sebastian/rev-eng-nix-shell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Sebastian
2024-10-23 18:15:05 +02:00
commit 346286b9e9
8 changed files with 355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
binder-trace.nix Normal file
View File

@@ -0,0 +1,26 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools
}:
buildPythonPackage rec {
pname = "binder-trace";
version = "1.4.1";
pyproject = true;
src = fetchFromGitHub {
owner = "foundryzero";
repo = "binder-trace";
rev = "refs/tags/${version}";
hash = "sha256-PoarAeQ8+C43rdi5ZL9ntxvqaLP/aHWxmoBri/EDP9g=";
};
build-system = [ setuptools ];
meta = with lib; {
description = "Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as \"Wireshark for Binder\".";
homepage = "https://github.com/foundryzero/binder-trace";
};
}

32
dyldextractor.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
setuptools,
progressbar2,
capstone
}:
buildPythonPackage rec {
pname = "dyldextractor";
version = "v2.2.2";
pyproject = true;
src = fetchFromGitHub {
owner = "arandomdev";
repo = "dyldextractor";
rev = "d44855e8ae51c328847e500b5f52bacf563eb08a";
hash = "sha256-cIzQsEADveuof0L5a5CXC0KfdH9Ydxo7ajrPwHMWD6k=";
};
build-system = [ setuptools ];
dependencies = [ progressbar2 capstone ];
pythonRelaxDeps = [ "capstone" ];
meta = with lib; {
description = "Extract Binaries from Apple's Dyld Shared Cache";
homepage = "https://github.com/arandomdev/DyldExtractor";
};
}

27
flake.lock generated Normal file
View File

@@ -0,0 +1,27 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1729256560,
"narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

57
flake.nix Normal file
View File

@@ -0,0 +1,57 @@
{
description = "Reverse Engineering Workshop flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { self, nixpkgs }:
let
allSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = f: nixpkgs.lib.genAttrs allSystems (system: f {
pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
});
in {
devShells = forAllSystems ({ pkgs }: {
default = pkgs.mkShell {
packages = with pkgs; [
temurin-bin
ghidra-bin
(vscode-with-extensions.override { vscodeExtensions = pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "vscode-frida";
publisher = "CodeColorist";
version = "0.8.2";
hash = "sha256-mCBnBguwg23Wc2PhefuagiG5ZI2GAW0DoEUWEhr+/PM=";
}
];
})
swift
#frida-tools -> different version is already required by xpcspy
lief
libusbmuxd
libplist
ldid
radamsa
wireshark
android-tools
jadx
(python3.withPackages (pypkgs: with pypkgs; [
(pypkgs.callPackage ./xpcspy.nix {})
(pypkgs.callPackage ./pyimg4.nix {})
(pypkgs.callPackage ./dyldextractor.nix {})
(pypkgs.callPackage ./binder-trace.nix {})
(pypkgs.callPackage ./frida-python.nix {})
]))
];
};
});
};
}

68
frida-python.nix Normal file
View File

@@ -0,0 +1,68 @@
{
lib,
stdenv,
fetchurl,
fetchPypi,
buildPythonPackage,
typing-extensions,
darwin,
}:
let
version = "16.0.19";
format = "setuptools";
devkit = {
aarch64-darwin = fetchurl {
url = "https://github.com/frida/frida/releases/download/${version}/frida-core-devkit-${version}-macos-arm64.tar.xz";
hash = "sha256-5VAZnpHQ5wjl7IM96GhIKOfFYHFDKKOoSjN1STna2UA=";
};
x86_64-linux = fetchurl {
url = "https://github.com/frida/frida/releases/download/${version}/frida-core-devkit-${version}-linux-x86_64.tar.xz";
#hash = "sha256-7iptwk+Za9AgjX1rUYtvi9RSg823HV8ga7G09A6jImU=";
hash = "sha256-yNXNqv8eCbpdQKFShpAh6rUCEuItrOSNNLOjESimPdk=";
};
}.${stdenv.hostPlatform.system}
or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
in
buildPythonPackage rec {
pname = "frida-python";
inherit version;
src = fetchPypi {
pname = "frida";
inherit version;
hash = "sha256-rikIjjn9wA8VL/St/2JJTcueimn+q/URbt9lw/+nalY=";
};
postPatch = ''
mkdir assets
pushd assets
tar xvf ${devkit}
export FRIDA_CORE_DEVKIT=$PWD
popd
'';
env.NIX_LDFLAGS = lib.optionalString stdenv.hostPlatform.isDarwin "-framework AppKit";
propagatedBuildInputs = [ typing-extensions ];
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [
darwin.apple_sdk.frameworks.AppKit
];
pythonImportsCheck = [ "frida" ];
passthru = {
inherit devkit;
};
meta = {
description = "Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers (Python bindings)";
homepage = "https://www.frida.re";
license = lib.licenses.wxWindows;
maintainers = with lib.maintainers; [ s1341 ];
platforms = [ "aarch64-darwin" "x86_64-linux" ];
};
}

25
frida-tools.nix Normal file
View File

@@ -0,0 +1,25 @@
{ lib, fetchPypi, python3Packages }:
python3Packages.buildPythonApplication rec {
pname = "frida-tools";
version = "12.3.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-jtxn0a43kv9bLcY1CM3k0kf5K30Ne/FT10ohptWNwEU=";
};
propagatedBuildInputs = with python3Packages; [
pygments
prompt-toolkit
colorama
frida-python
];
meta = {
description = "Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers (client tools)";
homepage = "https://www.frida.re/";
maintainers = with lib.maintainers; [ s1341 ];
license = lib.licenses.wxWindows;
};
}

74
pyimg4.nix Normal file
View File

@@ -0,0 +1,74 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
fetchPypi,
poetry-core,
poetry-dynamic-versioning,
setuptools,
asn1,
click,
pycryptodome
}:
let
pylzss = buildPythonPackage rec {
pname = "pylzss";
version = "v0.3.8";
pyproject = true;
src = fetchFromGitHub {
owner = "m1stadev";
repo = "pylzss";
rev = "refs/tags/${version}";
hash = "sha256-Y0u9rFJWYWyJUVEgpLtQHsXu0JpTgRKxFJHB+B3EFyU=";
};
build-system = [ setuptools ];
meta = with lib; {
description = "LZSS library for CPython ";
homepage = "https://github.com/m1stadev/pylzss";
};
};
lzfse = buildPythonPackage rec {
pname = "lzfse";
version = "0.4.2";
pyproject = true;
src = fetchPypi{
inherit pname version;
hash = "sha256-xolfjKE+7dLhi24MmHyUaBFQMImECbxEp6qNT0pCzqs=";
};
build-system = [ setuptools ];
};
in buildPythonPackage rec {
pname = "pyimg4";
version = "v0.8.6";
pyproject = true;
src = fetchFromGitHub {
owner = "m1stadev";
repo = "PyIMG4";
rev = "refs/tags/${version}";
hash = "sha256-jpI0R/OLyN9mh/E2hmn4f+KSM4UpuQ1anin8kZGqqzI=";
};
build-system = [ poetry-core poetry-dynamic-versioning ];
dependencies = [
asn1
click
pycryptodome
pylzss
lzfse
];
pythonRelaxDeps = [ "pylzss" ];
meta = with lib; {
description = "A Python library/CLI tool for parsing Apple's Image4 format.";
homepage = "https://github.com/m1stadev/PyIMG4";
};
}

46
xpcspy.nix Normal file
View File

@@ -0,0 +1,46 @@
{
lib,
buildPythonPackage,
fetchFromGitHub,
fetchPypi,
setuptools,
frida-tools,
frida-python,
python3,
callPackage
}:
let python =
let packageOverrides = self: super: {
frida-python = (callPackage ./frida-python.nix {});
frida-tools = super.toPythonModule(callPackage ./frida-tools.nix {});
};
in python3.override {
inherit packageOverrides;
self = python;
};
in buildPythonPackage rec {
pname = "xpcspy";
version = "v0.8.3";
pyproject = true;
src = fetchFromGitHub {
owner = "hot3eed";
repo = "xpcspy";
rev = "refs/tags/${version}";
hash = "sha256-/7nv1Xtsu4cGXai12d0fN6OR9d5mgV/0xK2UrlUv2rc=";
};
build-system = [ setuptools ];
nativeBuildInputs = [ python.pkgs.frida-tools ];
buildInputs = [ python.pkgs.frida-tools ];
dependencies = [ python.pkgs.frida-python python.pkgs.frida-tools ];
pythonRelaxDeps = [ "frida-tools" "frida" ];
meta = with lib; {
description = "Bidirectional XPC message interception and more. Powered by Frida";
homepage = "https://github.com/hot3eed/xpcspy";
};
}