Last active
August 18, 2021 00:02
-
-
Save dmknght/9ee5977729ed4f7e3ae3d3376441e22d to your computer and use it in GitHub Desktop.
Quick and ugly script to parse section hashes from rizin's rz-bin and get same hashes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import osproc | |
import os | |
import strutils | |
import sequtils | |
const | |
whitelisted_hashes_db_name = "whitelisted_hashes" | |
proc get_file_hashes(file_name: string): string = | |
const | |
command = "rz-bin -j -S -K md5 " | |
let exec_command = command & file_name & " 2>/dev/null" | |
return execProcess(exec_command) | |
proc check_tool_exists(): int = | |
const | |
command = "rz-bin -h 1>/dev/null" | |
return execCmd(command) | |
proc get_hashes_from_json(obj: string): seq[string] = | |
let sections = obj.parseJson() | |
if len(sections["sections"]) != 0: | |
for section in sections["sections"]: | |
if section.hasKey("md5"): | |
result.add(section["md5"].getStr()) | |
proc get_whitelisted_hashes(): seq[string] = | |
for kind, path in walkDir("/usr/bin/"): | |
result = concat(result, get_hashes_from_json(get_file_hashes(path))) | |
# let sections = get_file_hashes(path).parseJson() | |
# if len(sections["sections"]) != 0: | |
# for section in sections["sections"]: | |
# if section.hasKey("md5"): | |
# result.add(section["md5"].getStr()) | |
proc save_whitelisted_hashes() = | |
let whitelisted_hashes = deduplicate(get_whitelisted_hashes()) | |
writeFile(whitelisted_hashes_db_name, join(whitelisted_hashes, "\n")) | |
proc print_help() = | |
echo "Section hashes parser using Rizin framework" | |
echo "Usage: " & paramStr(0) & " file1 file2 ... fileN" | |
proc parse_args(): seq[string] = | |
if paramCount() == 0: | |
print_help() | |
return | |
elif paramCount() == 1: | |
if paramStr(1) in ["-h", "--h", "-help", "--help", "help"]: | |
print_help() | |
return | |
else: | |
if fileExists(paramStr(1)): | |
result.add(paramStr(1)) | |
else: | |
echo "Invalid file " & paramStr(1) | |
print_help() | |
return | |
else: | |
for i in 1 .. paramCount(): | |
if fileExists(paramStr(i)): | |
result.add(paramStr(i)) | |
else: | |
echo "Invalid file " & paramStr(i) | |
print_help() | |
return | |
proc get_hashes_for_user(file_names: seq[string]): seq[string] = | |
if len(file_names) == 1: | |
echo "Only 1 file is provided." | |
let section = get_file_hashes(file_names[0]) | |
result = get_hashes_from_json(section) | |
else: | |
let | |
first_sections = get_file_hashes(file_names[0]) | |
# first_section_hashes = get_hashes_from_json(first_section) | |
result = get_hashes_from_json(first_sections) | |
# echo result | |
for i in 1 .. len(file_names) - 1: | |
let | |
sections = get_file_hashes(file_names[i]) | |
section_hashes = get_hashes_from_json(sections) | |
var tmp_hashes: seq[string] | |
for section_hash in section_hashes: | |
if section_hash in result: | |
tmp_hashes.add(section_hash) | |
if len(tmp_hashes) != 0: | |
result = tmp_hashes | |
else: | |
echo "No same hashed" | |
return @[] | |
if len(result) != 0: | |
echo "Found same hashes" | |
for section in first_sections.parseJson()["sections"]: | |
if section.hasKey("md5"): | |
if section["md5"].getStr in result: | |
echo "MD5: " & section["md5"].getStr & " Name: " & section["name"].getStr | |
proc main() = | |
# TODO handle file input here | |
# TODO generate whitelist hashes here | |
if check_tool_exists() != 1: | |
echo "Error: \"rz-bin\" not found. Please install rizin or check your installation" | |
return | |
let user_files = parse_args() | |
if len(user_files) == 0: | |
return | |
let hashes = get_hashes_for_user(user_files) | |
if len(hashes) == 0: | |
return | |
if not fileExists(whitelisted_hashes_db_name): | |
echo "Generating whitelisted hashes for sections" | |
echo "All sections are from /usr/bin/" | |
save_whitelisted_hashes() | |
let whitelisted_hashes = readFile(whitelisted_hashes_db_name).split("\n") | |
var safe_hashes: seq[string] | |
for hash in hashes: | |
if hash in whitelisted_hashes: | |
discard | |
else: | |
safe_hashes.add(hash) | |
if len(safe_hashes) == 0: | |
echo "No safe hashes" | |
else: | |
echo safe_hashes | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment