chomper下载 - chomper源代码下载

chomper

其他类别

v0.3.3

下载

Chomper

Chomper是基于独角兽的轻量级仿真框架。它主要用于模拟iOS可执行文件和库的安全算法。此外，它还为Android本机库提供了有限的支持。

特征

小精灵和马赫-O的基本仿真
支持一组iOS系统库（来自iOS 14.4.0）

要求

Python 3.8+
独角兽2.0.0+

安装

 $ pip install chomper

用法

模拟iOS可执行文件。

 import uuid

from chomper import Chomper
from chomper . const import ARCH_ARM64 , OS_IOS

# For iOS, system libraries will be automatically loaded from `rootfs_path`
emu = Chomper (
    arch = ARCH_ARM64 ,
    os_type = OS_IOS ,
    rootfs_path = "examples/rootfs/ios" ,
)

# Load main program
duapp = emu . load_module ( "examples/binaries/ios/com.siwuai.duapp/DUApp" )

s = "chomper"

# Construct arguments
a1 = emu . create_string ( "objc" )
a2 = emu . create_string ( s )
a3 = len ( s )
a4 = emu . create_string ( str ( uuid . uuid4 ()))
a5 = emu . create_buffer ( 8 )
a6 = emu . create_buffer ( 8 )
a7 = emu . create_string ( "com.siwuai.duapp" )

# Call function
emu . call_address ( duapp . base + 0x109322118 , a1 , a2 , a3 , a4 , a5 , a6 , a7 )
result = emu . read_string ( emu . read_pointer ( a5 ))

与Objective-C一起工作。

 from chomper import Chomper
from chomper . const import ARCH_ARM64 , OS_IOS
from chomper . objc import ObjC

emu = Chomper (
    arch = ARCH_ARM64 ,
    os_type = OS_IOS ,
    rootfs_path = "examples/rootfs/ios" ,
)

objc = ObjC ( emu )

emu . load_module ( "examples/binaries/ios/cn.com.scal.sichuanair/zsch" )

# Use this context manager to ensure that Objective-C objects can be automatically released
with objc . autorelease_pool ():
    # Construct NSString object
    a1 = objc . msg_send ( "NSString" , "stringWithUTF8String:" , "test" )

    # Call Objective-C method
    req_sign = objc . msg_send ( "ZSCHRSA" , "getReqSign:" , a1 )

    # Convert NSString object to C string
    result_ptr = objc . msg_send ( req_sign , "cStringUsingEncoding:" , 4 )
    result = emu . read_string ( result_ptr )

效仿Android本地库。

 from chomper import Chomper
from chomper . const import ARCH_ARM64 , OS_ANDROID

emu = Chomper ( arch = ARCH_ARM64 , os_type = OS_ANDROID )

# Load C standard and other libraries
emu . load_module ( "examples/rootfs/android/system/lib64/libc.so" )
emu . load_module ( "examples/rootfs/android/system/lib64/libz.so" )

libszstone = emu . load_module (
    "examples/binaries/android/com.shizhuang.duapp/libszstone.so" ,
    exec_init_array = True ,
)

s = "chomper"

a1 = emu . create_string ( s )
a2 = len ( s )
a3 = emu . create_buffer ( 1024 )

result_size = emu . call_address ( libszstone . base + 0x2F1C8 , a1 , a2 , a3 )
result = emu . read_bytes ( a3 , result_size )