I’ve been reading the MIASM.re blog recently and I wanted to give miasm a try. The scope of this article is to provide guidance on how to build miasm on macOS and introduce miasm to my readers.
Miasm is a free and open source (GPLv2) reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features:
– https://github.com/cea-sec/miasm/
If you’re curious about miasm’s powers you should give these articles a quick read:
- Fast DGA generation with Miasm
- Deobfuscation: recovering an OLLVM-protected program
- Taming a wild nanomite-protected MIPS binary with symbolic execution: No Such Crackme
Using MIASM with Docker
To execute the following command you must have Docker installed.
|
|
In order to get a running shell and mount the current working directory in the container you can use the following command:
|
|
The working directory of the host machine is mounted in the container under /host. Running miasm scripts with python should be straight forward now.
One drawback to this approach is that the docker image was updated a year ago and it might not contain the latest functionality.
Building MIASM os macOS
To build MIASM on macOS you will need Python 2.7.* installed. If you don’t have it you can use PyEnv to install it. To build Python you need to install openssl from brew, link it and export the compiler variables. After getting that done you can proceed by installing elfesteem and other miasm dependencies.
|
|
Now clone miasm’s repo and prepare manually patch a header file.
|
|
If you build MIASM before the patch the build will fail with errors indicating the use of two undeclared identifiers: __LITTLE_ENDIAN and __BIG_ENDIAN. To fix this, edit the miasm2/jitter/vm_mngr.h file as shown in the github link.
Building and installing miasm should work now. To check if it’s working try running a script from the examples directory.
|
|
Next step is to add miasm’s jitter libraries to the path. Your miasm location and build folder name may be different:
|
|
Thanks for reading and happy holidays!