Skip to content

Commit

Permalink
ELF support
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-urly
c-urly committed Mar 14, 2024
1 parent ac42dbe commit ad03ea5
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 16 deletions.
2 changes: 1 addition & 1 deletion floss/const.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
KILOBYTE = 1024
MEGABYTE = 1024 * KILOBYTE
MAX_FILE_SIZE = 16 * MEGABYTE
SUPPORTED_FILE_MAGIC = {b"MZ"}
SUPPORTED_FILE_MAGIC = {b"MZ", b"\x7fELF"}
MIN_STRING_LENGTH = 4
MAX_STRING_LENGTH = 2048

Expand Down
50 changes: 35 additions & 15 deletions floss/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,11 @@ class StringType(str, Enum):
DECODED = "decoded"


class FileType:
PE = False
ELF = False


class WorkspaceLoadError(ValueError):
pass

Expand Down Expand Up @@ -200,9 +205,11 @@ def make_parser(argv):
type=str,
choices=[l.value for l in Language if l != Language.UNKNOWN],
default=Language.UNKNOWN.value,
help="use language-specific string extraction, auto-detect language by default, disable using 'none'"
if show_all_options
else argparse.SUPPRESS,
help=(
"use language-specific string extraction, auto-detect language by default, disable using 'none'"
if show_all_options
else argparse.SUPPRESS
),
)
advanced_group.add_argument(
"-l",
Expand All @@ -215,9 +222,11 @@ def make_parser(argv):
type=lambda x: int(x, 0x10),
default=None,
nargs="+",
help="only analyze the specified functions, hex-encoded like 0x401000, space-separate multiple functions"
if show_all_options
else argparse.SUPPRESS,
help=(
"only analyze the specified functions, hex-encoded like 0x401000, space-separate multiple functions"
if show_all_options
else argparse.SUPPRESS
),
)
advanced_group.add_argument(
"--disable-progress",
Expand All @@ -228,17 +237,21 @@ def make_parser(argv):
"--signatures",
type=str,
default=SIGNATURES_PATH_DEFAULT_STRING,
help="path to .sig/.pat file or directory used to identify library functions, use embedded signatures by default"
if show_all_options
else argparse.SUPPRESS,
help=(
"path to .sig/.pat file or directory used to identify library functions, use embedded signatures by default"
if show_all_options
else argparse.SUPPRESS
),
)
advanced_group.add_argument(
"-L",
"--large-file",
action="store_true",
help="allow processing files larger than {} MB".format(int(MAX_FILE_SIZE / MEGABYTE))
if show_all_options
else argparse.SUPPRESS,
help=(
"allow processing files larger than {} MB".format(int(MAX_FILE_SIZE / MEGABYTE))
if show_all_options
else argparse.SUPPRESS
),
)
advanced_group.add_argument(
"--version",
Expand Down Expand Up @@ -356,9 +369,13 @@ def is_supported_file_type(sample_file_path: Path):
:return: True if file type is supported, False otherwise
"""
with sample_file_path.open("rb") as f:
magic = f.read(2)
magic = f.read(4)

if magic in SUPPORTED_FILE_MAGIC:
FileType.ELF = True
return True
elif magic[:2] in SUPPORTED_FILE_MAGIC:
FileType.PE = True
return True
else:
return False
Expand Down Expand Up @@ -390,7 +407,8 @@ def load_vw(
else:
vw = viv_utils.getWorkspace(str(sample_path), analyze=False, should_save=False)

viv_utils.flirt.register_flirt_signature_analyzers(vw, list(map(str, sigpaths)))
if not FileType.ELF:
viv_utils.flirt.register_flirt_signature_analyzers(vw, list(map(str, sigpaths)))

vw.analyze()

Expand Down Expand Up @@ -547,14 +565,16 @@ def main(argv=None) -> int:
return 0

static_runtime = get_runtime_diff(interim)
if not is_supported_file_type(sample):
logger.error("FileType not Supported")

# set language configurations
selected_lang = Language(args.language)
if selected_lang == Language.DISABLED:
results.metadata.language = ""
results.metadata.language_version = ""
results.metadata.language_selected = ""
else:
elif FileType.PE:
lang_id, lang_version = identify_language_and_version(sample, static_strings)

if selected_lang == Language.UNKNOWN:
Expand Down

0 comments on commit ad03ea5

Please sign in to comment.