Installing MIASM on macOS

I’ve been reading the MIASM.re blog recently and I wanted to give miasm a try. The scope of this article is to provide guidance on how to build miasm on macOS and introduce miasm to my readers.

Miasm is a free and open source (GPLv2) reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features:

– https://github.com/cea-sec/miasm/

If you’re curious about miasm’s powers you should give these articles a quick read:

• Fast DGA generation with Miasm
• Deobfuscation: recovering an OLLVM-protected program
• Taming a wild nanomite-protected MIPS binary with symbolic execution: No Such Crackme

Using MIASM with Docker

To execute the following command you must have Docker installed.

docker pull miasm/base

In order to get a running shell and mount the current working directory in the container you can use the following command:

docker run --rm -it --user root -v ${PWD}:/host miasm/base bash 

The working directory of the host machine is mounted in the container under /host. Running miasm scripts with python should be straight forward now.

One drawback to this approach is that the docker image was updated a year ago and it might not contain the latest functionality.

Building MIASM os macOS

To build MIASM on macOS you will need Python 2.7.* installed. If you don’t have it you can use PyEnv to install it. To build Python you need to install openssl from brew, link it and export the compiler variables. After getting that done you can proceed by installing elfesteem and other miasm dependencies.

git clone https://github.com/serpilliere/elfesteem.git elfesteem 
cd elfesteem 
python setup.py build 
python setup.py install
pip install pyparsing 
pip install pycparser 

Now clone miasm’s repo and prepare manually patch a header file.

git clone https://github.com/cea-sec/miasm.git miasm
cd miasm
# patch the file (details below)
python setup.py build
python setup.py install

If you build MIASM before the patch the build will fail with errors indicating the use of two undeclared identifiers: __LITTLE_ENDIAN and __BIG_ENDIAN. To fix this, edit the miasm2/jitter/vm_mngr.h file as shown in the github link.

Building and installing miasm should work now. To check if it’s working try running a script from the examples directory.

(miasm) ➜  miasm git:(master) python example/disasm/full.py
 usage: Disassemble a binary [-h] [-m ARCHITECTURE] [-f] [-b BLOCKWATCHDOG]
                             [-n FUNCSWATCHDOG] [-r] [-v] [-g] [-z] [-l] [-s]
                             [-o SHIFTOFFSET] [-a] [-i] [-c] [-d] [-p] [-x]
                             [-y]
                             filename [address [address …]]
 Disassemble a binary: error: too few arguments

Next step is to add miasm’s jitter libraries to the path. Your miasm location and build folder name may be different:

xport DYLD_LIBRARY_PATH="~/miasm/miasm/build/lib.macosx-10.14-x86_64-2.7/miasm2/jitter:~/miasm/miasm/build/lib.macosx-10.14-x86_64-2.7/miasm2/jitter/arch"

Thanks for reading and happy holidays!