Skip to content

Instantly share code, notes, and snippets.

@Auxy233 Auxy233/__init__.py
Created Mar 19, 2019

Embed
What would you like to do?
Baby Manchester Binary Ninja Module
from binaryninja import (Architecture, RegisterInfo, InstructionInfo,
InstructionTextToken, InstructionTextTokenType, InstructionTextTokenContext,
BranchType,
LowLevelILOperation, LLIL_TEMP,
LowLevelILLabel,
FlagRole,
LowLevelILFlagCondition,
log_error,
CallingConvention,
interaction,
PluginCommand, BackgroundTaskThread,
HighlightStandardColor
)
JMP = "000"
JRP = "100"
LDN = "010"
STO = "110"
CMP = "011"
STP = "111"
SUB = ["001", "101"]
def token(tokenType, text, data=None):
tokenType = {
'inst':InstructionTextTokenType.InstructionToken,
'text':InstructionTextTokenType.TextToken,
'addr':InstructionTextTokenType.PossibleAddressToken,
'sep':InstructionTextTokenType.OperandSeparatorToken,
'num':InstructionTextTokenType.IntegerToken
}[tokenType]
if data is None:
return InstructionTextToken(tokenType, text)
return InstructionTextToken(tokenType, text, data)
class Manch_Baby(Architecture):
name = "Manchester Baby"
address_size = 8
default_int_size = 4
max_instr_length = 8 # Each instruction is 3 dwords
regs = {'sp': RegisterInfo('sp', 8), 'accu': RegisterInfo('accu', 6)}
stack_pointer = 'sp'
accu = regs['accu']
def get_instruction_info(self, data, addr):
# Ensure data length
if len(data) < 8:
return None
# Extract 8 bytes data for one instruction
instruction = data[:8]
op_code = instruction[:3]
src = int(instruction[3:])
# Create InstructionInfo for customizing
res = InstructionInfo()
res.length = 8
# Add branch for abolute and relative address jump
if op_code == JMP:
res.add_branch(BranchType.UnconditionalBranch, src)
elif op_code == JRP:
res.add_branch(BranchType.UnconditionalBranch, addr + src)
elif op_code == CMP:
res.add_branch(BranchType.TrueBranch, addr + 16)
res.add_branch(BranchType.FalseBranch, addr + 8)
return res
def get_instruction_text(self, data, addr):
# If we can't decode an instruction return None
if len(data) < 8:
return None
instruction = data[:8]
op_code = instruction[:3]
src = int(instruction[3:])
tokens = []
# Parse op_code with src
if op_code in [LDN, STO]:
if op_code == LDN:
tokens.append(token('inst', '{:7s}'.format('LDN')))
elif op_code == STO:
tokens.append(token('inst', '{:7s}'.format('STO')))
tokens.append(token('text', '['))
tokens.append(token('addr', hex(src)))
tokens.append(token('text', ']'))
elif op_code in SUB:
tokens.append(token('inst', '{:7s}'.format('SUB')))
tokens.append(token('num', hex(src)))
elif op_code in [JMP, JRP]:
if op_code == JMP:
tokens.append(token('inst', '{:7s}'.format('JMP')))
tokens.append(token('addr', hex(src), src))
elif op_code == JRP:
tokens.append(token('inst', '{:7s}'.format('JRP')))
tokens.append(token('text', hex(addr)))
tokens.append(token('text', ' + '))
tokens.append(token('text', hex(src)))
elif op_code == CMP:
tokens.append(token('inst', '{:7s}'.format('CMP')))
tokens.append(token('addr', hex(addr + 16), addr + 16))
elif op_code == STP:
tokens.append(token('inst', '{:7s}'.format('STP')))
return tokens, 8
def get_instruction_low_level_il(self, data, addr, il):
if len(data) < 8:
return None
instruction = data[:8]
print(instruction)
op_code = instruction[:3]
src = int(instruction[3:])
if op_code in [LDN, STO]:
addr = il.const_pointer(5, src)
if op_code == LDN:
instru = il.store(5, addr, il.reg(5, 'accu'))
il.append(instru)
elif op_code == STO:
instru = il.set_reg(5, 'accu', il.load(5, addr))
il.append(instru)
elif op_code == CMP:
f_target = il.get_label_for_address(Architecture['Manchester Baby'], addr + 8)
t_target = il.get_label_for_address(Architecture['Manchester Baby'], addr + 16)
check_reg = il.compare_signed_greater_than(5, il.reg(5, 'accu'), il.const(5, 0))
il.append(il.if_expr(check_reg, t_target, f_target))
elif op_code in SUB:
val = il.const(5, src)
instru = il.set_reg(5, 'accu', il.sub(5, il.reg(5, 'accu'), val))
il.append(instru)
elif op_code == STP:
il.append(il.no_ret())
elif op_code == JMP:
il.append(il.jump(il.const_pointer(5, src)))
elif op_code == JRP:
il.append(il.jump(il.const_pointer(5, src + addr)))
return 8
Manch_Baby.register()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.