dweinstein/capstone_arm.py

## capstone_arm.py
#!/usr/bin/env python
import capstone
import binascii
import sys

class Data(object):
  def __init__(self):
    pass

  def slurp(self):
    #import fileinput
    accum = ''
    for line in sys.stdin:
      accum += line.strip()
    self.data = accum
    return self

  def preprocess(self):
    return self.data.replace(" ", "").strip()


def to_hex(s):
    return " ".join("0x" + "{0:x}".format(ord(c)).zfill(2) for c in s) # <-- Python 3 is OK

def decompile(
    code,
    arch=capstone.CS_ARCH_ARM,
    mode=capstone.CS_MODE_ARM,
    comment="ARM",
    syntax=0,
    addr=0x1000):
  print('*' * 16)
  print("Platform: %s" % comment)
  print('*' * 16)
  #print("Code: %s" % to_hex(code))
  try:
    md = capstone.Cs(arch, mode)

    if syntax != 0:
        md.syntax = syntax

    for (addr, size, mnemonic, op_str) in md.disasm_lite(code, addr):
        print("0x%x:\t%s\t%s" % (addr, mnemonic, op_str))
        #print("0x%x:" % (addr + size))

    print
  except capstone.CsError as e:
    print("ERROR: %s" % e)

def contains_hex(s):
  if s.startswith('0x'):
    return True
  import re
  pattern = re.compile('[abcdefABCDEF]')
  return bool(re.search(pattern, s))

def to_addr(s):
  if isinstance(s, int):
    return s
  elif isinstance(s, str):
    if contains_hex(s):
      base = 16
    else:
      base = 10
    return int(s, base)
  else:
    raise RuntimeError


import argparse
parser = argparse.ArgumentParser(description='method scanner')
parser.add_argument('--start', type=str, default='0x1000', help='start address')
args = parser.parse_args()

DISASM_OPT=((capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB + capstone.CS_MODE_LITTLE_ENDIAN, "ARM", 0),)
code = binascii.unhexlify(Data().slurp().preprocess())

for (arch, mode, comment, syntax) in DISASM_OPT:
  decompile(code, arch, mode, comment, syntax, to_addr(args.start))


## test_capstone_arm.md

      
    Raw
  

              test_capstone_arm.md
            
          
    ➜  ~  cat pc.txt 
I/DEBUG   (  169):     7594b840 ff58f002 f0021c28 1c06ffcf f0021c28  
I/DEBUG   (  169):     7594b850 1c31ffc8 a8091c02 ffb2f002 f0021c28  
I/DEBUG   (  169):     7594b860 7803ffc3 2bbe9407 1c28d005 ffbcf002  
I/DEBUG   (  169):     7594b870 f002a809 a813ffb6 f000a909 2400fa91  
I/DEBUG   (  169):     7594b880 42a01c06 a813d16b f961f000 90031c04  
I/DEBUG   (  169):     7594b890 d0642800 1c222480 a8231c31 e852f7ff  
I/DEBUG   (  169):     7594b8a0 aa0aa923 940aa813 f9dbf000 f0021c38  
I/DEBUG   (  169):     7594b8b0 a923ffa4 1c389a0a ff82f002 f000a813  
I/DEBUG   (  169):     7594b8c0 9b06f948 1c051c01 24016018 d046310d  
I/DEBUG   (  169):     7594b8d0 33661c03 1c34d043 d1402800 f001a80b  
I/DEBUG   (  169):     7594b8e0 a813fbcb f961f000 aa0b9903 f7ff9b05  
I/DEBUG   (  169):     7594b8f0 1e04ff33 a80fd030 fbbef001 f001a80b  
I/DEBUG   (  169):     7594b900 1c06fc1d f001a80b 1c07fc15 f000a813  
I/DEBUG   (  169):     7594b910 9003f95c f000a813 1c04f982 f000a813  
I/DEBUG   (  169):     7594b920 1c39f98f aa0f9001 9b031c30 f0009400  
I/DEBUG   (  169):     7594b930 1c2cf899 d10c2800 f001a80f 1c04fbff  

➜  ~  cut -d ' ' -f12- pc.txt | python capstone_arm.py --start 7594b840
****************
Platform: ARM THUMB LE
****************
0x7594b840:	ldr	r7, [r7, r3]
0x7594b842:	lsls	r0, r6, #0xb
0x7594b844:	lsls	r0, r6, #0xb
0x7594b846:	cmp	r0, #0x1c
0x7594b848:	lsls	r4, r3, #0x18
0x7594b84a:	ldm	r7, {r0, r1, r2, r3, r4, r5, r6, r7}
0x7594b84c:	lsls	r0, r6, #0xb
0x7594b84e:	cmp	r0, #0x1c
0x7594b850:	adds	r1, #0x1c
0x7594b852:	ldm	r0, {r0, r1, r2, r3, r4, r5, r6, r7}
0x7594b854:	lsrs	r0, r5, #6
0x7594b856:	lsls	r4, r3, #8
0x7594b858:	uxtb	r7, r7
0x7594b85a:	lsls	r0, r6, #0xb
0x7594b85c:	lsls	r0, r6, #0xb
0x7594b85e:	cmp	r0, #0x1c
0x7594b860:	lsls	r0, r7, #0xd
0x7594b862:	stm	r3!, {r0, r1, r2, r3, r4, r5, r6, r7}
0x7594b864:	bkpt	#0x2b
0x7594b866:	lsls	r4, r2, #0x1e
0x7594b868:	cmp	r0, #0x1c
0x7594b86a:	lsls	r0, r2, #0x17
0x7594b86c:	pop	{r0, r1, r2, r3, r4, r5, r6, r7}
0x7594b86e:	lsls	r0, r6, #0xb
0x7594b870:	lsls	r0, r6, #0xb
0x7594b872:	lsrs	r0, r5, #6
0x7594b874:	asrs	r0, r5, #0xe
	#!/usr/bin/env python
	import capstone
	import binascii
	import sys

	class Data(object):
	def __init__(self):
	pass

	def slurp(self):
	#import fileinput
	accum = ''
	for line in sys.stdin:
	accum += line.strip()
	self.data = accum
	return self

	def preprocess(self):
	return self.data.replace(" ", "").strip()


	def to_hex(s):
	return " ".join("0x" + "{0:x}".format(ord(c)).zfill(2) for c in s) # <-- Python 3 is OK

	def decompile(
	code,
	arch=capstone.CS_ARCH_ARM,
	mode=capstone.CS_MODE_ARM,
	comment="ARM",
	syntax=0,
	addr=0x1000):
	print('' 16)
	print("Platform: %s" % comment)
	print('' 16)
	#print("Code: %s" % to_hex(code))
	try:
	md = capstone.Cs(arch, mode)

	if syntax != 0:
	md.syntax = syntax

	for (addr, size, mnemonic, op_str) in md.disasm_lite(code, addr):
	print("0x%x:\t%s\t%s" % (addr, mnemonic, op_str))
	#print("0x%x:" % (addr + size))

	print
	except capstone.CsError as e:
	print("ERROR: %s" % e)

	def contains_hex(s):
	if s.startswith('0x'):
	return True
	import re
	pattern = re.compile('[abcdefABCDEF]')
	return bool(re.search(pattern, s))

	def to_addr(s):
	if isinstance(s, int):
	return s
	elif isinstance(s, str):
	if contains_hex(s):
	base = 16
	else:
	base = 10
	return int(s, base)
	else:
	raise RuntimeError


	import argparse
	parser = argparse.ArgumentParser(description='method scanner')
	parser.add_argument('--start', type=str, default='0x1000', help='start address')
	args = parser.parse_args()

	DISASM_OPT=((capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB + capstone.CS_MODE_LITTLE_ENDIAN, "ARM", 0),)
	code = binascii.unhexlify(Data().slurp().preprocess())

	for (arch, mode, comment, syntax) in DISASM_OPT:
	decompile(code, arch, mode, comment, syntax, to_addr(args.start))