버깅) (3) | 2015.06.21 |
| IOS 앱 원본 바이너리 추출 및 복호화 - dumpdecrypted (10) | 2015.03.09 |
| [Fuzzer 만들기 프로젝트!] Pydbg 한번에 설치하기 (2) | 2013.10.04 |
| NewHeart 2013 Write ups - reversing (1) | 2013.05.29 |
