barrebas/libc_id.py

## libc_id.py

import sys
import glob
import commands

def search_dumps(function1, function2, diff):
	addr1 = 0
	addr2 = 0

	# open all libc.so files
	for f in glob.glob("./libc-*.so"):

		# use nm -D to dump a list of functions and their addresses
		function_list = commands.getoutput('nm -D {}'.format(f))

		# commands.getoutput returns one long string, need to split it
		lines = function_list.split('\n')

		# scan each line
		for line in lines:
			# some lines do not contain valid info, so skip them.
			try:
				(addr, c, name) = line.split()
			except:
				pass

			if (name == function1):
				addr1 = int(addr, 16)
			if (name == function2):
				addr2 = int(addr, 16)

		if abs(addr1-addr2) == diff:
			print "[+] found possible match: {}".format(f)
			print "    {} \t-> {}".format(function1, hex(addr1))
			print "    {} \t-> {}".format(function2, hex(addr2))


if __name__ == '__main__':

	print "[+] ctf libc identifier by @barrebas"

	if len(sys.argv) < 4:

		print '''searches the libc-*.so files in the current directory for function1, function2 and the difference between their addresses

  usage:
		python {} <function1> <function2> <difference>
		-- ex: python {} printf puts 0x19810
		'''.format(sys.argv[0], sys.argv[0])
		exit(0)

	func1 = sys.argv[1]
	func2 = sys.argv[2]

	if "0x" in sys.argv[3]:
		diff = int(sys.argv[3], 16)
	else:
		diff = int(sys.argv[3])

	print "[+] searching for {} and {} with difference {}".format(func1, func2, diff)

	# iterate over all the libc-*.so files
	search_dumps(func1, func2, diff)

	import sys
	import glob
	import commands

	def search_dumps(function1, function2, diff):
	addr1 = 0
	addr2 = 0

	# open all libc.so files
	for f in glob.glob("./libc-*.so"):

	# use nm -D to dump a list of functions and their addresses
	function_list = commands.getoutput('nm -D {}'.format(f))

	# commands.getoutput returns one long string, need to split it
	lines = function_list.split('\n')

	# scan each line
	for line in lines:
	# some lines do not contain valid info, so skip them.
	try:
	(addr, c, name) = line.split()
	except:
	pass

	if (name == function1):
	addr1 = int(addr, 16)
	if (name == function2):
	addr2 = int(addr, 16)

	if abs(addr1-addr2) == diff:
	print "[+] found possible match: {}".format(f)
	print " {} \t-> {}".format(function1, hex(addr1))
	print " {} \t-> {}".format(function2, hex(addr2))


	if __name__ == '__main__':

	print "[+] ctf libc identifier by @barrebas"

	if len(sys.argv) < 4:

	print '''searches the libc-*.so files in the current directory for function1, function2 and the difference between their addresses

	usage:
	python {} <function1> <function2> <difference>
	-- ex: python {} printf puts 0x19810
	'''.format(sys.argv[0], sys.argv[0])
	exit(0)

	func1 = sys.argv[1]
	func2 = sys.argv[2]

	if "0x" in sys.argv[3]:
	diff = int(sys.argv[3], 16)
	else:
	diff = int(sys.argv[3])

	print "[+] searching for {} and {} with difference {}".format(func1, func2, diff)

	# iterate over all the libc-*.so files
	search_dumps(func1, func2, diff)