quarkslab
diff --git a/‎README.md‎
Lines changed: 37 additions & 107 deletions b/‎README.md‎
Lines changed: 37 additions & 107 deletions
diff --git a/‎docs/.snippets/diffing_pyrrha_exports.py‎
Lines changed: 75 additions & 0 deletions b/‎docs/.snippets/diffing_pyrrha_exports.py‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎docs/img/example_sourcetrail.png‎
-42.7 KB b/‎docs/img/example_sourcetrail.png‎
-42.7 KB
diff --git a/‎docs/index.md‎
Lines changed: 98 additions & 1 deletion b/‎docs/index.md‎
Lines changed: 98 additions & 1 deletion
@@ -1,134 +1,60 @@
 # Pyrrha: A mapper collection for firmware analysis
+ <!-- # --8<-- [start:intro]-->
+
+<p align="center">
+  <a href="https://github.com/quarkslab/pyrrha/pypi">
+    <img src="https://img.shields.io/pypi/v/pyrrha-mapper.svg">
+  </a>
+  <a href="https://github.com/quarkslab/pyrrha/releases">
+    <img src="https://img.shields.io/github/actions/workflow/status/quarkslab/pyrrha/release.yml">
+  </a>
+  <a href="https://pypi.org/project/pyrrha-mapper/">
+    <img src="https://img.shields.io/pypi/pyversions/pyrrha-mapper">
+  </a>
+  <img src="https://img.shields.io/pypi/dm/pyrrha-mapper"/>
+  <img src="https://img.shields.io/github/license/quarkslab/pyrrha"/>
+</p>
+
 
 Pyrrha is a filesystem cartography and correlation software focusing on visualization. It currently focuses on the relationship between executable files but aims at enabling anyone to map and visualize any relationship types. It uses the open-source code source
 explorer [NumbatUI](https://github.com/quarkslab/NumbatUI) to provide users with an easy way to navigate through and search for 
 path to function.
+ <!-- # --8<-- [end:intro]-->
 
-![](img/imports.png)
+![](docs/img/imports.png)
 <p align="center">
 <b>An example of the symbols and libraries imported by <code>libgcc_s.so.1</code> and of the symbols which reference this library.</b>
 </p>
 
-![](img/symlinks.png)
+![](docs/img/symlinks.png)
 <p align="center">
 <b>An example of the symlinks which point on <code>busybox</code>.</b>
 </p>
 
-
 ## Installation
 
 The installation is done in three parts:
 
-- Installing mapper external dependencies: 
-      * IDA dissassembler (with the decompilation option for the `exe-decomp` mapper).
-      * [`Quokka` IDA plugin](https://github.com/quarkslab/quokka/releases).
-- Installing `Pyrrha` as a Python module (`pip install pyrrha-mapper` or from the sources).
-- Installing [`NumbatUI`](https://github.com/quarkslab/NumbatUI) (or [`Sourcetrail`](https://github.com/CoatiSoftware/Sourcetrail)) to be able to visualize Pyrrha's results. 
-
-
-!!! example "Quick Start" 
-
-    === "Sourcetrail"
-
-         1. Install Quokka plugin by downloaded the appropriate version from its [release](https://github.com/quarkslab/quokka/releases) page. Then follow the instructions according to your OS.
-
-         2. Install Sourcetrail and Pyrrha.
-
-            === "Linux"
-                ```bash
-                SOURCETRAIL_URL='https://github.com/CoatiSoftware/Sourcetrail/releases/download/2021.4.19/Sourcetrail_2021_4_19_Linux_64bit.tar.gz'
-                CHECKSUM=""f65a401daad8e16f29f7b2ff062a559999b6a8d44606db36cdf803de0cd7816d
-                EXTRACTION_DIR="/tmp/Sourcetrail_2021_4_19_Linux_64bit"
-                DOWNLOAD_PATH="$EXTRACTION_PATH.tar.gz"
-
-                wget $SOURCETRAIL_URL -O $DOWNLOAD_PATH
-                echo $CHECKSUM $DOWNLOAD_PATH | sha256sum -c 
-
-                if [ $? == 0 ]; then
-                   echo '==== Install Sourcetrail'
-                   tar xf $DOWNLOAD_PATH -C $EXTRACTION_DIR
-                   sudo $EXTRACTION_DIR/Sourcetrail/install.sh
-                   rm -rf $DOWNLOAD_PATH $EXTRACTION_DIR
-                fi
-
-                # Install pyrrha
-                if [ $? == 0 ]; then
-                   echo '==== Install Pyrrha'
-                   pip install pyrrha-mapper
-                fi
-                ```
-            === "Windows"
-
-                  1. Download last Sourcetrail [release](https://github.com/CoatiSoftware/Sourcetrail/releases), unzip it and run the `setup.exe`.
-                  2. Install pyrrha: `pip install pyrrha-mapper`
-
-            === "MacOS"
-
-                  1. Download last Sourcetrail [release](https://github.com/CoatiSoftware/Sourcetrail/releases), and install it following [Sourcetrail documentation](https://github.com/CoatiSoftware/Sourcetrail/releases).
-                  2. Install pyrrha: `pip install pyrrha-mapper`
+1. Install mapper external dependencies: IDA dissassembler (with the decompilation option for the `exe-decomp` mapper) and [`Quokka` IDA plugin](https://github.com/quarkslab/quokka/releases).
+1. Install `Pyrrha` itself.
+1. Install [`NumbatUI`](https://github.com/quarkslab/NumbatUI) (or [`Sourcetrail`](https://github.com/CoatiSoftware/Sourcetrail)) to be able to visualize Pyrrha's results. 
 
+> [!NOTE]
+> A quick start installation is available on [Pyrrha documentation](https://quarkslab.github.io/pyrrha/#installation).
 
-    === "NumbatUI (Ubuntu/Debian)"
-
-         _Tested only for last Ubuntu/Debian._
-
-         First install Quokka plugin by downloaded the appropriate version from its [release](https://github.com/quarkslab/quokka/releases) page.
-
-         Then run the following script that will clone and build `NumbatUI` and install `Pyrrha`. `NumbatUI` will in `numbatui/build/Release/app`.
-
-         ```
-         # Prerequisites for Numbat UI
-         sudo apt-get update
-         sudo apt-get install -y \
-                      cmake \
-                      git \
-                      build-essential \
-                      libboost-filesystem-dev libboost-program-options-dev libboost-system-dev libboost-date-time-dev \
-                      qt6-svg-dev qt6-base-dev qt6-5compat-dev \
-                      unzip wget \
-                      libclang-17-dev clang-17
-
-         # Clone and Build NumbatUI
-         git clone https://github.com/quarkslab/NumbatUI.git numbatui 
-         cd numbatui
-         mkdir -p build/Release 
-         cd build/Release
-         cmake -DCMAKE_BUILD_TYPE="Release" -DBUILD_CXX_LANGUAGE_PACKAGE=ON -DBUILD_PYTHON_LANGUAGE_PACKAGE=ON ../.. && make NumbatUI -j $(nproc)
-
-         # Install pyrrha
-         pip install pyrrha-mapper
-         ```
-
-
-
-Detailed instructions can be found on the [dedicated documentation page](https://quarkslab.github.io/pyrrha/installation/).
-
+ <!-- # --8<-- [start:usage]-->
 ## Usage
-The usage workflow is composed of two steps which allow you to separate DB creation and result visualization.
-
-1. Run Pyrrha to obtain NumbatUI compatible files (`*.srctrlprj` for the project file and `*.srctrldb` for the DB file). With the python package, you can just launch the command:
-   ```
-   > pyrrha
-   Usage: pyrrha [OPTIONS] COMMAND [ARGS]...
 
-   Mapper collection for firmware analysis.
-
-   Options:
-    -h, --help  Show this message and exit.
-
-   Commands:
-    exe-decomp  Map an executable call graph with its decompiled code.
-    fs          Map PE and ELF files of a filesystem into a sourcetrail-compatible db.
-    fs-cg       Map the Call Graph of every firmware executable a sourcetrail-compatible db.
+The usage workflow is composed of two steps which allow you to separate DB creation and result visualization.
 
-   ```
-2. Visualize your results with Sourcetrail
-   ```
-   > numbatui PROJECT_NAME.srctrlprj
-   ```
+1. Run Pyrrha to obtain NumbatUI compatible files (`*.srctrlprj` for the project file and `*.srctrldb` for the DB file). With the python package, you can just launch the command `pyrrha`.
+2. Visualize your results with Sourcetrail/NumbatUI. 
 
-The detailed documentation of each mapper is available in the [documentation](https://quarkslab.github.io/pyrrha/mappers/mappers/).
+ <!-- # --8<-- [end:usage] -->
+> [!NOTE]
+> The detailed documentation of each mapper is available in the [documentation](https://quarkslab.github.io/pyrrha/mappers/mappers/).
 
+ <!-- # --8<-- [start:publications]-->
 ## Publications
 
 Pyrrha has been presented by Eloïse Brocas at two conferences listed below. These talks include live demo of the `fs` parser which map links between libraries and executables files.
@@ -140,10 +66,14 @@ The theoritical details below the `fs-cg` and `exe-decomp` mappers implementatio
 
 - Streamlining Firmware Analysis with Inter-Image Call Graphs and Decompilation, *RE/verse.io 2025*. [[slides]](https://github.com/quarkslab/conf-presentations/blob/master/Confs/REverse-25/REverse_firmware_analysis_2025.pdf) [[video]](https://www.youtube.com/watch?v=LsDnrfZt_Xs)
 
+ <!-- # --8<-- [end:publications] -->
+
+ <!-- # --8<-- [start:authors] -->
 ## Authors
 - Eloïse Brocas (@ebrocas), Quarkslab
 - Robin David (@RobinDavid), Quarkslab
 
 
 ### Past Contributors
-- Pascal Wu (@pwu42), during his internship at Quarkslab
+- Pascal Wu (@pwu42), during his internship at Quarkslab
+<!-- # --8<-- [end:authors] -->
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""Diff two Pyrrha result JSON exports.It removes the kernel mangling."""
+
+import argparse
+from pathlib import Path
+
+from pyrrha_mapper import FileSystem
+
+
+def existing_file(raw_path: str) -> Path | None:
+    """Check if a path correspond to an existing file and transform it into a pathlib.Path object.
+
+    :param raw_path: the given path (as a string)
+    :return: the corresponding pathlib.Path object
+    """
+    if not Path(raw_path).exists():
+        raise argparse.ArgumentTypeError('"{}" does not exist'.format(raw_path))
+    elif not Path(raw_path).is_file():
+        raise argparse.ArgumentTypeError('"{}" is not a file'.format(raw_path))
+    return Path(raw_path)
+
+
+def main():
+    """Diff two exports of `fs` result."""
+    parser = argparse.ArgumentParser()
+    parser.add_argument("json1", type=existing_file, help="Path to old filesystem JSON.")
+    parser.add_argument("json2", type=existing_file, help="Path to new filesystem JSON.")
+    args = parser.parse_args()
+
+    old_fs = FileSystem.from_json_export(args.json1)
+    new_fs = FileSystem.from_json_export(args.json2)
+
+    # Compute and display changes of binaries
+    old_bins = {b.path for b in old_fs.iter_binaries()}
+    new_bins = {b.path for b in new_fs.iter_binaries()}
+    added_bin = new_bins - old_bins
+    removed_bin = old_bins - new_bins
+    for type, bin_set in [("no longer", removed_bin), ("added", added_bin)]:
+        print(f"\nBinaries {type} in {args.json2}:")
+        for b in bin_set:
+            print(f"\t- {b}")
+
+    print("\nCommon binaries that have changed:")
+    count = 0
+    for b1, b2 in (
+        (old_fs.get_binary_by_path(path), new_fs.get_binary_by_path(path))
+        for path in old_bins.intersection(new_bins)
+    ):
+        is_different = False
+        old_libs, new_libs = set(b1.imported_library_names), set(b2.imported_library_names)
+        if old_libs != new_libs:
+            count += 1
+            print(f"{b1.name} have changed:")
+            is_different = True
+            for type, bin_set in [("removed", old_libs - new_libs), ("added", new_libs - old_libs)]:
+                for lib in bin_set:
+                    print(f"\t- lib {type}: {lib}")
+
+        old_symbs, new_symbs = set(b1.imported_symbol_names), set(b2.imported_symbol_names)
+        if old_symbs != new_symbs:
+            if not is_different:
+                count += 1
+                print(f"{b1.name} have changed:")
+            is_different = True
+            for type, bin_set in [
+                ("removed", old_symbs - new_symbs),
+                ("added", new_symbs - old_symbs),
+            ]:
+                for lib in bin_set:
+                    print(f"\t- imported symbol {type}: {lib}")
+    print(f"Total having changed: {count}")
+
+
+if __name__ == "__main__":
+    main()
@@ -1 +1,98 @@
---8<-- "README.md"
+--8<-- "README.md:intro"
+
+<div class="grid cards" markdown>
+
+- ![](img/imports.png) <center> _Symbols and libraries imported by `libgcc_s.so.1`._</center>
+
+- ![](img/symlinks.png) <center>_Symlinks pointing on `busybox`._</center>
+</div>
+
+## Installation
+The installation is done in three parts:
+
+1. Install mapper external dependencies: IDA dissassembler (with the decompilation option for the `exe-decomp` mapper) and [`Quokka` IDA plugin](https://github.com/quarkslab/quokka/releases).
+1. Install `Pyrrha` itself.
+1. Install [`NumbatUI`](https://github.com/quarkslab/NumbatUI) (or [`Sourcetrail`](https://github.com/CoatiSoftware/Sourcetrail)) to be able to visualize Pyrrha's results. 
+
+!!! example "Quick Start" 
+
+    === "Sourcetrail"
+
+         1. Install Quokka plugin by downloaded the appropriate version from its [release](https://github.com/quarkslab/quokka/releases) page. Then follow the instructions according to your OS.
+
+         2. Install Sourcetrail and Pyrrha.
+
+            === "Linux"
+                ```bash
+                SOURCETRAIL_URL='https://github.com/CoatiSoftware/Sourcetrail/releases/download/2021.4.19/Sourcetrail_2021_4_19_Linux_64bit.tar.gz'
+                CHECKSUM=""f65a401daad8e16f29f7b2ff062a559999b6a8d44606db36cdf803de0cd7816d
+                EXTRACTION_DIR="/tmp/Sourcetrail_2021_4_19_Linux_64bit"
+                DOWNLOAD_PATH="$EXTRACTION_PATH.tar.gz"
+
+                wget $SOURCETRAIL_URL -O $DOWNLOAD_PATH
+                echo $CHECKSUM $DOWNLOAD_PATH | sha256sum -c 
+
+                if [ $? == 0 ]; then
+                   echo '==== Install Sourcetrail'
+                   tar xf $DOWNLOAD_PATH -C $EXTRACTION_DIR
+                   sudo $EXTRACTION_DIR/Sourcetrail/install.sh
+                   rm -rf $DOWNLOAD_PATH $EXTRACTION_DIR
+                fi
+
+                # Install pyrrha
+                if [ $? == 0 ]; then
+                   echo '==== Install Pyrrha'
+                   pip install pyrrha-mapper
+                fi
+                ```
+            === "Windows"
+
+                  1. Download last Sourcetrail [release](https://github.com/CoatiSoftware/Sourcetrail/releases), unzip it and run the `setup.exe`.
+                  2. Install pyrrha: `pip install pyrrha-mapper`
+
+            === "MacOS"
+
+                  1. Download last Sourcetrail [release](https://github.com/CoatiSoftware/Sourcetrail/releases), and install it following [Sourcetrail documentation](https://github.com/CoatiSoftware/Sourcetrail/releases).
+                  2. Install pyrrha: `pip install pyrrha-mapper`
+
+
+    === "NumbatUI (Ubuntu/Debian)"
+
+         _Tested only for last Ubuntu/Debian._
+
+         First install Quokka plugin by downloaded the appropriate version from its [release](https://github.com/quarkslab/quokka/releases) page.
+
+         Then run the following script that will clone and build `NumbatUI` and install `Pyrrha`. `NumbatUI` will in `numbatui/build/Release/app`.
+
+         ```
+         # Prerequisites for Numbat UI
+         sudo apt-get update
+         sudo apt-get install -y \
+                      cmake \
+                      git \
+                      build-essential \
+                      libboost-filesystem-dev libboost-program-options-dev libboost-system-dev libboost-date-time-dev \
+                      qt6-svg-dev qt6-base-dev qt6-5compat-dev \
+                      unzip wget \
+                      libclang-17-dev clang-17
+
+         # Clone and Build NumbatUI
+         git clone https://github.com/quarkslab/NumbatUI.git numbatui 
+         cd numbatui
+         mkdir -p build/Release 
+         cd build/Release
+         cmake -DCMAKE_BUILD_TYPE="Release" -DBUILD_CXX_LANGUAGE_PACKAGE=ON -DBUILD_PYTHON_LANGUAGE_PACKAGE=ON ../.. && make NumbatUI -j $(nproc)
+
+         # Install pyrrha
+         pip install pyrrha-mapper
+         ```
+
+!!! note
+    Detailed instructions can be found on the [dedicated documentation page](installation.md).
+
+--8<-- "README.md:usage"
+!!! note
+    The detailed documentation of each mapper is available in the [documentation](mappers/mappers.md).
+
+--8<-- "README.md:publications"
+--8<-- "README.md:authors"