initial code

.gitignore

@@ -0,0 +1 @@
+*.pyc

LICENSE

@@ -1,21 +1,7 @@
-MIT License
+Copyright (c) 2022 b0bb
 
-Copyright (c) 2022 0xb0bb
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,17 @@
+# 0CD
+Author: **b0bb**
+
+Quality of life utilities for the obsessive compulsive CTF enthusiasts.
+
+## Description:
+This plugin is a collection of small quality of life improvements that come up in CTFs or other similar toy problems. Some included utilities include:
+
+**Stack Guards**  
+This utility will clean up those ugly looking stack canaries your eyes always skip over.
+
+![stack guards](https://github.com/0xb0bb/0CD/blob/main/images/stackguards.png?raw=true)
+
+
+## License
+
+This plugin is released under an [MIT license](./license).

__init__.py

@@ -0,0 +1,38 @@
+# 0CD - Quality of life utlities for obsessive compulsive CTF enthusiasts
+# by b0bb (https://twitter.com/0xb0bb) 
+
+from binaryninja import PluginCommand, Settings
+from .modules import stackguards
+
+settings = Settings()
+settings.register_group("0cd", "0CD")
+
+settings.register_setting("0cd.stackguards.var_name", """
+	{
+		"title" : "Stack canary variable name",
+		"type" : "string",
+		"default" : "CANARY",
+		"description" : "Name of the stack canary stored on the stack."
+	}
+""")
+
+settings.register_setting("0cd.stackguards.tcb_name", """
+	{
+		"title" : "TCB variable name",
+		"type" : "string",
+		"default" : "tcb",
+		"description" : "Name of the tcp struct pointer stored on the stack."
+	}
+""")
+
+PluginCommand.register(
+	"0CD\Stack Guards\Clean all",
+	"Clean up stack guards in all functions",
+	stackguards.run_plugin_all
+)
+
+PluginCommand.register_for_function(
+	"0CD\Stack Guards\Clean current function",
+	"Clean up stack guards in the current function",
+	stackguards.run_plugin_current
+)

data/stackguards/linux-x86.json

@@ -0,0 +1,4 @@
+{
+	"src": "gsbase",
+	"struct": "struct __packed { void *tcb; dtv_t *dtv; void *self; int multiple_threads; uintptr_t sysinfo; uintptr_t stack_guard; uintptr_t pointer_guard; int gscope_flag; int private_futex; void *__private_tm[5]; };"
+}

data/stackguards/linux-x86_64.json

@@ -0,0 +1,4 @@
+{
+	"src": "fsbase",
+	"struct": "struct __packed { void *tcb; void *dtv; void *self; int multiple_threads; int gscope_flag; uintptr_t sysinfo; uintptr_t stack_guard; uintptr_t pointer_guard; unsigned long int vgetcpu_cache[2]; unsigned int feature_1; void *__private_tm[4]; void *__private_ss; unsigned long long int ssp_base; };"
+}

modules/stackguards.py

@@ -0,0 +1,105 @@
+# 0CD - Quality of life utilities for obsessive compulsive CTF enthusiasts
+# by b0bb (https://twitter.com/0xb0bb) 
+
+import os
+import json
+import binaryninja as bn
+
+supported = [
+    'linux-x86',
+    'linux-x86_64',
+]
+
+
+def load_data(arch):
+	current_file_path = os.path.dirname(os.path.abspath(__file__))
+	data_db_path = os.path.join(current_file_path, '..', 'data/stackguards', arch+'.json')
+	fh = open(data_db_path, 'r')
+	return json.load(fh)
+
+
+def check_arch(platform):
+	if platform not in supported:
+		bn.log_error('[-] This plugin only supports the following platforms: '+str(supported))
+		return False
+
+	return True
+
+
+def run_plugin_all(bv):
+
+	if check_arch(bv.platform.name):
+		syms = list(filter(lambda sym: "__stack_chk_fail" in sym.name, bv.get_symbols()))
+		if len(syms) == 0:
+			return 0
+
+		functions = set()
+		for target in set(map(lambda sym: sym.address, syms)):
+			for xref in bv.get_code_refs(target):
+				functions.add(xref.function)
+
+		data = load_data(bv.platform.name)
+		task = StackGuardTask(bv, functions, data)
+		task.start()
+
+
+def run_plugin_current(bv, function):
+
+	if check_arch(bv.platform.name):
+		data = load_data(bv.platform.name)
+		task = StackGuardTask(bv, [function], data)
+		task.start()
+
+
+class StackGuardTask(bn.BackgroundTaskThread):
+
+
+	def __init__(self, bv, functions, data):
+		bn.BackgroundTaskThread.__init__(self, "Finding functions...", False)
+		self.bv = bv
+		self.functions = functions
+		self.data = data
+
+
+	def run(self):
+
+		self.bv.define_user_type('tcbhead_t', self.data['struct'])
+		for function in self.functions:
+			if self.set_guard_type(function):
+				self.set_guard_name(function)
+
+
+	def set_guard_type(self, function):
+
+		for bb in function.medium_level_il:
+			for insn in bb:
+				if insn.operation != bn.MediumLevelILOperation.MLIL_SET_VAR:
+					continue
+
+				for var in insn.vars_read:
+					if var.name == self.data['src'] and isinstance(var.type, bn.types.PointerType):
+						vartype = bn.Type.pointer(
+							self.bv.arch,
+							bn.Type.named_type_from_registered_type(self.bv, 'tcbhead_t')
+						)
+						function.create_user_var(var, vartype, bn.Settings().get_string('0cd.stackguards.tcb_name'))
+						self.bv.update_analysis_and_wait()
+						return True
+
+		return False
+
+
+	def set_guard_name(self, function):
+
+		for bb in function.medium_level_il:
+			for insn in bb:
+				if insn.operation != bn.MediumLevelILOperation.MLIL_SET_VAR:
+					continue
+
+				for var in insn.vars_written:
+					if 'stack_guard' in str(insn) and 'tcbhead_t' in str(insn.vars_read):
+						var.name = bn.Settings().get_string('0cd.stackguards.var_name')
+						return True
+
+		return False
+

ocd.py

@@ -0,0 +1,37 @@
+from binaryninja import *
+
+
+class OcdView(BinaryView):
+
+    name = "OCD"
+
+
+    def __init__(self, data):
+        BinaryView.__init__(self, file_metadata=data.file, parent_view=data)
+
+
+    @classmethod
+    def is_valid_for_data(self, data):
+        log_info("sssssssssssssssssssssssssssss")
+        log_info(data[:3])
+        log_info(data[18:20])
+        log_info("sssssssssssssssssssssssssssss")
+        if data[:4] == b'\x7fELF' and data[18:20] == b'\x3e\x00':
+            return True
+        return False
+
+
+    def on_complete(self):
+        for i in range(0x10):
+            log_info("complete")
+
+
+    def init(self):
+        log_info("sssssssssssssssssssssssssssss")
+        log_info("init() called")
+        log_info("sssssssssssssssssssssssssssss")
+
+        AnalysisCompletionEvent(self, self.on_complete)
+        return True
+
+OcdView.register()

plugin.json

@@ -0,0 +1,35 @@
+{
+  "pluginmetadataversion": 2,
+  "name": "0CD",
+  "type": [
+    "helper"
+  ],
+  "api": [
+    "python3"
+  ],
+  "description": "Quality of life utilities for obsessive compulsive CTF enthusiasts.",
+  "longdescription": "",
+  "license": {
+    "name": "MIT",
+    "text": "Copyright (c) 2022 b0bb\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE."
+  },
+  "platforms": [
+    "Darwin",
+    "Linux",
+    "Windows"
+  ],
+  "installinstructions": {
+    "Darwin": "",
+    "Linux": "",
+    "Windows": ""
+  },
+  "dependencies": {
+    "pip": [],
+    "apt": [],
+    "installers": [],
+    "other": []
+  },
+  "version": "0.1",
+  "author": "b0bb",
+  "minimumbinaryninjaversion": 3164
+}