Page 1 of 1

Request: jtool flag for disassembling raw machine code

PostPosted: Thu Mar 31, 2016 11:41 pm
by Siguza
Hey J

Could you please add an option to jtool to treat the input file as raw machine code?
That couldn't be used for anything but disassembling of course, but I find myself in need of that every other time I try to dig into payloads.
Maybe something like -dm[arch]? I'd very much appreciate that.

Also, I've noticed that the help page (no options) prints these three lines:
Code: Select all
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:05

Usage: jtool [options] _filename_
to stderr, and the rest to stdout. I doubt anyone's gonna die over this, but still, it's probably not intended.

-Sig

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Fri Apr 01, 2016 2:07 am
by morpheus
Fixed that stderr/stdout thing. Very astute. Btw, your version is obsolete!

Getting to work on -dm. That's a good idea.

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Fri Apr 01, 2016 11:18 am
by Siguza
Huh, obsolete?
I downloaded the newest tarball only two minutes before posting this, and I just tried again, it's still at v0.98.99999.

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Fri Apr 01, 2016 12:00 pm
by morpheus
Note compilation date. Feb 13. Should be 3/16. New version will come out soon with some significant new features!

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Fri Apr 01, 2016 12:58 pm
by Siguza
3/16? As in, March?

Code: Select all
bash$ curl http://www.newosxbook.com/files/jtool.tar 2>/dev/null | tar -xO jtool | egrep -a 'This is jtool .*, compiled on .*$'
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:05
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:07
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:06

(Also, where are these other two strings coming from?)

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Fri Apr 01, 2016 1:33 pm
by morpheus
So.. you can now use what(1) - would be easier - to figure out the version (and also LC_SOURCE_VERSION).

And I rushed to upload a fresh build. Might be a tad unstable as I'm putting in decompilation callbacks in machlib (to allow joker to symbolicate more kernel functions). But this will still get you several significant fixes and features over the Feb version - check WhatsNew.txt as usual.

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Wed Apr 13, 2016 2:24 pm
by morpheus
... and btw, now disarm 0.3 dumps raw machine code. v0.4 will also follow registers, bringing it on par with jtool.

I hope you'll find it useful. Aside from people who insist on using capstone, that is...

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Wed Apr 13, 2016 10:13 pm
by Siguza
You know, capstone just sort of lacks a "j" somewhere...

Mocking aside, I downloaded disarm pretty much the moment I saw your twitter post.
Thanks again for all your work. :)

Re: Request: jtool flag for disassembling raw machine code

PostPosted: Wed Apr 13, 2016 11:08 pm
by morpheus
Well, expect that register functionality pretty soon - and expect ARMv7 to be making a come back to both jtool and disarm (they use the same library anyway :-)

And I'd like to reiterate to my readers:

I have not, do not, and will not use capstone, libopcodes, or any other library besides 100% J-Code. It might be buggier because of that, but at least I know *exactly* what it does and can fix it - I just need my users' help in reporting bugs , rather than saying "$#%$#%$# this, I'll use capstone instead" (which is what made me mention them there in the first place after a post by user moshe..)