Yara-X now has GUI support. #132

Author: travisgoodspeed

romsolverdialog.cpp

@@ -5,19 +5,26 @@
 #include "gatograderbytes.h"
 #include "gatograderstring.h"
 #include "gatograderyara.h"
+#include "gatograderyarax.h"
 #include "gatogradergoodasm.h"
 
 #include "maskromtool.h"
 #include "gatosolver.h"
 #include "gatorom.h"
-#include "extern/goodasm/goodasm.h"
 
 
 RomSolverDialog::RomSolverDialog(QWidget *parent) :
     QDialog(parent),
     ui(new Ui::RomSolverDialog)
 {
     ui->setupUi(this);
+#if YARAX_FOUND==1
+    //Nothing to do in the happy case.
+#else
+    //Sad case, we disable the page.
+    qDebug()<<"YaraX isn't linked into this build.  Disabling.";
+    ui->editYaraX->setEnabled(false);
+#endif
 }
 
 RomSolverDialog::~RomSolverDialog()
@@ -34,10 +41,6 @@ void RomSolverDialog::setYaraRule(QString rule){
     ui->editYara->setPlainText(yararule);
 }
 
-void RomSolverDialog::on_editYara_textChanged(){
-    yararule=ui->editYara->toPlainText();
-}
-
 /* Returns a new GatoGrader based upon the GUI settings.
  */
 GatoGrader* RomSolverDialog::grader(){
@@ -59,12 +62,22 @@ GatoGrader* RomSolverDialog::grader(){
             delete tmpfile;
         tmpfile=new QTemporaryFile();
         tmpfile->open();
+        yararule=ui->editYara->toPlainText();
         tmpfile->write(yararule.toStdString().data());
         tmpfile->flush();
         tmpfile->close();
         grader=new GatoGraderYara(tmpfile->fileName());
         break;
-    case 4: // GoodASM
+    case 4: // YaraX
+#if YARAX_FOUND==1
+        yaraxrule=ui->editYaraX->toPlainText();
+        grader=new GatoGraderYaraX(yaraxrule);
+#else
+        qDebug()<<"YaraX isn't linked into this build.";
+#endif
+        break;
+
+    case 5: // GoodASM
         grader=new GatoGraderGoodAsm(mrt->gatorom().goodasm());
         break;
     default:

romsolverdialog.h

@@ -21,13 +21,12 @@ class RomSolverDialog : public QDialog
     ~RomSolverDialog();
     void setMaskRomTool(MaskRomTool *mrt);
     void setYaraRule(QString rule);
-    QString yararule;
+    QString yararule, yaraxrule;
     GatoGrader* grader();
     void solve(QString solveset="");
 
 private slots:
     void on_butSolve_clicked();
-    void on_editYara_textChanged();
 
 private:
     Ui::RomSolverDialog *ui;

romsolverdialog.ui

@@ -33,10 +33,10 @@ p, li { white-space: pre-wrap; }
 hr { height: 1px; border-width: 0; }
 li.unchecked::marker { content: "\2610"; }
 li.checked::marker { content: "\2612"; }
-</style></head><body style=" font-family:'Ubuntu Sans'; font-size:11pt; font-weight:400; font-style:normal;">
-<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><span style=" font-family:'Ubuntu';">This solves for optionally masked bytes at absolute addresses.  Comma or space delimited, the records are colon separated with an address, a byte, and an optional mask.  Use the Byte String solver if you know the bytes, but not their address.</span></p>
-<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; font-family:'Ubuntu';"><br /></p>
-&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu';&quot;&gt;Examples:&lt;br /&gt;GameBoy: 0:31,1:fe,2:ff&lt;br /&gt;MYK82 Clipper Chip: 0:9b,7:ea &lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'.AppleSystemUIFont'; font-size:13pt; font-weight:400; font-style:normal;&quot;&gt;
+&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;This solves for optionally masked bytes at absolute addresses.  Comma or space delimited, the records are colon separated with an address, a byte, and an optional mask.  Use the Byte String solver if you know the bytes, but not their address.&lt;/span&gt;&lt;/p&gt;
+&lt;p style=&quot;-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;&lt;br /&gt;&lt;/p&gt;
+&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;Examples:&lt;br /&gt;GameBoy: 0:31,1:fe,2:ff&lt;br /&gt;MYK82 Clipper Chip: 0:9b,7:ea &lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
          </property>
         </widget>
        </item>
@@ -66,10 +66,10 @@ p, li { white-space: pre-wrap; }
 hr { height: 1px; border-width: 0; }
 li.unchecked::marker { content: &quot;\2610&quot;; }
 li.checked::marker { content: &quot;\2612&quot;; }
-&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'Ubuntu Sans'; font-size:11pt; font-weight:400; font-style:normal;&quot;&gt;
-&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu';&quot;&gt;This searches for a string of bytes within the image, at any offset.  The string is comma or space delimited.&lt;/span&gt;&lt;/p&gt;
-&lt;p style=&quot;-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; font-family:'Ubuntu';&quot;&gt;&lt;br /&gt;&lt;/p&gt;
-&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu';&quot;&gt;In MYK82, we can search for BNE instructions with &amp;quot;00,00,1a&amp;quot; to reveal 22 solutions, one of which is right.&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'.AppleSystemUIFont'; font-size:13pt; font-weight:400; font-style:normal;&quot;&gt;
+&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;This searches for a string of bytes within the image, at any offset.  The string is comma or space delimited.&lt;/span&gt;&lt;/p&gt;
+&lt;p style=&quot;-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;&lt;br /&gt;&lt;/p&gt;
+&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;In MYK82, we can search for BNE instructions with &amp;quot;00,00,1a&amp;quot; to reveal 22 solutions, one of which is right.&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
          </property>
         </widget>
        </item>
@@ -99,8 +99,8 @@ p, li { white-space: pre-wrap; }
 hr { height: 1px; border-width: 0; }
 li.unchecked::marker { content: &quot;\2610&quot;; }
 li.checked::marker { content: &quot;\2612&quot;; }
-&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'Ubuntu Sans'; font-size:11pt; font-weight:400; font-style:normal;&quot;&gt;
-&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu';&quot;&gt;This solves for ASCII strings.  Some ROMs are devoid of them, but in others they stand out brilliantly.&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
+&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'.AppleSystemUIFont'; font-size:13pt; font-weight:400; font-style:normal;&quot;&gt;
+&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-family:'Ubuntu'; font-size:11pt;&quot;&gt;This solves for ASCII strings.  Some ROMs are devoid of them, but in others they stand out brilliantly.&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
          </property>
         </widget>
        </item>
@@ -114,13 +114,46 @@ li.checked::marker { content: &quot;\2612&quot;; }
        <item>
         <widget class="QPlainTextEdit" name="editYara">
          <property name="plainText">
-          <string>rule ExampleRule
-{
-    strings:
-        $hex = { 9b 06 00 ea }
+          <string>// This is a Yara rule.  It works by shelling out to the &quot;yara&quot; command
+// with temporary files, and it's a lot slower than the modern YaraX
+// driver.  At some point we'll deprecate it.
 
-    condition:
-        $hex
+rule gameboy {
+strings:
+  $nintendo = {CE ED 66 66 CC 0D 00 0B 03 73 00 83 00 0C 00 0D}
+
+condition:
+  $nintendo
+}
+</string>
+         </property>
+        </widget>
+       </item>
+      </layout>
+     </widget>
+     <widget class="QWidget" name="tabYaraX">
+      <attribute name="title">
+       <string>YaraX</string>
+      </attribute>
+      <layout class="QVBoxLayout" name="verticalLayout_7">
+       <item>
+        <widget class="QPlainTextEdit" name="editYaraX">
+         <property name="plainText">
+          <string>// This is a YaraX rule, parsed by the C++ library.  It's a lot faster
+// than the Yara driver, but only exists if you installed the YaraX CAPI
+// before building MaskRomTool.
+
+
+// The GameBoy boot ROM contains a bitmap of Nintendo's logo, compared
+// against a matching bitmap in every cartridge.  Here we check for the
+// first row of the logo.
+
+rule gameboy {
+strings:
+  $nintendo = {CE ED 66 66 CC 0D 00 0B 03 73 00 83 00 0C 00 0D}
+
+condition:
+  $nintendo
 }
 </string>
          </property>