-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL 1.1.1 #18
Comments
Would you help me do that please? |
I managed to create it some time ago |
I use the ida SDK tool flair to convert [libssl.lib]->[libssl.sig], but the size is abnormal. Can you share your flair tool? Or is it easier to communicate? |
What do you mean under abnormal size |
I am using IDA_Pro_v7.5, the generated file is too small, and the symbols related to openssl cannot be recovered by importing ida, but the articles I read are indeed ok. I imported his libssl.sig and recovered many symbols, but his version is 1.1.1i, not openssl1.1.1k which I want. (https://github.com/avcatshy/noobs/tree/main/zoom-easy-analysis) |
He is compiled with mac, can you convert his [.a] file to [.sig] file? When I use the command "plb libssl.a" to convert it keeps getting an error: https://github.com/avcatshy/noobs/tree/main/zoom-easy-analysis/zoomRSA_OpenSSL/lib |
Yeah, I've got right the same result as you when trying to use plb under Windows
and if you check the embedded object files form the archive file you will figure out that they were built Mac OS:
so I believe you need to use IDA under Mac in order to get the sig files by FLIRT |
Heh, it's much more easier - try to use tool named pmacho.exe (it understands Mach-o format) |
First of all thank you very much for your help! I also tried to use the pmacho tool, the size of the converted pat file looks normal, but the sig file converted by sigmark is extraordinarily small (for example, libssl.sig is only 30kb) |
The most incomprehensible thing for me is: I tried to convert the .a file provided by @avcatshy with pmacho, and then the libssl.sig file generated by sigmake was only 30kb. But when I used the libssl.pat provided by him to generate libssl.sig, everything was fine It has become normal, and some symbols of openssl can be restored by importing ida. . . (Unfortunately - not the version I wanted) |
Yeah, I agree.. for some reason final .sig is a way small... |
My mac is an m1 chip, and the file compiled on the mac will report such an error "Warning: IDA does not yet support Mach-O relocation information for this CPU". So please help me to compile the openssl static library on your mac, is it ok? (Please use the script provided below and run "./openssl-build.sh") |
Well, I don't have Mac HW, so can't help here, sorry... |
I don't think that warning somehow impacts the output result...
as you see - no warnings, but still the scanned number of functions is not as expected, right? |
The openssl1.1.1i version provided by @avcatshy has a libssl.sig size of 136kb and a libcrypto.sig size of 431kb. I think the sig file corresponding to the openssl1.1.1k version should be close to this size. |
Could you attach the pat files for M1 which you are happy about? |
Use this pat file to generate a satisfactory sig file, please use the link below |
Yeah, I agree Now, after some thinking I guess that you have to write to IDA support because most probably the pmacho.exe does not fully understand the M1 object files and for some reason it reads out much less functions comparing to real case... as FLAIR is closed source, I dont see other options than asking for support ticket, or Good luck! |
@greenozon how did you make the signature for the openssl 1.1.1 msvc? I tried to compile openssl 3.0.0 with msvc by clone the branch 3.0.0 and then run:
and then get the libssl.lib and libcrypto.lib in programfile/openssl/lib. But i tried both plb and pcf to get the pat file but both give me back zero libary? |
what branch (location) are you referring to? |
Here are the two lib file: https://www.sendspace.com/filegroup/6EhnO3HBif7F55Mr5HFa3Q |
Yeah, I understand what's going on static libs to be used: |
Please generate sigs for OpenSSL version 1.1.1
Thanks
The text was updated successfully, but these errors were encountered: