Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add symbols.unredact config variable #144

Merged
merged 4 commits into from
May 17, 2019
Merged

Add symbols.unredact config variable #144

merged 4 commits into from
May 17, 2019

Conversation

mrmacete
Copy link
Contributor

@mrmacete mrmacete commented May 16, 2019
edited
Loading

true by default, it allows to retrieve the symbol name from the debug symbols (CoreSymbolication) when it’s “redacted” in apple’s dyld cache.

Also, while at it, added some sanitisation on flag names, to avoid accidental creation of garbage files and such.

Example:

[0x00000000]> \e symbols.unredact=?
Try to get symbol names from debug symbols when they're "redacted":

    true            try to unredact (the default)
    false           do not attempt to unredact

[0x00000000]> \is* CoreText~redact
[0x00000000]> \e symbols.unredact=false

[0x00000000]> \is* CoreText~redact
Do you want to print 4379 lines? (y/N)

@mrmacete
Add symbols.unredact config variable
d1a46eb 
`true` by default, it allows to retrieve the symbol name from the debug symbols (CoreSymbolication) when it’s “redacted” in apple’s dyld cache.
@mrmacete mrmacete requested a review from trufae May 16, 2019 15:12
trufae
trufae reviewed May 16, 2019
View reviewed changes
src/agent/config.js Outdated
if (typeof (val) === 'boolean') {
return true;
}
return ['true', 'false'].indexOf(val) !== -1;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about return (/(true|false)/i).test(val); so its case insensitive. Also, we have the isTrue() helper below

trufae
trufae reviewed May 16, 2019
View reviewed changes
src/agent/index.js Outdated
})
.join('\n');
}

function sanitizeString (str) {
const result = [];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about using map/filter for this?

return str.split().map(_ => insaneSet.has(x)? c:'_').join('')

trufae
trufae reviewed May 16, 2019
View reviewed changes
src/agent/index.js
if (config.getBoolean('symbols.unredact') && sym.name.indexOf('redacted') !== -1) {
const dbgSym = DebugSymbol.fromAddress(sym.address);
if (dbgSym !== null) {
sym.name = dbgSym.name;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uhm, when we find the symbol we dont need to continue searching , right? maybe good to use a for loop to break it here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're not searching here, it's just iterating over all the results of enumerateSymbols

trufae
trufae reviewed May 16, 2019
View reviewed changes
src/agent/index.js Outdated
@@ -34,6 +34,7 @@ const allocPool = {};
const pendingCmds = {};
const pendingCmdSends = [];
let sendingCommand = false;
const insaneSet = new Set(['`', '$', '{', '}', '~', '|', ';', '#', '@', '&', '<', '>', ' ', '(', ')']);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a single string is probably faster imho. const specialChars = "`${}~|;#...".

and then use sspecialChars.indexOf(ch) !== -1

trufae
trufae reviewed May 16, 2019
View reviewed changes
Copy link
Member

@trufae trufae left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

trufae
trufae reviewed May 16, 2019
View reviewed changes
src/agent/config.js Outdated
@@ -8,7 +8,8 @@ const config = {
'stalker.timeout': 5 * 60,
'stalker.in': 'raw',
'hook.backtrace': true,
'hook.verbose': true
'hook.verbose': true,
'symbols.unredact': true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be set to false outside iOS (and maybe macOS) too

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ohh ok

trufae
trufae reviewed May 16, 2019
View reviewed changes
Copy link
Member

@trufae trufae left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.

@trufae trufae merged commit 65bbb01 into nowsecure:master May 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trufae trufae trufae left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mrmacete @trufae