制作一个使用'sed'修补OSX中二进制文件内的十六进制字符串的脚本
[英]Making a script that uses 'sed' to patch hex strings inside binaries in OSX
问题描述
patching hex strings inside binaries with sed. 
用sed在二进制文件中修补十六进制字符串。
how do i use Sed to open a binary file inside a .app, search for a unique string of hex values , replace them with the new string and then save the binary and exit.? 我如何使用Sed在.app中打开二进制文件,搜索十六进制值的唯一字符串,将其替换为新字符串,然后保存二进制文件并退出。 i have done alot of research and im stuck. 我做了很多研究,即时消息卡住了。
ultimately i would like to wright this as a script and below i have written some code as terminal commands that basically doesn't work but represents what i want to happen to the best of my ability. 最终,我想将其作为脚本编写,下面,我编写了一些作为终端命令的代码,这些代码基本上不起作用,但是代表了我想尽力而为的事情。
//binary patcher script attempt //二进制修补程序脚本尝试
hexdump -ve '1/1 "%.2X"' /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | \
sed "s/\x48\x85\xc0\x75\x33/\x48\x85\xc0\x74\x33/g" | \
xxd -r -p > /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp.Patched | \
cd /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/ | \
mv /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp.Patched /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | \
sudo chmod u+x /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp
//returns 1 if the string is in the file //如果字符串在文件中,则返回1
xxd -p /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | tr -d '\n' | grep -c ‘4885c07533'
(this is not in use in the script at the moment but i tested it and it does return 1 if the sequence is there and so i thought it would be handy when it comes to possibly of making these patches into small applications of their own. implementing by means of something along the lines of :- (此脚本目前尚未使用,但我对其进行了测试,如果有序列,它将返回1,因此,我认为将这些修补程序制作成自己的小型应用程序会很方便。通过以下方式实现:
'if(xxd -p /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | tr -d '\n' | grep -c ‘4885c07533' == 1){runTheRestOfTheScript;
else if (xxd -p /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | tr -d '\n' | grep -c ‘4885c07533' == 1){ThrowERROR;'
ok so back to the stuff in the script 好,回到脚本中的内容
//First it dumps the binaries hex information into memory //首先将二进制十六进制信息转储到内存中
hexdump -ve '1/1 "%.2X"' /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | \
//calls sed to find the string of values and replace it with the new one. //调用sed查找值的字符串,并将其替换为新的字符串。
sed "s/\x48\x85\xc0\x75\x33/\x48\x85\xc0\x74\x33/g" | \
//saves the new patched file as MyApp.Patched //将新的修补文件另存为MyApp.Patched
xxd -r -p > /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp.Patched | \
//cds to the directory of the patched file // cds到修补文件的目录
cd /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/ | \
// renames the file to its original executable name //将文件重命名为其原始可执行文件名称
mv /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp.Patched /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp | \
//sets the new file as executable after a password. //在密码之后将新文件设置为可执行文件。
sudo chmod u+x /Users/MiRAGE/Downloads/MyApp.app/Contents/MacOS/MyApp
now this is my first attempt and i am aware some of the functions probably are completely wrong and really, apart from it does not do the patching and it deletes the contents of the binary it works as far as the renaming goes and hopefully gives you an overview of how i need the runtime of the script to work. 现在,这是我的第一次尝试,我知道某些功能可能完全错误并且确实如此,除了它不执行修补程序之外,它删除了二进制文件的内容,直到重命名为止,并希望能为您提供我如何需要脚本运行时的概述。
now i am a real newbie but i really need to get this done and i really have no idea what to do. 现在我是一个真正的新手,但我真的需要完成这项工作,而且我真的不知道该怎么办。
i need this script to basically work by waiting for the user to point the program in the direction of the file that needs patching (as I'm patching the apps iv made preferably it would accept dragging of a .app file into the window and it finding the binary in the macOSX folder by itself (this will come later tho and could also be done in various ways) i then need it to search for the string in the binary and replace it with the edited string in this case :- 我需要通过等待用户将程序指向需要修补的文件的方向来基本运行该脚本(因为我正在修补iv制作的应用,最好接受将.app文件拖到窗口中并且在本身的macOSX文件夹中找到二进制文件(这将在以后出现,也可以通过各种方式完成)然后我需要它在二进制文件中搜索字符串,并在这种情况下用已编辑的字符串替换:-
original :- 4885c07533
patched:-4885c07433 {its worth re mentioning this string will always be unique but may vary in length depending on the function that needs patching}
I then need to save it with the same name as the original which this script handles by saving the patched file as .patched appended and subsequently renaming it accordingly . 然后,我需要使用与该脚本处理的原始名称相同的名称来保存它,方法是将修补文件另存为.patched,然后相应地重命名。
It then makes the file executable and exits leaving the patched .app ready to run. 然后,它使文件可执行,并退出,使已修补的.app可以运行。
This method of creating patches would be particularly helpful if i notice i have made a mistake in many of my programs for instance. 如果我注意到例如我在许多程序中都犯了一个错误,这种创建补丁的方法将特别有用。 if the function is unique i could make a single patch that could edit the binaries at the touch of a button while just holding the section of code that is relevant to patch inside. 如果功能是唯一的,我可以制作一个补丁,只需按一下与补丁内部相关的代码部分,就可以通过按一下按钮来编辑二进制文件。
so to sum up. 总结一下。
what i am looking for is some way of getting this script working and maybe, if any of you can help a little advice on turning this into a little application to make my life easier. 我正在寻找的是某种使该脚本正常工作的方法,也许你们中的任何人都可以在将其转变为一个小应用程序方面提供一些建议,以使我的生活更轻松。
many thanks in advance for any and all help you can offer. 在此先感谢您提供的所有帮助。 i will be checking daily so if i need to clarify something let me know and ill be on it in a flash. 我将每天检查一次,所以如果我需要澄清一些信息,请让我知道,请稍等。
MiRAGE 幻影
1 个解决方案
解决方案1
0 2014-01-11 13:06:33
With regards to the sed line 关于sed线
sed "s/\x48\x85\xc0\x75\x33/\x48\x85\xc0\x74\x33/g"
Firstly, you can use sed to change around arbitrary binary - but you should beware newlines. 首先,您可以使用sed更改任意二进制文件-但您应注意换行符。 sed processes its inputs always newline separated, so if the value \\x0a appears in your string you will have problems. sed总是以换行符分隔其输入,因此,如果\\ x0a值出现在字符串中,则会出现问题。
The following will allow you to consider the entire file as pure binary. 下面将使您可以将整个文件视为纯二进制文件。 (call sed with the -n option so that it won't print out lines after processing them by default). (使用-n选项调用sed,以便在默认情况下处理它们后不会打印出行)。
# Append the current line to the hold space
H
# On the last line the hold space contains all of the file - now swap pattern and hold space, operate on the pattern space and print the line
${
# exchange hold and pattern space
x
# do substitution
s/.../.../g
# print out result, required due to -n option
p
}
or, more succinctly 或者,更简洁地
sed -n 'H;${x;s/.../.../g;p}'
When you append the pattern space to hold space the new line will be inserted - so this circumvents issues with new lines. 当您追加模式空间以保留空间时,将插入新行-这样可以避免出现新行问题。
Also, in your example you used double quotes for your sed expression. 另外,在您的示例中,您为sed表达式使用了双引号。 Due to shell escaping rules for backslashes and the nature of sed, I would recommend the use of single quotes to avoid complication. 由于反斜杠的外壳转义规则和sed的性质,我建议使用单引号以避免复杂化。 Apologies if it is the case that this is not true for your shell. 如果情况对您的Shell不正确,则表示歉意。
Lastly about sed, you should beware of special values contained in the hex. 最后,关于sed,您应该提防十六进制中包含的特殊值。 If you escape a byte literal in sed with \\x.., the way this is interpreted is by first replacing the escapted byte literal with its value, and then executing the line. 如果使用\\ x ..来转义sed中的字节文字,则解释方式是首先用其值替换转义的字节文字,然后执行该行。 Importantly, regex special characters still do what they do if they weren't escaped. 重要的是,如果不逃脱正则表达式特殊字符,它们仍然会执行其操作。
Example: 例:
sed 's/\x5e\x2f/foo/'
# becomes
substitute pattern '\x5e\x2f' for 'foo'
# becomes
substitute pattern '^/' for 'foo'
# which matches a / at the beginning of a line as opposed to ^/
So the characters to look out for on the left of a substitution are the usual suspects, and beware \\x26 (&) on the right hand side of a substitution. 因此,通常在替换字符的左边要注意的字符,要当心\\ x26(&)在替换字符的右侧。
Hopefully that at least clarifies sed's potential role in your script :-). 希望至少可以澄清sed在脚本中的潜在作用:-)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.