diff --git a/.travis.yml b/.travis.yml index 7860673..efe6f98 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,18 +10,19 @@ addons: - python-virtualenv - unzip - gcc-multilib + - python-future before_script: - "cd .." # make virtual env - "python /usr/lib/python2.7/dist-packages/virtualenv.py virtualenv;" - "cd virtualenv;" - "source bin/activate;" -# install elfesteem -- "git clone https://github.com/serpilliere/elfesteem elfesteem && cd elfesteem && python setup.py install && cd ..;" # install pyparsing - "pip install pyparsing" +# install future +- "pip install future" # install miasm -- "cd ..;git clone -b 'v0.1.1' https://github.com/cea-sec/miasm miasm && cd miasm;" +- "cd ..;git clone -b 'v0.1.3' https://github.com/cea-sec/miasm miasm && cd miasm;" - "python setup.py build build_ext -I$(pwd)/../virtualenv/include -L$(pwd)/../virtualenv/tinycc" - "python setup.py install" - "cd ..;" diff --git a/Dockerfile b/Dockerfile index 5ec4487..aeb05b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,12 +28,12 @@ RUN cd /opt &&\ tar xzvf Sibyl.tar.gz &&\ rm Sibyl.tar.gz &&\ mv Sibyl-master Sibyl &&\ - chown -Rh miasm2 Sibyl &&\ + chown -Rh miasm Sibyl &&\ cd Sibyl &&\ python setup.py install # Prepare the environment WORKDIR /opt/Sibyl -USER miasm2 +USER miasm CMD ["/usr/local/bin/sibyl"] diff --git a/README.md b/README.md index 6b247c8..1309cfc 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Copyright 2014 - 2019 [Camille MOUGEY](mailto:camille.mougey@cea.fr) Sibyl ===== -A _Miasm2_ based function divination. +A _Miasm_ based function divination. Idea ---- @@ -16,7 +16,7 @@ But it is a time consuming task. Moreover, this task is made more difficult due Tools have been developed to automate this task. Some are based on CFG (Control Flow Graph) signature (_Bindiff_), others on magic constants (_FindCrypt_) or enhanced pattern matching (_FLIRT_). -_Sibyl_ is one of these tools, dynamic analysis oriented and **based on _Miasm2_** (https://github.com/cea-sec/miasm). +_Sibyl_ is one of these tools, dynamic analysis oriented and **based on _Miasm_** (https://github.com/cea-sec/miasm). The idea is to identify functions from their side effects. That way, identification is independent of the used implementation. Identifications are done thanks to these steps: @@ -167,7 +167,7 @@ Installation ### Standard -_Sibyl_ requires at least _Miasm2_ version `v0.1.1` and the corresponding version of _Elfesteem_. +_Sibyl_ requires at least _Miasm_ version `v0.1.3`. For the `qemu` engine, the `unicorn` python package must be installed (refer to the documentation of Unicorn for more detail). _Sibyl_ comes as a Python module, and the installation follow the standard procedure: @@ -253,7 +253,7 @@ To avoid these behaviors, there is a timeout on each sub-test. The _-i/--timeout ### How to run the tool on a custom architecture? -Once the architecture and corresponding semantic is implemented in Miasm2, one just needs to implement the wanted ABI in _sibyl/abi/_. +Once the architecture and corresponding semantic is implemented in Miasm, one just needs to implement the wanted ABI in _sibyl/abi/_. If writing the jitter engine part is an issue, one can directly use the _python_ jitter option with _-j/--jitter_ argument. If the semantic is not complete enough, one can add the corresponding bridge with _qemu_ in `sibyl/engine/qemu.py`, if available. diff --git a/doc/LEARNING.md b/doc/LEARNING.md index 20df87d..e0ee9ef 100644 --- a/doc/LEARNING.md +++ b/doc/LEARNING.md @@ -112,7 +112,7 @@ restrictive implementation, or a useless argument. The resulting test looks like: ```Python -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE from sibyl.test.test import TestHeader, TestSetTest diff --git a/setup.py b/setup.py index f43dc6a..3a51220 100755 --- a/setup.py +++ b/setup.py @@ -26,13 +26,13 @@ url='https://github.com/cea-sec/sibyl', download_url='https://github.com/cea-sec/sibyl/tarball/master', license='GPLv3+', - description='A Miasm2 based function divination', + description='A Miasm based function divination', long_description=""" Sibyl is a tool aiming at recognizing functions in binaries based on their side effects, by running them in a sandboxed environment.""", keywords=["reverse engineering", "emulation"], install_requires=[ - 'miasm2', + 'miasm', ], packages=['sibyl', 'sibyl/abi', 'sibyl/engine', 'sibyl/learn', 'sibyl/learn/tracer', 'sibyl/learn/generator', diff --git a/sibyl/actions/find.py b/sibyl/actions/find.py index fb8fc80..409aa3d 100644 --- a/sibyl/actions/find.py +++ b/sibyl/actions/find.py @@ -19,8 +19,8 @@ import sys from collections import namedtuple -from miasm2.analysis.machine import Machine -from miasm2.analysis.binary import Container +from miasm.analysis.machine import Machine +from miasm.analysis.binary import Container from sibyl.config import config from sibyl.testlauncher import TestLauncher diff --git a/sibyl/actions/func.py b/sibyl/actions/func.py index 2eb7f4b..2a047b7 100644 --- a/sibyl/actions/func.py +++ b/sibyl/actions/func.py @@ -16,8 +16,8 @@ import os -from miasm2.analysis.machine import Machine -from miasm2.analysis.binary import Container +from miasm.analysis.machine import Machine +from miasm.analysis.binary import Container from sibyl.config import config, config_paths from sibyl.actions.action import Action diff --git a/sibyl/actions/learn.py b/sibyl/actions/learn.py index 49f279d..0536849 100644 --- a/sibyl/actions/learn.py +++ b/sibyl/actions/learn.py @@ -1,7 +1,7 @@ import argparse import logging -from miasm2.analysis.binary import Container +from miasm.analysis.binary import Container from sibyl.actions.action import Action from sibyl.learn.tracer import AVAILABLE_TRACER diff --git a/sibyl/commons.py b/sibyl/commons.py index c090561..7887b2e 100644 --- a/sibyl/commons.py +++ b/sibyl/commons.py @@ -5,8 +5,8 @@ except ImportError: pycparser = None else: - from miasm2.core.ctypesmngr import c_to_ast, CTypeFunc - from miasm2.core.objc import ObjCPtr, ObjCArray + from miasm.core.ctypesmngr import c_to_ast, CTypeFunc + from miasm.core.objc import ObjCPtr, ObjCArray def init_logger(name): logger = logging.getLogger(name) @@ -51,7 +51,7 @@ class HeaderFile(object): def __init__(self, header_data, ctype_manager): """Parse @header_data to fill @ctype_manager @header_data: str of a C-like header file - @ctype_manager: miasm2.core.objc.CTypesManager instance""" + @ctype_manager: miasm.core.objc.CTypesManager instance""" self.data = header_data self.ctype_manager = ctype_manager diff --git a/sibyl/config.py b/sibyl/config.py index 76b21f7..000b1b1 100644 --- a/sibyl/config.py +++ b/sibyl/config.py @@ -67,7 +67,7 @@ def __init__(self, default_config, files): def expandpath(path): """Expand @path with following rules: - $SIBYL is replaced by the installation path of Sibyl - - $MIASM is replaced by the installation path of miasm2 + - $MIASM is replaced by the installation path of miasm - path are expanded ('~' -> '/home/user', ...) """ if "$SIBYL" in path: @@ -76,9 +76,9 @@ def expandpath(path): path = path.replace("$SIBYL", sibyl_base) if "$MIASM" in path: - import miasm2 - miasm2_base = miasm2.__path__[0] - path = path.replace("$MIASM", miasm2_base) + import miasm + miasm_base = miasm.__path__[0] + path = path.replace("$MIASM", miasm_base) path = os.path.expandvars(path) path = os.path.expanduser(path) diff --git a/sibyl/engine/__init__.py b/sibyl/engine/__init__.py index 2eb6aa2..0d31610 100644 --- a/sibyl/engine/__init__.py +++ b/sibyl/engine/__init__.py @@ -1,4 +1,4 @@ """This module abstracts running engine""" from sibyl.engine.qemu import QEMUEngine -from sibyl.engine.miasm import MiasmEngine +from sibyl.engine.miasm_engine import MiasmEngine diff --git a/sibyl/engine/engine.py b/sibyl/engine/engine.py index 3897680..ae93286 100644 --- a/sibyl/engine/engine.py +++ b/sibyl/engine/engine.py @@ -6,7 +6,7 @@ class Engine(object): def __init__(self, machine): """Instanciate an Engine - @machine: miasm2.analysis.machine:Machine instance""" + @machine: miasm.analysis.machine:Machine instance""" self.logger = init_logger(self.__class__.__name__) def take_snapshot(self): diff --git a/sibyl/engine/miasm.py b/sibyl/engine/miasm_engine.py similarity index 100% rename from sibyl/engine/miasm.py rename to sibyl/engine/miasm_engine.py diff --git a/sibyl/engine/qemu.py b/sibyl/engine/qemu.py index dab442a..4f783d0 100644 --- a/sibyl/engine/qemu.py +++ b/sibyl/engine/qemu.py @@ -1,5 +1,5 @@ -from miasm2.core.utils import pck32, pck64 -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.core.utils import pck32, pck64 +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE try: import unicorn except ImportError: diff --git a/sibyl/heuristics/arch.py b/sibyl/heuristics/arch.py index 43a7c02..835efa0 100644 --- a/sibyl/heuristics/arch.py +++ b/sibyl/heuristics/arch.py @@ -1,6 +1,6 @@ "Module for architecture guessing" -from miasm2.analysis.binary import Container, ContainerUnknown +from miasm.analysis.binary import Container, ContainerUnknown from sibyl.heuristics.heuristic import Heuristic diff --git a/sibyl/heuristics/func.py b/sibyl/heuristics/func.py index ee585ea..4ea4f9e 100644 --- a/sibyl/heuristics/func.py +++ b/sibyl/heuristics/func.py @@ -6,7 +6,7 @@ import shutil import os -from miasm2.core.asmblock import AsmBlockBad, log_asmblock +from miasm.core.asmblock import AsmBlockBad, log_asmblock from sibyl.heuristics.heuristic import Heuristic import sibyl.heuristics.csts as csts @@ -225,8 +225,8 @@ class FuncHeuristic(Heuristic): def __init__(self, cont, machine, filename): """ - @cont: miasm2's Container instance - @machine: miasm2's Machine instance + @cont: miasm's Container instance + @machine: miasm's Machine instance @filename: target's filename """ super(FuncHeuristic, self).__init__() diff --git a/sibyl/learn/findref.py b/sibyl/learn/findref.py index ca1cca3..b4d366f 100644 --- a/sibyl/learn/findref.py +++ b/sibyl/learn/findref.py @@ -1,14 +1,14 @@ import struct import logging -from miasm2.jitter.loader.elf import vm_load_elf -from miasm2.analysis.machine import Machine -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE, EXCEPT_ACCESS_VIOL, EXCEPT_DIV_BY_ZERO, EXCEPT_PRIV_INSN -from miasm2.core.bin_stream import bin_stream_vm -from miasm2.analysis.dse import ESETrackModif -import miasm2.expression.expression as m2_expr -from miasm2.ir.ir import AssignBlock -from miasm2.core.objc import CHandler +from miasm.jitter.loader.elf import vm_load_elf +from miasm.analysis.machine import Machine +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE, EXCEPT_ACCESS_VIOL, EXCEPT_DIV_BY_ZERO, EXCEPT_PRIV_INSN +from miasm.core.bin_stream import bin_stream_vm +from miasm.analysis.dse import ESETrackModif +import miasm.expression.expression as m2_expr +from miasm.ir.ir import AssignBlock +from miasm.core.objc import CHandler from sibyl.commons import objc_is_dereferenceable from sibyl.config import config diff --git a/sibyl/learn/generator/generator.py b/sibyl/learn/generator/generator.py index f99e2f0..33659d1 100644 --- a/sibyl/learn/generator/generator.py +++ b/sibyl/learn/generator/generator.py @@ -1,4 +1,4 @@ -from miasm2.analysis.machine import Machine +from miasm.analysis.machine import Machine class Generator(object): diff --git a/sibyl/learn/generator/pythongenerator.py b/sibyl/learn/generator/pythongenerator.py index e78ac6b..653b127 100644 --- a/sibyl/learn/generator/pythongenerator.py +++ b/sibyl/learn/generator/pythongenerator.py @@ -2,11 +2,11 @@ from sibyl.learn.generator.generator import Generator from sibyl.learn.generator import templates as TPL from sibyl.learn.trace import MemoryAccess -from miasm2.ir.ir import AssignBlock +from miasm.ir.ir import AssignBlock -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE -from miasm2.expression.expression import * -from miasm2.expression.simplifications import expr_simp +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.expression.expression import * +from miasm.expression.simplifications import expr_simp from sibyl.commons import objc_is_dereferenceable diff --git a/sibyl/learn/generator/templates.py b/sibyl/learn/generator/templates.py index 84ca687..9b2bef3 100644 --- a/sibyl/learn/generator/templates.py +++ b/sibyl/learn/generator/templates.py @@ -1,6 +1,6 @@ # Python imports = """ -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE from sibyl.test.test import TestHeader, TestSetTest """.strip() diff --git a/sibyl/learn/learn.py b/sibyl/learn/learn.py index 750866e..f7ca1d6 100644 --- a/sibyl/learn/learn.py +++ b/sibyl/learn/learn.py @@ -5,9 +5,9 @@ import pycparser except ImportError: raise ImportError("pycparser module is needed to learn and generate") -from miasm2.core.objc import CTypesManagerNotPacked -from miasm2.core.ctypesmngr import CAstTypes -from miasm2.arch.x86.ctype import CTypeAMD64_unk +from miasm.core.objc import CTypesManagerNotPacked +from miasm.core.ctypesmngr import CAstTypes +from miasm.arch.x86.ctype import CTypeAMD64_unk from sibyl.learn.replay import Replay from sibyl.learn.findref import ExtractRef diff --git a/sibyl/learn/replay.py b/sibyl/learn/replay.py index 843e27b..3b7192b 100644 --- a/sibyl/learn/replay.py +++ b/sibyl/learn/replay.py @@ -1,8 +1,8 @@ import struct -from miasm2.jitter.loader.elf import vm_load_elf -from miasm2.analysis.machine import Machine -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE, EXCEPT_ACCESS_VIOL, EXCEPT_DIV_BY_ZERO, EXCEPT_PRIV_INSN +from miasm.jitter.loader.elf import vm_load_elf +from miasm.analysis.machine import Machine +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE, EXCEPT_ACCESS_VIOL, EXCEPT_DIV_BY_ZERO, EXCEPT_PRIV_INSN from sibyl.config import config diff --git a/sibyl/learn/trace.py b/sibyl/learn/trace.py index 1aeb8b4..e5f4de5 100644 --- a/sibyl/learn/trace.py +++ b/sibyl/learn/trace.py @@ -2,9 +2,9 @@ import struct from sibyl.learn.replay import Replay -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE -from miasm2.core.graph import DiGraph -from miasm2.analysis.machine import Machine +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.core.graph import DiGraph +from miasm.analysis.machine import Machine class Trace(list): diff --git a/sibyl/learn/tracer/__init__.py b/sibyl/learn/tracer/__init__.py index 9accd98..d33915f 100644 --- a/sibyl/learn/tracer/__init__.py +++ b/sibyl/learn/tracer/__init__.py @@ -4,7 +4,7 @@ """ from sibyl.learn.tracer.pin import TracerPin -from sibyl.learn.tracer.miasm import TracerMiasm +from sibyl.learn.tracer.miasm_tracer import TracerMiasm AVAILABLE_TRACER = { "pin": TracerPin, diff --git a/sibyl/learn/tracer/miasm.py b/sibyl/learn/tracer/miasm_tracer.py similarity index 96% rename from sibyl/learn/tracer/miasm.py rename to sibyl/learn/tracer/miasm_tracer.py index 3f466b5..9c4596f 100644 --- a/sibyl/learn/tracer/miasm.py +++ b/sibyl/learn/tracer/miasm_tracer.py @@ -5,10 +5,10 @@ from sibyl.learn.tracer.tracer import Tracer from sibyl.learn.trace import Trace, Snapshot -from miasm2.jitter.emulatedsymbexec import EmulatedSymbExec -from miasm2.jitter.csts import PAGE_READ -from miasm2.analysis.machine import Machine -from miasm2.jitter.loader.elf import vm_load_elf +from miasm.jitter.emulatedsymbexec import EmulatedSymbExec +from miasm.jitter.csts import PAGE_READ +from miasm.analysis.machine import Machine +from miasm.jitter.loader.elf import vm_load_elf class CustomEmulatedSymbExec(EmulatedSymbExec): '''New emulator that trap all memory read and write which is needed by the miasm tracer''' diff --git a/sibyl/test/test.py b/sibyl/test/test.py index dc58d55..051e015 100644 --- a/sibyl/test/test.py +++ b/sibyl/test/test.py @@ -16,17 +16,17 @@ import random -from miasm2.jitter.csts import PAGE_READ, PAGE_WRITE -from miasm2.expression.modint import mod_size2int -from miasm2.expression.simplifications import expr_simp +from miasm.jitter.csts import PAGE_READ, PAGE_WRITE +from miasm.expression.modint import mod_size2int +from miasm.expression.simplifications import expr_simp try: import pycparser except ImportError: pycparser = None else: - from miasm2.core.objc import CTypesManagerNotPacked, CHandler - from miasm2.core.ctypesmngr import CAstTypes - from miasm2.arch.x86.ctype import CTypeAMD64_unk + from miasm.core.objc import CTypesManagerNotPacked, CHandler + from miasm.core.ctypesmngr import CAstTypes + from miasm.arch.x86.ctype import CTypeAMD64_unk from sibyl.commons import HeaderFile diff --git a/sibyl/testlauncher.py b/sibyl/testlauncher.py index eecdcca..3381b71 100644 --- a/sibyl/testlauncher.py +++ b/sibyl/testlauncher.py @@ -20,7 +20,7 @@ import time import signal import logging -from miasm2.analysis.binary import Container, ContainerPE, ContainerELF +from miasm.analysis.binary import Container, ContainerPE, ContainerELF from sibyl.commons import init_logger, TimeoutException, END_ADDR from sibyl.engine import QEMUEngine, MiasmEngine @@ -63,12 +63,12 @@ def init_stub(self): libs = None if isinstance(self.ctr, ContainerPE): - from miasm2.jitter.loader.pe import preload_pe, libimp_pe + from miasm.jitter.loader.pe import preload_pe, libimp_pe libs = libimp_pe() preload_pe(self.jitter.vm, self.ctr.executable, libs) elif isinstance(self.ctr, ContainerELF): - from miasm2.jitter.loader.elf import preload_elf, libimp_elf + from miasm.jitter.loader.elf import preload_elf, libimp_elf libs = libimp_elf() preload_elf(self.jitter.vm, self.ctr.executable, libs) diff --git a/test/find/run_ctests.py b/test/find/run_ctests.py index aa27ae1..2f0ac18 100644 --- a/test/find/run_ctests.py +++ b/test/find/run_ctests.py @@ -5,7 +5,7 @@ from argparse import ArgumentParser from utils.log import log_error, log_success, log_info -from elfesteem.elf_init import ELF +from miasm.loader.elf_init import ELF from sibyl.heuristics.func import FuncHeuristic match_C = re.compile("\w+[ \*]+(\w+)\(.*\)") diff --git a/test/learn/run_tests.py b/test/learn/run_tests.py index 1efe9e3..f59984e 100644 --- a/test/learn/run_tests.py +++ b/test/learn/run_tests.py @@ -5,8 +5,8 @@ import imp from utils.log import log_error, log_success, log_info -from miasm2.analysis.machine import Machine -from miasm2.analysis.binary import Container +from miasm.analysis.machine import Machine +from miasm.analysis.binary import Container from sibyl.testlauncher import TestLauncher from sibyl.abi.x86 import ABI_AMD64_SYSTEMV