miasm v0.1.5 releases: Reverse engineering framework in Python

Miasm is a free and open-source (GPLv2) reverse engineering framework. Miasm aims to analyze/ modify/generate binary programs. Here is a non-exhaustive list of features:

• Opening / modifying / generating PE / ELF 32 / 64 LE / BE using Elfesteem
• Assembling / Disassembling X86 / ARM / MIPS / SH4 / MSP430
• Representing assembly semantic using an intermediate language
• Emulating using JIT (dynamic code analysis, unpacking, …)
• Expression simplification for automatic de-obfuscation
• …

See the official blog for more examples and demos.

How does it work?

Miasm embeds its own disassembler, intermediate language and instruction semantic. It is written in Python.

To emulate code, it uses LibTCC, LLVM, GCC, Clang or Python to JIT the intermediate representation. It can emulate shellcodes and all or parts of binaries. Python callbacks can be executed to interact with the execution, for instance, to emulate library functions effects.

Changelog v0.1.4

Fixed

• header files for pip

Software requirements

Miasm uses:

• python-pyparsing
• python-dev
• elfesteem from Elfesteem
• optionally python-pycparser (version >= 2.17)

To enable code JIT, one of the following modules is mandatory:

• GCC
• Clang
• LLVM with Numba llvmlite, see below
• LibTCC tinycc (ONLY version 0.9.26)

‘optional’ Miasm can also use:

• Z3, the Theorem Prover

Configuration

• Install elfesteem
  

  git clone https://github.com/serpilliere/elfesteem.git elfesteem
  
  cd elfesteem
  
  python setup.py build
  
  sudo python setup.py install

   

   

   

To use the jitter, GCC, TCC or LLVM is recommended

• GCC (any version)
• Clang (any version)
• LibTCC needs to be configured with the --disable-static option
  • remove libtcc-dev from the system to avoid conflicts
  • clone TinyCC: git clone http://repo.or.cz/tinycc.git
  • set branch to version 0.9.26: cd tinycc/ and git checkout release_0_9_26
  • ./configure --disable-static
  • make
  • sudo make install
  • There may be an error on documentation generation
• LLVM
  • Debian (testing/unstable): Not tested
  • Debian stable/Ubuntu/Kali/whatever: pip install llvmlite or install from llvmlite
  • Windows: Not tested
• Build and install Miasm:
  

  $ cd miasm_directory
  
  $ python setup.py build
  
  $ sudo python setup.py install

   

   

   

If something goes wrong during one of the jitter modules compilation, Miasm will skip the error and disable the corresponding module (see the compilation output).

Windows & IDA

Most of Miasm’s IDA plugins use a subset of Miasm functionality. A quick way to have them working is to add:

• elfesteem directory and pyparsing.py to C:\...\IDA\python\ or pip install pyparsing elfesteem
• miasm2/miasm2 directory to C:\...\IDA\python\

All features excepting JITter related ones will be available. For a complete installation, please refer to above paragraphs.

Tutorial

Copyright (C) 2015 Commial

Source: https://github.com/cea-sec/