You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have trouble reproducing the results of find_taint.py. I have IDA 7.5 and IDA python to work in compatibility mode because from the README.md it seems like Bootstomp was used with IDA 6.95 and python 2.7. I have also tried using IDA 7.5 and modified the code to work with compatibility mode disabled and python 3 but the the results I get are the same with the ones described below.
When opening IDA, in the “Load a new file” I use as architecture ARM Little-endian for the BootStomp sample binaries.
For Huawei I received the error shown in #3 when running find_taint.py. (2) What should I use in the “disassembly memory organization” options of IDA Pro and what should the entry point be? I suspect that either the default options or the missing entry point are causing the problem.
When I tried using find_taint.py on the other files (Nexus_9 and Xperia lk) I did not receive any output. (3) Should I change the “disassembly memory organization” default options or set an entry point in order the analysis to be made?
I also tried using bootsplitter for the binaries that didn’t give results. Nonetheless, bootsplitter did not produce meaningful results for nexus_9 and xperia_xa that would help us in the importing of these binaries into IDA Pro. Specifically, the output for “IMAGE BASE + CODE SIZE” is smaller than the “IMAGE SIZE” alone, which does not seem reasonable. (4) Am I doing something wrong with bootsplitter? You can find my results from bootsplitter in https://github.com/k-karakatsanis/BootStomp/tree/master/output
I am new in reverse engineering, so I apologize if I am missing something obvious.
Thank you very much in advance!
The text was updated successfully, but these errors were encountered:
Hello and thank you for your research!
I have trouble reproducing the results of find_taint.py. I have IDA 7.5 and IDA python to work in compatibility mode because from the README.md it seems like Bootstomp was used with IDA 6.95 and python 2.7. I have also tried using IDA 7.5 and modified the code to work with compatibility mode disabled and python 3 but the the results I get are the same with the ones described below.
When opening IDA, in the “Load a new file” I use as architecture ARM Little-endian for the BootStomp sample binaries.
I was only able to reproduce - with slight differences though - the results of Qualcomm lk (latest and unpatched). (1) Do you know why the output is slightly different than the expected in https://github.com/ucsb-seclab/BootStomp/blob/master/evaluation/qualcomm_lk/latest/taint_info.txt and https://github.com/ucsb-seclab/BootStomp/blob/master/evaluation/qualcomm_lk/unpatched/taint_info.txt? You can find my results for the latest and the unpatched Qualcomm lk at https://github.com/k-karakatsanis/BootStomp/blob/master/bootloaders/qualcomm_lk/taint_source_sink_latest.txt and https://github.com/k-karakatsanis/BootStomp/blob/master/bootloaders/qualcomm_lk/taint_source_sink_unpatched.txt correspondingly. FYI, after opening the files in IDA, I have also tried to change the .rodata segment to read (from read & write) but I still get different output than the expected.
For Huawei I received the error shown in #3 when running find_taint.py. (2) What should I use in the “disassembly memory organization” options of IDA Pro and what should the entry point be? I suspect that either the default options or the missing entry point are causing the problem.
When I tried using find_taint.py on the other files (Nexus_9 and Xperia lk) I did not receive any output. (3) Should I change the “disassembly memory organization” default options or set an entry point in order the analysis to be made?
I also tried using bootsplitter for the binaries that didn’t give results. Nonetheless, bootsplitter did not produce meaningful results for nexus_9 and xperia_xa that would help us in the importing of these binaries into IDA Pro. Specifically, the output for “IMAGE BASE + CODE SIZE” is smaller than the “IMAGE SIZE” alone, which does not seem reasonable. (4) Am I doing something wrong with bootsplitter? You can find my results from bootsplitter in https://github.com/k-karakatsanis/BootStomp/tree/master/output
I am new in reverse engineering, so I apologize if I am missing something obvious.
Thank you very much in advance!
The text was updated successfully, but these errors were encountered: