Skip to content

BinaryNinja plugin: remake of keypatch

License

Notifications You must be signed in to change notification settings

gordboy/keypatch_binja

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Remake of keypatch plugin for Binary Ninja.

Python != 3.10 is needed on arm64 macs to avoid install issues with keystone-engine.

  • assemble using keystone
  • fill areas with instructions or arbitrary bytes
  • search for instructions or bytes, with regular expressions

The plugin manager only installs and updates at release boundaries. If you want the hottest freshest code, navigate to your plugins folder and clone this repo to get started, pull to update.

Developer Notes

https://docs.binary.ninja/dev/plugins.html

Tests that must pass before PR considered, release made, etc.

  • file -> new binary data -> 1f 20 03 d5 1f 20 03 d5 1f 20 03 d5 1f 20 03 d5 (right click, paste from, raw hex)
  • create aarch64 function, now use keypatch to assemble at 0, 4, 8, and C the instruction bl 0x1000
  • fill from [0x4, 0xc) with manually entered bytes AA AA AA AA and get two orn x10, x21, x10, asr #0x2a
  • now fill from [0x4, 0xc) with assembled nop
  • now search for 1f .*? d5 and it should hit at every nop (at 4 and 8)

About

BinaryNinja plugin: remake of keypatch

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 99.0%
  • Makefile 1.0%