Skip to content

Instantly share code, notes, and snippets.

@matteyeux
Last active August 21, 2024 12:37
Show Gist options
  • Save matteyeux/e3e1f612485070a674c310916146c7f6 to your computer and use it in GitHub Desktop.
Save matteyeux/e3e1f612485070a674c310916146c7f6 to your computer and use it in GitHub Desktop.
Binary Ninja snippet to symbolize sptm
# void _panic(char const* func, char const* str, ...)
def get_panic():
for s in bv.strings:
if "somehow a violation was triggered in early boot" in s.value:
break
ref = list(bv.get_code_refs(s.start))[0]
real_panic = bv.get_functions_containing(ref.address)[0]
panic_ref = list(bv.get_code_refs(real_panic.start))[0]
panic_wrapper = bv.get_functions_containing(panic_ref.address)[0]
panic_wrapper.name = "_panic"
return panic_wrapper
panic = get_panic()
panic_xrefs = bv.get_code_refs(panic.start)
old_name = None
for ref in panic_xrefs:
hlil_ref = ref.hlil
if hlil_ref is None:
continue
target = hlil_ref.params[2]
if isinstance(target, binaryninja.highlevelil.HighLevelILVar):
continue
function_name = str(target).replace('"', '')
if function_name == old_name:
continue
old_name = function_name
print(function_name)
ref.function.name = f"_{function_name}"
>>> d = {}
... for f in bv.functions:
... 	if "sub_" not in f.name:
... 		d[f.name] = hex(f.start)
... 
... pprint(d)
... 
{'_acquire_root_pt': '0xfffffff00708af58',
 '_acquire_shared_root_pt': '0xfffffff00708d948',
 '_acquire_user_root_pt': '0xfffffff00708e090',
 '_copy_array_to_scratch': '0xfffffff007082850',
 '_cpu_page_table_retype_out': '0xfffffff007086e54',
 '_cpu_root_table_retype_out': '0xfffffff0070871ec',
 '_dispatch_table_lookup': '0xfffffff0070899b8',
 '_enforce_paddr_managed': '0xfffffff007076fb8',
 '_frame_acquire': '0xfffffff007087980',
 '_genter_dispatch_entry': '0xfffffff007089eb4',
 '_get_ptep': '0xfffffff007082ad0',
 '_helper_validate_aligned_vaddr_range': '0xfffffff00708c4d4',
 '_iommu_frame_acquire': '0xfffffff007088db8',
 '_iommu_update_page_refcount': '0xfffffff007089270',
 '_iommu_validate_instance': '0xfffffff007088cc0',
 '_panic': '0xfffffff00708ef5c',
 '_rc16_try_inc': '0xfffffff007087fac',
 '_refcounts_update_page_op': '0xfffffff007088164',
 '_sart_add_region': '0xfffffff007077460',
 '_sk_types_retype_out': '0xfffffff007086ab4',
 '_sptm_auth_user_pointer': '0xfffffff00708ecb8',
 '_sptm_cpu_id': '0xfffffff0070737e4',
 '_sptm_disjoint_op': '0xfffffff00708cdd0',
 '_sptm_dispatch': '0xfffffff00708a00c',
 '_sptm_map_page': '0xfffffff00708a788',
 '_sptm_map_table': '0xfffffff00708b23c',
 '_sptm_nest_region': '0xfffffff00708dad8',
 '_sptm_nvme_set_sq_entry': '0xfffffff007075444',
 '_sptm_nvme_unmap_pages': '0xfffffff007075680',
 '_sptm_register_cpu': '0xfffffff0070730ac',
 '_sptm_register_dispatch_table': '0xfffffff007089dc4',
 '_sptm_register_xnu_exc_return': '0xfffffff007089f84',
 '_sptm_retype': '0xfffffff00708a250',
 '_sptm_sart_set_state': '0xfffffff0070778a0',
 '_sptm_sart_unmap_region': '0xfffffff007076d04',
 '_sptm_sign_user_pointer': '0xfffffff00708ebf8',
 '_sptm_slide_region': '0xfffffff007073500',
 '_sptm_t8110dart_clamp_tlimits': '0xfffffff0070789e4',
 '_sptm_t8110dart_clear_all_interrupts': '0xfffffff0070792dc',
 '_sptm_t8110dart_clear_err': '0xfffffff0070795b0',
 '_sptm_t8110dart_clear_perf_interrupts': '0xfffffff007079478',
 '_sptm_t8110dart_disable_translation': '0xfffffff007079ad8',
 '_sptm_t8110dart_enable_translation': '0xfffffff00707985c',
 '_sptm_t8110dart_init': '0xfffffff007079d90',
 '_sptm_t8110dart_map_table': '0xfffffff00707de64',
 '_sptm_t8110dart_powerdown': '0xfffffff00707bd78',
 '_sptm_t8110dart_powerup': '0xfffffff00707ae38',
 '_sptm_t8110dart_query_tlb': '0xfffffff007078fec',
 '_sptm_t8110dart_read_smmu_stt_index': '0xfffffff007078c2c',
 '_sptm_t8110dart_set_smmu_window': '0xfffffff007078e10',
 '_sptm_t8110dart_sk_tlbi_barier': '0xfffffff00707e824',
 '_sptm_t8110dart_sk_tlbi_request': '0xfffffff00707e8ac',
 '_sptm_uat_destroy_state': '0xfffffff0070716e8',
 '_sptm_uat_get_info': '0xfffffff00706e97c',
 '_sptm_uat_map_table': '0xfffffff00707135c',
 '_sptm_uat_prepare_fw_unmap_begin': '0xfffffff0070707c0',
 '_sptm_uat_prepare_fw_unmap_continue': '0xfffffff0070704d4',
 '_sptm_uat_remove_ctx_id': '0xfffffff00706eb14',
 '_sptm_uat_set_ctx_id': '0xfffffff00706f340',
 '_sptm_uat_unmap_continue': '0xfffffff00706f628',
 '_sptm_uat_unmap_table': '0xfffffff0070710c8',
 '_sptm_unmap_table': '0xfffffff00708b998',
 '_sptm_unnest_region': '0xfffffff00708e220',
 '_sptm_update_disjoint': '0xfffffff00708d2b4',
 '_sptm_update_disjoint_multipage': '0xfffffff00708d38c',
 '_start': '0xfffffff007068388',
 '_t8110dart_addr_to_page': '0xfffffff00707edf8',
 '_t8110dart_addr_to_te_phy': '0xfffffff00707dbf0',
 '_t8110dart_retype_in': '0xfffffff00707eb94',
 '_t8110dart_walk_tables': '0xfffffff00707c790',
 '_table_acquire': '0xfffffff007087b48',
 '_uat_acquire_and_validate_pt_paddr': '0xfffffff0070715d4',
 '_uat_copy_segments_locally': '0xfffffff0070702a8',
 '_uat_get_table_ttep': '0xfffffff00706fba0',
 '_uat_retype_in': '0xfffffff007071b18',
 '_uat_retype_out': '0xfffffff007071a8c',
 '_uat_state_object_acquire': '0xfffffff00706ee50',
 '_uat_validate_map_segment': '0xfffffff007070978',
 '_uat_validate_paddr': '0xfffffff007070eb4',
 '_uat_validate_unmap_segment': '0xfffffff00706f8a4',
 '_uat_validate_vaddr': '0xfffffff00706fe54',
 '_unmap_preflight_op': '0xfffffff00708c714',
 '_update_preflight_op': '0xfffffff00708c8fc',
 '_uuc_unmap_pte_update': '0xfffffff00706ffec',
 '_validate_aligned_vaddr': '0xfffffff00708b0e8',
 '_validate_cid': '0xfffffff007075968',
 '_validate_iommu_id': '0xfffffff007086d60',
 '_validate_managed_addr': '0xfffffff00708ccbc',
 '_validate_nvme_call_allowed': '0xfffffff007075ffc',
 '_validate_pt_level': '0xfffffff007086ef0',
 '_validate_root_config': '0xfffffff00708e65c',
 '_validate_root_flags': '0xfffffff007087464',
 '_validate_vaddr_range_leaf': '0xfffffff00708bfe0',
 '_validate_vaddr_range_twig': '0xfffffff00708d794',
 '_xnu_default_retype_out': '0xfffffff007086fec',
 '_xnu_exec_retype_out': '0xfffffff007086f60',
 '_xnu_iommu_retype_out': '0xfffffff007086c48',
 '_xnu_rozone_retype_out': '0xfffffff007086bac',
 'main': '0xfffffff00706b000'}
 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment