Request: jtool flag for disassembling raw machine code

Used for discussing the various tools in the book as well as encouraging members to share tools

Request: jtool flag for disassembling raw machine code

Postby Siguza » Thu Mar 31, 2016 11:41 pm

Hey J

Could you please add an option to jtool to treat the input file as raw machine code?
That couldn't be used for anything but disassembling of course, but I find myself in need of that every other time I try to dig into payloads.
Maybe something like -dm[arch]? I'd very much appreciate that.

Also, I've noticed that the help page (no options) prints these three lines:
Code: Select all
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:05

Usage: jtool [options] _filename_
to stderr, and the rest to stdout. I doubt anyone's gonna die over this, but still, it's probably not intended.

-Sig
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Request: jtool flag for disassembling raw machine code

Postby morpheus » Fri Apr 01, 2016 2:07 am

Fixed that stderr/stdout thing. Very astute. Btw, your version is obsolete!

Getting to work on -dm. That's a good idea.
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: Request: jtool flag for disassembling raw machine code

Postby Siguza » Fri Apr 01, 2016 11:18 am

Huh, obsolete?
I downloaded the newest tarball only two minutes before posting this, and I just tried again, it's still at v0.98.99999.
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Request: jtool flag for disassembling raw machine code

Postby morpheus » Fri Apr 01, 2016 12:00 pm

Note compilation date. Feb 13. Should be 3/16. New version will come out soon with some significant new features!
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: Request: jtool flag for disassembling raw machine code

Postby Siguza » Fri Apr 01, 2016 12:58 pm

3/16? As in, March?

Code: Select all
bash$ curl http://www.newosxbook.com/files/jtool.tar 2>/dev/null | tar -xO jtool | egrep -a 'This is jtool .*, compiled on .*$'
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:05
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:07
This is jtool v0.98.99999 (NYC) with MIG detection and even more bug fixes, compiled on Feb 13 2016 12:39:06

(Also, where are these other two strings coming from?)
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Request: jtool flag for disassembling raw machine code

Postby morpheus » Fri Apr 01, 2016 1:33 pm

So.. you can now use what(1) - would be easier - to figure out the version (and also LC_SOURCE_VERSION).

And I rushed to upload a fresh build. Might be a tad unstable as I'm putting in decompilation callbacks in machlib (to allow joker to symbolicate more kernel functions). But this will still get you several significant fixes and features over the Feb version - check WhatsNew.txt as usual.
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: Request: jtool flag for disassembling raw machine code

Postby morpheus » Wed Apr 13, 2016 2:24 pm

... and btw, now disarm 0.3 dumps raw machine code. v0.4 will also follow registers, bringing it on par with jtool.

I hope you'll find it useful. Aside from people who insist on using capstone, that is...
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm

Re: Request: jtool flag for disassembling raw machine code

Postby Siguza » Wed Apr 13, 2016 10:13 pm

You know, capstone just sort of lacks a "j" somewhere...

Mocking aside, I downloaded disarm pretty much the moment I saw your twitter post.
Thanks again for all your work. :)
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Request: jtool flag for disassembling raw machine code

Postby morpheus » Wed Apr 13, 2016 11:08 pm

Well, expect that register functionality pretty soon - and expect ARMv7 to be making a come back to both jtool and disarm (they use the same library anyway :-)

And I'd like to reiterate to my readers:

I have not, do not, and will not use capstone, libopcodes, or any other library besides 100% J-Code. It might be buggier because of that, but at least I know *exactly* what it does and can fix it - I just need my users' help in reporting bugs , rather than saying "$#%$#%$# this, I'll use capstone instead" (which is what made me mention them there in the first place after a post by user moshe..)
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest