Skip to content

Commit

Permalink
Merge pull request mandiant#896 from mr-tz/simplify-lang-config
Browse files Browse the repository at this point in the history 
simplify language configuration
  • Loading branch information
@mr-tz
mr-tz committed Nov 9, 2023
2 parents d49c6cf + 7dce9ad commit 52747a4
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 11 deletions.
4 changes: 3 additions & 1 deletion floss/language/go/extract.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,9 @@ def get_string_blob_strings(pe: pefile.PE, min_length) -> Iterable[StaticString]
try:
string_blob_start, string_blob_end = find_string_blob_range(pe, struct_strings)
except ValueError:
logger.warning("Failed to find string blob range: Go version may be unsupported.")
logger.warning(
"Failed to find string blob range: Is this a Go binary? If so, the Go version may be unsupported."
)
return

with floss.utils.timing("collect string blob strings"):
Expand Down
30 changes: 20 additions & 10 deletions floss/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -546,28 +546,38 @@ def main(argv=None) -> int:

static_runtime = get_runtime_diff(interim)

lang_id = identify_language(sample, static_strings)

# set language configurations
if (lang_id == Language.GO and args.language == "") or args.language == Language.GO.value:
lang_id: Language
if args.language == Language.GO.value:
lang_id = Language.GO
elif args.language == Language.RUST.value:
lang_id = Language.RUST
elif args.language == Language.DOTNET.value:
lang_id = Language.DOTNET
elif args.language == "none":
lang_id = Language.UNKNOWN
else:
lang_id = identify_language(sample, static_strings)

if lang_id == Language.GO:
if analysis.enable_tight_strings or analysis.enable_stack_strings or analysis.enable_decoded_strings:
logger.warning(
"FLOSS handles Go static strings, but string deobfuscation may be inaccurate and take a long time"
)
results.metadata.language = Language.GO.value

elif (lang_id == Language.RUST and args.language == "") or args.language == Language.RUST.value:
elif lang_id == Language.RUST:
if analysis.enable_tight_strings or analysis.enable_stack_strings or analysis.enable_decoded_strings:
logger.warning(
"FLOSS handles Rust static strings, but string deobfuscation may be inaccurate and take a long time"
)
results.metadata.language = Language.RUST.value

elif (lang_id == Language.DOTNET and args.language == "") or args.language == Language.DOTNET.value:
logger.warning(".NET language-specific string extraction is not supported")
logger.warning(" will NOT deobfuscate any .NET strings")
elif lang_id == Language.DOTNET:
logger.warning(".NET language-specific string extraction is not supported yet")
logger.warning("Furthermore, FLOSS does NOT attempt to deobfuscate any strings from .NET binaries")

# let's enable .NET strings after we can deobfuscate them
# enable .NET strings once we can extract them
# results.metadata.language = Language.DOTNET.value

# TODO for pure .NET binaries our deobfuscation algorithms do nothing, but for mixed-mode assemblies they may
Expand Down Expand Up @@ -604,7 +614,7 @@ def main(argv=None) -> int:
if not lang_id:
logger.info("extracting static strings")
else:
if (lang_id == Language.GO and args.language == "") or args.language == Language.GO.value:
if lang_id == Language.GO:
logger.info("extracting language-specific Go strings")

interim = time()
Expand All @@ -615,7 +625,7 @@ def main(argv=None) -> int:
static_strings, results.strings.language_strings, args.min_length
)

elif (lang_id == Language.RUST and args.language == "") or args.language == Language.RUST.value:
elif lang_id == Language.RUST:
logger.info("extracting language-specific Rust strings")

interim = time()
Expand Down

0 comments on commit 52747a4

Please sign in to comment.