find_fat_binary_offsets.py: add hacky support for non-fat binaries (1…

…0.14.x and earlier)
0xdevalias · Apr 15, 2024 · aeb3ff9 · aeb3ff9 · 0xdevalias · Apr 15, 2024
1 parent 4c61355
commit aeb3ff9
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/find_fat_binary_offsets.py b/find_fat_binary_offsets.py
@@ -22,6 +22,7 @@
     from pstats import SortKey
 
 # Symbol to search for
+# symbol = "_newLocalDeliveryServiceStatString" # For 10.14.x and earlier
 symbol = "_IDSProtoKeyTransparencyTrustedServiceReadFrom"
 
 # Hex strings to search for
@@ -194,7 +195,21 @@ def scan_macho_fat_binary(file_path):
         # Read the magic number to confirm it's a FAT binary
         magic = file.read(4)
         if magic != FAT_MAGIC:
-            return "Not a FAT binary"
+            # TODO: improve this handling.. it's pretty hacky at the moment
+            # return "Not a FAT binary"
+            offset = 0x0
+            is_valid_macho = validate_macho_header(file, offset)
+            architectures[0] = {
+                "name": 'x86_64',
+                "cpu_type": 0x0,
+                "cpu_subtype": 0x0,
+                "cpu_subtype_caps": 0x0,
+                "offset": offset,
+                "size": -1,
+                "align": 0,
+                "valid_macho_header": is_valid_macho,
+            }
+            return architectures
 
         # Read number of architectures
         num_archs = struct.unpack(">I", file.read(4))[0]
@@ -235,6 +250,12 @@ def scan_macho_fat_binary(file_path):
 def print_arch_info(architectures):
     """Print information about each architecture in the FAT binary"""
     print("-= Universal Binary Sections =-")
+
+    # TODO: improve this handling, it's pretty hack at the moment
+    # if (architectures == "Not a FAT binary"):
+    #     print(architectures)
+    #     return
+
     for i, arch in architectures.items():
         print(f"Architecture {i} ({arch['name']}):")
         print(f"  CPU Type: {arch['cpu_type']} (0x{arch['cpu_type']:x})")