Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds the Binary Ninja front-end plugin (MVP) + simplifies patch space 0 #240

Merged
merged 47 commits into from
Dec 2, 2022
Merged

Adds the Binary Ninja front-end plugin (MVP) + simplifies patch space 0 #240

merged 47 commits into from
Dec 2, 2022

Conversation

bmourad01
Copy link
Contributor

@bmourad01 bmourad01 commented Dec 1, 2022
edited
Loading

This PR adds a front-end plugin for VIBES for the Binary Ninja reverse engineering suite. This serves as a significant step up in improving the user experience of VIBES. Key highlights:

  1. The process of filling out patch configurations for a binary are done through a GUI interface that is integrated with Binary Ninja (including saving this information to a .bndb file).
  2. We are able to leverage Binary Ninja's tower of IRs (LLIL, MLIL, and HLIL) to extract mappings from higher-level variables seen in the decompiler output to low-level locations that are normally associated with the disassembly view. Most of the heavy lifting is already done for us when Binary Ninja analyzes the binary in question, and a small amount of work from us is done to fill in these gaps. This is the killer feature of the plugin, and something we have been looking to (at least partially) automate for a long time.

I've also simplified the way users can specify a patch that strictly inserts new code into the binary, denoted by a patch-size of 0. The corresponding changes to vibes-patch reflect this.

I should make it clear that this plugin is an MVP for getting a patch off the ground and sending the information off to the VIBES toolchain. In the future, we should be looking for user experience feedback to improve the usability of the plugin.

bmourad01 added 30 commits November 11, 2022 20:17
Initial schema for a plugin
de978eb 
Needs lots of work
Progress on higher vars
dd5e49f
Check supported architecture
bf823aa
Comment
bc53b8f
Frame range
165fedd
Use helper function for defined vars
62ee9b0
Identify data symbols that can be accessed via frame
cc3621c
Add button to refresh higher vars
60e2bed
Fixes
0ff2c3e
Simplify
3784097
Store hvars in the class
70250eb
More improvements
ae5c835
Reject invalid patch names
8c0712d
Fix
6257e3e
Add patch var editor, fix some bugs
345a6a0
Ability to add live vars, some fixes to live vars analysis
d7d65ab
OGRE editor
20eb746
Merge the OGRE editor with the patch editor
4d620e3
Serialize to the binja database
88b3f88 
This way we can easily save and load our patch configs inside of binja
Fix patch name regex
2b87b74
Add ability to load a C source file
a638946
Better labels for the buttons
eba4425
Better labels
f36f087
Allow patch size of zero
6fdc09f 
This replaces the `overwrite` field of the config file. A patch size
of zero implies that no code shall be overwritten. This way, we can
disassemble as many instructions that would be overwritten by our
trampoline and include those in the patch assembly.
Split the plugin into multiple modules
6b80030
Default patch code is empty string
6668696
Handle higher var values for "pointer" types
ec31692
Set current row if we had existing patches
bc99fb5
Fix ogre decls formatting
efb45f3
Import and export configs
ead854c
@bmourad01 bmourad01 merged commit a8d9eb5 into main Dec 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtpaasch jtpaasch Awaiting requested review from jtpaasch

@philzook58 philzook58 Awaiting requested review from philzook58

@gregsgit gregsgit Awaiting requested review from gregsgit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bmourad01