Coder Social home page Coder Social logo

ghidra_scripts's Introduction

Ghidra scripts to support IOT exploitation. Some of the scripts are a port of devttyS0 IDA plugins and others are new scripts that I found a need for. To install, clone and add the script directory via Ghidra's Script Manager. If you check the 'In Tool' checkbox they will appear under a 'TNS' tag.

Scripts

Below is a simple overview of the available scripts. If the scripts are broken up into multiple parts then bullets are given with high level overviews. Click on the link for each to see a more in-depth explanation with screenshots.

ARM ROP Finder

Script to find and support finding ARM ROP gadgets.

  • Gadgets

    • Find double jumps.
    • Move small value to r0.
    • Get control of more or different registers.
    • Move values between registers.
    • Find strings or shellcode on the stack.
    • Find custom gadgets based on regular expressions.
    • Gadgets to call system with a string argument in r0.

  • Support

    • Convert entire program to Thumb instructions.
    • List summary of saved gadgets.

Call Chain

Find call chains between two user specified functions. Results are displayed in a png.

Codatify

  • Fixup code - defines all undefined data in the .text section as code and creates a function if it can.
  • Fixup data - define uninitialized strings and pointers. Searches for function tables and renames functions based on their discovery.

Fluorescence

Highlight function calls.

Function Profiler

Display cross refs from the current function.

Leaf Blower

  • Format Strings - Find functions that accept format strings as parameters.
  • Leaf Functions - Identify potential leaf functions such as strcpy, strlen, etc.

Local Cross References

Find references to items in the current function.

MIPS ROP Finder

Scripts to find and support finding MIPS ROP gadgets.

  • Gadgets

    • Double Jumps
    • Epilogue
    • Find custom gadgets
    • Indirect Return
    • li a0
    • Prologue
    • System Gadgets

  • Chain Builder

    • Build ROP chain to call shellcode
    • Build ROP chain to call system with controllable string.

  • Support

    • Summary

Operator

Display all calls to a function and identify the source of the parameters it is called with taking variadic arguments into account if they are present.

Rename Variables

Rename saved stack variables. (MIPS only)

Rizzo

Create fuzzy function signatures that can be applied to other projects.

ghidra_scripts's People

Contributors

astrelsky avatar fuzzywalls avatar velocityra avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.