-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathkip1converter.py
47 lines (33 loc) · 988 Bytes
/
kip1converter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
from struct import pack, unpack
from sys import argv
from pwn import context, asm
context.arch = 'aarch64'
# https://github.com/Gallopsled/pwntools/tree/dev3
TEXT_OFFSET = 0x100000
f = open(argv[1], "rb")
header_start = f.read(0x20)
section_names = [".text", ".rodata", ".data", ".bss"]
sections = []
for i in range(6):
section_bytes = f.read(0x10)
section = {}
if i < len(section_names):
section["Name"] = section_names[i]
section["OutOffset"], section["DecompressedSize"], section["CompressedSize"], section["Attribute"] = unpack(
"IIII", section_bytes)
sections.append(section)
print(section)
f.seek(0x100)
#discard kernel caps...
for i in range(3):
section = sections[i]
section["Buffer"] = f.read(section["DecompressedSize"])
print(f.read())
f.close()
f = open(argv[2], "wb")
for i in range(3):
section = sections[i]
f.seek(section["OutOffset"])
f.write(section["Buffer"])
f.seek(TEXT_OFFSET-1)
f.write(b'\0')