From c9d452e7c620a7bc60ddd0109705afde50aaddfe Mon Sep 17 00:00:00 2001 From: hyugogirubato <65763543+hyugogirubato@users.noreply.github.com> Date: Sat, 22 Jun 2024 18:07:30 +0200 Subject: [PATCH] Skip C native functions --- extractor/constants.py | 60 ++++++++++++++++++++++++++++++++++++++++++ extractor/keydive.js | 10 ++++--- extractor/uils.py | 23 ++++++++++++++++ 3 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 extractor/constants.py create mode 100644 extractor/uils.py diff --git a/extractor/constants.py b/extractor/constants.py new file mode 100644 index 0000000..152eb79 --- /dev/null +++ b/extractor/constants.py @@ -0,0 +1,60 @@ +from enum import Enum + + +class Native(Enum): + STDIO = { + 'fclose', 'fflush', 'fgetc', 'fgetpos', 'fgets', 'fopen', 'fprintf', 'fputc', 'fputs', 'fread', 'freopen', + 'fscanf', 'fseek', 'fsetpos', 'ftell', 'fwrite', 'getc', 'getchar', 'gets', 'perror', 'printf', 'putc', + 'putchar', 'puts', 'remove', 'rename', 'rewind', 'scanf', 'setbuf', 'setvbuf', 'sprintf', 'sscanf', 'tmpfile', + 'tmpnam', 'ungetc', 'vfprintf', 'vprintf', 'vsprintf', 'fileno', 'feof', 'ferror'} + STDLIB = { + 'abort', 'abs', 'atexit', 'atof', 'atoi', 'atol', 'bsearch', 'calloc', 'div', 'exit', 'free', 'getenv', 'labs', + 'ldiv', 'malloc', 'mblen', 'mbstowcs', 'mbtowc', 'qsort', 'rand', 'realloc', 'srand', 'strtod', 'strtol', + 'strtoul', 'system', 'wcstombs', 'wctomb'} + STRING = { + 'memchr', 'memcmp', 'memcpy', 'memmove', 'memset', 'strcat', 'strchr', 'strcmp', 'strcoll', 'strcpy', 'strcspn', + 'strerror', 'strlen', 'strncat', 'strncmp', 'strncpy', 'strpbrk', 'strrchr', 'strspn', 'strstr', 'strtok', + 'strxfrm', 'strncasecmp'} + MATH = { + 'acos', 'asin', 'atan', 'atan2', 'cos', 'cosh', 'exp', 'fabs', 'floor', 'fmod', 'frexp', 'ldexp', 'log', + 'log10', 'modf', 'pow', 'sin', 'sinh', 'sqrt', 'tan', 'tanh'} + CTYPE = { + 'isalnum', 'isalpha', 'iscntrl', 'isdigit', 'isgraph', 'islower', 'isprint', 'ispunct', 'isspace', 'isupper', + 'isxdigit', 'tolower', 'toupper'} + TIME = {'asctime', 'clock', 'ctime', 'difftime', 'gmtime', 'localtime', 'mktime', 'strftime', 'time'} + UNISTD = { + 'access', 'alarm', 'chdir', 'chown', 'close', 'dup', 'dup2', 'execle', 'execv', 'execve', 'execvp', 'fork', + 'fpathconf', 'getcwd', 'getegid', 'geteuid', 'getgid', 'getgroups', 'getlogin', 'getopt', 'getpgid', 'getpgrp', + 'getpid', 'getppid', 'getuid', 'isatty', 'lseek', 'pathconf', 'pause', 'pipe', 'read', 'rmdir', 'setgid', + 'setpgid', 'setsid', 'setuid', 'sleep', 'sysconf', 'tcgetpgrp', 'tcsetpgrp', 'ttyname', 'ttyname_r', 'write', + 'fsync', 'unlink', 'syscall', 'getpagesize'} + FCNTL = {'creat', 'fcntl', 'open'} + SYS_TYPE = {'fd_set', 'FD_CLR', 'FD_ISSET', 'FD_SET', 'FD_ZERO'} + SYS_STAT = {'chmod', 'fchmod', 'fstat', 'mkdir', 'mkfifo', 'stat', 'umask'} + SYS_TIME = {'gettimeofday', 'select', 'settimeofday'} + SIGNAL = { + 'signal', 'raise', 'kill', 'sigaction', 'sigaddset', 'sigdelset', 'sigemptyset', 'sigfillset', 'sigismember', + 'sigpending', 'sigprocmask', 'sigsuspend', 'alarm', 'pause'} + SETJMP = {'longjmp', 'setjmp'} + ERRNO = {'errno', 'strerror', 'perror'} + ASSERT = {'assert'} + LOCAL = {'localeconv', 'setlocale'} + WCHAR = { + 'btowc', 'fgetwc', 'fgetws', 'fputwc', 'fputws', 'fwide', 'fwprintf', 'fwscanf', 'getwc', 'getwchar', 'mbrlen', + 'mbrtowc', 'mbsinit', 'mbsrtowcs', 'putwc', 'putwchar', 'swprintf', 'swscanf', 'ungetwc', 'vfwprintf', + 'vfwscanf', + 'vwprintf', 'vwscanf', 'wcrtomb', 'wcscat', 'wcschr', 'wcscmp', 'wcscoll', 'wcscpy', 'wcscspn', 'wcsftime', + 'wcslen', 'wcsncat', 'wcsncmp', 'wcsncpy', 'wcspbrk', 'wcsrchr', 'wcsrtombs', 'wcsspn', 'wcsstr', 'wcstod', + 'wcstok', 'wcstol', 'wcstombs', 'wcstoul', 'wcsxfrm', 'wctob', 'wmemchr', 'wmemcmp', 'wmemcpy', 'wmemmove', + 'wmemset', 'wprintf', 'wscanf'} + WCTYPE = { + 'iswalnum', 'iswalpha', 'iswcntrl', 'iswdigit', 'iswgraph', 'iswlower', 'iswprint', 'iswpunct', 'iswspace', + 'iswupper', 'iswxdigit', 'towlower', 'towupper', 'iswctype', 'wctype'} + STDDEF = {'NULL', 'offsetof', 'ptrdiff_t', 'size_t', 'wchar_t'} + STDARG = {'va_arg', 'va_end', 'va_start'} + DLFCN = {'dlclose', 'dlerror', 'dlopen', 'dlsym'} + DIRENT = {'closedir', 'opendir', 'readdir'} + SYS_SENDFILE = {'sendfile'} + SYS_MMAN = {'mmap', 'mprotect', 'munmap'} + SYS_UTSNAME = {'uname'} + LINK = {'dladdr'} diff --git a/extractor/keydive.js b/extractor/keydive.js index 25d00f9..732cc1e 100644 --- a/extractor/keydive.js +++ b/extractor/keydive.js @@ -7,6 +7,7 @@ // Placeholder values dynamically replaced at runtime. const SDK_API = parseInt('${SDK_API}', 10); const OEM_CRYPTO_API = JSON.parse('${OEM_CRYPTO_API}'); +const NATIVE_C_API = JSON.parse('${NATIVE_C_API}'); const SYMBOLS = JSON.parse('${SYMBOLS}'); @@ -78,9 +79,9 @@ const hookLibrary = (name) => { let functions, target; if (SYMBOLS.length > 0) { functions = SYMBOLS.map(symbol => ({ - 'type': 'function', - 'name': symbol.name, - 'address': ptr(parseInt(symbol.address, 16) + parseInt(library.base, 16)) + type: 'function', + name: symbol.name, + address: ptr(parseInt(symbol.address, 16) + parseInt(library.base, 16)) })); } else { functions = library.enumerateExports(); @@ -88,6 +89,9 @@ const hookLibrary = (name) => { target = functions.find(func => OEM_CRYPTO_API.includes(func.name)); } + // Remove native C functions + functions = functions.filter(func => !NATIVE_C_API.includes(func.name)); + let hookedCount = 0; functions.forEach((func) => { if (func.type !== 'function') return; diff --git a/extractor/uils.py b/extractor/uils.py new file mode 100644 index 0000000..eb2acda --- /dev/null +++ b/extractor/uils.py @@ -0,0 +1,23 @@ +import re +from typing import Union + +from pathlib import Path + + +def sanitize(path: Union[Path, str]) -> Path: + if isinstance(path, str): + path = Path(path) + paths = [path.name, *[p.name for p in path.parents if p.name]][::-1] + for i, p in enumerate(paths): + p = p.replace('...', '').strip() + p = re.sub(r'[<>:"/|?*\x00-\x1F]', '_', p) + paths[i] = p + + return Path().joinpath(*paths) + + +if __name__ == '__main__': + path = Path() / 'hello rgtgr/sdg' + print(path) + path = sanitize(path) + print(path)