IDA2Obj

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

The working flow is simple:

Dump object files (COFF) directly from one executable binary.
Link the object files into a new binary, almost the same as the old one.
During the dumping process, you can insert any data/code at any location.
- SBI is just one of the using scenarios, especially useful for black-box fuzzing.

How to use

Prepare the enviroment:
- Set AUTOIMPORT_COMPAT_IDA695 = YES in the idapython.cfg to support the API with old IDA 6.x style.
- Install dependency: pip install cough
Create a folder as the workspace.
Copy the target binary which you want to fuzz into the workspace.
Load the binary into IDA Pro, choose Load resources and manually load to load all the segments from the binary.
Wait for the auto-analysis done.
Dump object files by running the script MagicIDA/main.py.
- The output object files will be inside ${workspace}/${module}/objs/afl.
- If you create an empty file named TRACE_MODE inside the workspace, then the output object files will be inside ${workspace}/${module}/objs/trace.
- By the way, it will also generate 3 files inside ${workspace}/${module} :
  - exports_afl.def (used for linking)
  - exports_trace.def (used for linking)
  - hint.txt (used for patching)
Generate lib files by running the script utils/LibImports.py.
- The output lib files will be inside ${workspace}/${module}/libs, used for linking later.
Open a terminal and change the directory to the workspace.
Link all the object files and lib files by using utils/link.bat.
- e.g. utils/link.bat GdiPlus dll afl /RELEASE
- It will generate the new binary with the pdb file inside ${workspace}/${module}.
Patch the new built binary by using utils/PatchPEHeader.py.
- e.g. utils/PatchPEHeader.py GdiPlus/GdiPlus.afl.dll
- For the first time, you may need to run utils/register_msdia_run_as_administrator.bat as administrator.
Run & Fuzz.

More details

HITB Slides : https://github.com/jhftss/jhftss.github.io/blob/main/res/slides/HITB2021SIN%20-%20IDA2Obj%20-%20Mickey%20Jin.pdf

Demo : https://drive.google.com/file/d/1N3DXJCts5jG0Y5B92CrJOTIHedWyEQKr/view?usp=sharing

IDA2Obj is a tool to implement SBI (Static Binary Instrumentation).

Related tags

Overview

IDA2Obj

How to use

More details

Owner

Mickey

ProxyLogon Pre-Auth SSRF To Arbitrary File Write

Threat research and reporting from IronNet's Threat Research Teams

Fast subdomain scanner, Takes arguments from a Json file ("args.json") and outputs the subdomains.

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

About Hive Burp Suite Extension

labsecurity is a framework and its use is for ethical hacking and computer security

A simple Outline Server Access Key Copy and Paste Web Interface

Compilation of resources and insights that helped me on my journey to data scientist

A curated list of amazingly awesome Cybersecurity datasets

Exploit and Check Script for CVE 2022-1388

Cisco RV110w UPnP stack overflow

Discord exploit allowing you to be unbannable.

Small python script to look for common vulnerabilities on SMTP server.

Repository for a project of the course EP2520 Building Networked Systems Security

A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms

proof-of-concept running docker container from omero web

带回显版本的漏洞利用脚本

A Tool to find subdomains from hackerone reports.

Instagram brute force tool that uses tor as its proxy connections

Midas ELF64 Injector is a tool that will help you inject a C program from source code into an ELF64 binary.