Add IDA plugin

Author: evilpan

ida/README.md

@@ -1 +1,67 @@
-# TODO
+# JNI Helper for IDA
+
+Load JNI function signatures from JSON file and apply to IDA-Pro
+
+# Install
+
+macOS:
+```sh
+cp jni_helper.py $IDA_HOME/ida.app/Contents/MacOS/plugins
+```
+
+> e.x. `/Applications/IDA Pro 6.9/idaq.app/Contents/MacOS/plugins/`
+
+Windows:
+```
+cp jni_helper.py %IDA_HOME%\plugins
+```
+
+> e.x. `C:\Program Files (x86)\IDA 6.9\plugins`
+
+# Load
+
+```
+Edit -> Plugins -> JNI Helper
+```
+
+Logging:
+```
+[+] plugin init
+[+] plugin run
+[+] loading signature file: /Users/root/app-debug.json
+[+] loaded 14 methods from JSON
+[+] apply 0x9f8 JNI_OnLoad
+[+] apply 0xa90 JNI_OnUnload
+[+] apply 0xabc Java_com_evilpan_demojni_MainActivity_c_1stringFromJNI
+[+] apply 0xae4 Java_com_evilpan_demojni_MainActivity_c_1testOverload__
+[+] apply 0xb70 Java_com_evilpan_demojni_MainActivity_c_1testOverload__I
+[+] apply 0xca8 Java_com_evilpan_demojni_MainActivity_c_1testOverload__JFD
+[+] apply 0xdb0 Java_com_evilpan_demojni_MainActivity_c_1testStatic
+[+] apply 0xe78 Java_com_evilpan_demojni_MainActivity_c_1testClass
+[+] apply 0xf98 Java_com_evilpan_demojni_MainActivity_c_1testArray
+```
+
+Before:
+
+![1][1]
+
+After:
+
+![2][2]
+
+# Links
+
+- [hex-rays/idapython_docs][doc]
+- [hex-rays/sdkdoc][sdk]
+- [hex-rays/ida74_idapython_no_bc695_porting_guide][port]
+- [IDAPython cheatsheet][snip]
+
+[doc]: https://www.hex-rays.com/products/ida/support/idapython_docs/
+[sdk]: https://www.hex-rays.com/products/ida/support/sdkdoc/index.html
+[port]: https://www.hex-rays.com/products/ida/support/ida74_idapython_no_bc695_porting_guide.shtml
+[flare]: https://github.com/fireeye/flare-ida
+[snip]: https://gist.github.com/icecr4ck/7a7af3277787c794c66965517199fc9c
+[pal]: https://unit42.paloaltonetworks.com/using-idapython-to-make-your-life-easier-part-1/
+
+[1]: https://img-blog.csdnimg.cn/20201005164101129.png
+[2]: https://img-blog.csdnimg.cn/20201005164352403.png

ida/jni_helper.py

@@ -0,0 +1,132 @@
+#---------------------------------------------------------------------
+# jni_helper.py - IDA JNI Helper plugin
+#---------------------------------------------------------------------
+"""
+Plugin for IDA to apply JSON signature to JNI functions.
+"""
+
+import ida_typeinf
+import idautils
+import idaapi
+import idc
+
+import os
+import sys
+import json
+
+def log(fmt, *args):
+    print "[+]", fmt % args
+
+
+def load_methods():
+    sigfile = idc.AskFile(0, "*.json", "Select json signature file")
+    log("loading signature file: %s", sigfile)
+
+    with open(sigfile, 'r') as f:
+        infos = json.load(f)
+
+    log("loaded %d methods from JSON", len(infos))
+    return infos
+
+
+def is_jni_header_loaded():
+    # not work as expected:
+    # return idaapi.get_struc_id('JNIInvokeInterface_') != idaapi.BADADDR
+    try:
+        idc.parse_decl('JNIEnv *env', idc.PT_SILENT)
+    except Exception as e:
+        return False
+    return True
+
+
+def load_jni_header():
+    jni_h = idc.AskFile(0, "*.h", "Select JNI header file")
+    idaapi.idc_parse_types(jni_h, idc.PT_FILE)
+
+
+def apply_signature(ea, info):
+    name = idc.GetFunctionName(ea)
+    if info is None:
+        log('WARN: no info found for %s', name)
+        return
+    log('apply 0x%x %s', ea, name)
+    decl = '{} {}(JNIEnv* env, '.format(info['returnType'], name)
+    if info['isStatic']:
+        decl += 'jclass clazz'
+    else:
+        decl += 'jobject thiz'
+    for idx, atype in enumerate(info['argumentTypes']):
+        decl += ', {} arg{}'.format(atype, idx + 1)
+    decl += ')'
+    # log(decl)
+    prototype_details = idc.parse_decl(decl, idc.PT_SILENT)
+    # idc.set_name(ea, name)
+    idc.apply_type(ea, prototype_details)
+
+
+def apply_load_unload(ea, load=True):
+    name = idc.GetFunctionName(ea)
+    log('apply 0x%x %s', ea, name)
+    decl = "{} {}(JavaVM *vm, void *reserved)".format(
+        "jint" if load else "void",
+        "JNI_OnLoad" if load else "JNI_OnUnload"
+    )
+    prototype_details = idc.parse_decl(decl, idc.PT_SILENT)
+    idc.apply_type(ea, prototype_details)
+
+
+class JNIHelperPlugin(idaapi.plugin_t):
+    """
+    JNI Helper plugin class
+    """
+    flags = 0
+    comment = "Import JSON Signature file"
+    help = "Apply JSON Signature to JNI functions"
+    wanted_name = "JNI Helper"
+    wanted_hotkey = "Ctrl-Alt-j"
+    
+    def init(self):
+        log("plugin init")
+        return idaapi.PLUGIN_OK 
+
+    def run(self, arg):
+        """
+        :param arg: Integer, a non-zero value enables auto-run feature for
+             IDA batch (no gui) processing mode. Default is 0.
+        """
+        log("plugin run")
+        if not is_jni_header_loaded():
+            idaapi.warning('Please load jni.h first')
+            load_jni_header()
+        st = idc.set_ida_state(idc.IDA_STATUS_WORK)
+        infos = load_methods()
+        failed = []
+        succ = 0
+        for ea in idautils.Functions():
+            fname = idc.GetFunctionName(ea)
+            if fname.startswith('Java_'):
+                info = infos.get(fname)
+                if info is None:
+                    failed.append(name)
+                else:
+                    succ += 1
+                apply_signature(ea, info)
+            if fname == 'JNI_OnLoad':
+                apply_load_unload(ea, True)
+                succ += 1
+            if fname == 'JNI_OnUnload':
+                apply_load_unload(ea, False)
+                succ += 1
+        idaapi.info('JNI functions loaded, {} success. {} failed. \n{}'.format(
+            succ,
+            len(failed),
+            '\n'.join(failed)
+        ))
+        idc.set_ida_state(st)
+
+    def term(self):
+        log("plugin term")
+
+
+def PLUGIN_ENTRY():
+    return JNIHelperPlugin()