FindInst

1. import os
2. import r2pipe
3. import re
4. import platform
5.  
6. def clear_console():
7.     os.system('cls' if platform.system() == 'Windows' else 'clear')
8.  
9. clear_console()
10.  
11. wlcm_msg = """\033[38;5;208m
12. _____ _           _   ___           _  
13. |  ___(_)_ __   __| | |_ _|_ __  ___| |_
14. | |_  | | '_ \\ / _` |  | || '_ \\/ __| __|
15. |  _| | | | | | (_| |  | || | | \\__ \\ |_
16. |_|   |_|_| |_|\\__,_| |___|_| |_|___/\\__|   V1\033[0m"""
17.  
18. print(wlcm_msg)
19.  
20. print("\033[34m\n↯ Big Thanks to sir Kirlif' For pptool\033[0m")
21. print("\033[34m➜ This Tool Is Designed By Mohamed Abozaid To Help Patching libapp.so In Obfuscated Flutter Apps.\n\033[0m")
22.  
23.  
24. def get_app_so_path():
25.     path = input("\033[93m◉ Please enter the path to libapp.so\n(or press Enter to use the default path): \033[0m").strip()
26.     if not path:
27.         path = "/storage/emulated/0/MT2/apks/libapp.so"
28.         print("\033[93m\n☛ Default path selected: /storage/emulated/0/MT2/apks/libapp.so\n\033[0m")
29.     return path
30.  
31. def get_string_address():
32.     str_addr = input("\033[1;36m◉ Please enter the string address from pp.txt file: \033[0m").strip()
33.     return str_addr
34.    
35. def reg_choice():
36.     choices = '''
37. \033[35mWhat do you want to search for (chose by number) ?
38. [1] add x0, x22, 0x30 (specified)
39. [2] add reg1, reg2, 0x30 (global)
40. ⇒ \033[0m'''
41.     choice = str(input(choices).strip())
42.     if choice == '1' :
43.         regex = r'(?P<offset>0x[0-9a-fA-F]+)\s+.*add\s+x0,\s+x22,\s+0x30'
44.         return regex
45.     elif choice == '2' :
46.         regex = r'(?P<offset>0x[0-9a-fA-F]+)\s+.*add\s+x\d+,\s+x\d+,\s+0x30'
47.         return regex
48.     else :
49.         print('\033[91m\n⚠Wrong Choice\033')
50.  
51. def run_pptool(app_so, str_addr):
52.     cmd = f"pptool -cd {app_so} {str_addr}"
53.     result = os.popen(cmd).read()
54.     return result
55.  
56. def get_func_addr(ppout):
57.     pattern = r'･\d+\s+(0x[0-9a-fA-F]+)'
58.     funcs_addrs = re.findall(pattern, ppout)
59.     return funcs_addrs
60.  
61. def analyze(r2, funcs_addrs, regex):
62.     results = []
63.     try:
64.         for addr in funcs_addrs:
65.             r2.cmd(f's {addr}')
66.             r2.cmd('af')
67.             disassembly = r2.cmd("pdr")
68.             instruction_pattern = re.compile(f'{regex}')
69.             match = instruction_pattern.search(disassembly)
70.             if match:
71.                 results.append((addr, match.group('offset')))
72.     except Exception as err:
73.         print(f'\033[91m\n⚠ An error occurred during analysis: {err}\033[0m')
74.     return results
75.  
76. def main():
77.     app_so = get_app_so_path()
78.     str_addr = get_string_address()
79.     ppout = run_pptool(app_so, str_addr)
80.     funcs_offsets = get_func_addr(ppout)
81.     regex = reg_choice()
82.     if regex == r'(?P<offset>0x[0-9a-fA-F]+)\s+.*add\s+x0,\s+x22,\s+0x30':
83.         msg = '↯ add x0, x22, 0x30'
84.     elif regex == r'(?P<offset>0x[0-9a-fA-F]+)\s+.*add\s+x\d+,\s+x\d+,\s+0x30':
85.         msg = '↯ add reg1, reg2, 0x30'
86.     msg = msg
87.     if not funcs_offsets:
88.         print("\n\033[4;91m\n⚠ No valid offsets found in pptool output.\033[4;0m")
89.         return
90.    
91.     try:
92.         r2 = r2pipe.open(app_so, flags=['-2', '-w', '-e bin.cache=true'])
93.     except Exception as e:
94.         print(f"\n\033[91m\n⚠ Failed to open the binary with r2pipe: {e}\033[0m")
95.         return
96.     results = analyze(r2, funcs_offsets, regex)
97.    
98.     if results:
99.         for func_addr, instruction_offset in results:
100.             print(f"\n\033[1;92m{msg} found at offset: {instruction_offset} in Function: {func_addr}\033[1;0m")
101.     else:
102.         print("\033[4;91m\n⚠ Search results: 0 for this instruction\033[0m")
103.  
104. if __name__ == "__main__":
105.     main()
106.