IDA Pro 安装
- IDA 9.0 下载地址:https://dl.naixi.net/tools/ida/9.0
- 激活
cd /Applications/IDA Professional 9.0.app/Contents/MacOS
python3 sigpayload.py
mv libida.dylib.patched libida.dylib
mv libida64.dylib.patched libida64.dylib
cp ~/Downloads/arm_mac_user64.dylib /Applications/IDA Professional 9.0.app/Contents/MacOS/plugin
sudo codesign --remove-signature libida.dylib && sudo codesign -f -s - --timestamp=none --all-architectures --deep libida.dylib && sudo xattr -cr libida.dylib
sudo codesign --remove-signature libida64.dylib && sudo codesign -f -s - --timestamp=none --all-architectures --deep libida64.dylib && sudo xattr -cr libida64.dylib
cd plugin
sudo codesign --remove-signature arm_mac_user64.dylib && sudo codesign -f -s - --timestamp=none --all-architectures --deep arm_mac_user64.dylib && sudo xattr -cr arm_mac_user64.dylibKeypatch 插件安装
安装依赖
- cmake 安装:
brew install cmake - 安装依赖
pip install keystone-engine
pip install six- 下载 Keypatch:https://github.com/keystone-engine/keypatch/blob/master/keypatch.py
- 将 Keystone 复制到 IDA Pro 目录
# 可通过 pip show keystone-engine 查看所在目录
sudo cp -r /opt/homebrew/Caskroom/miniconda/base/envs/python3.9.6/lib/python3.9/site-packages/keystone /Applications/IDA\
Professional\ 9.0.app/Contents/MacOS/python
sudo cp -r /opt/homebrew/Caskroom/miniconda/base/envs/python3.9.6/lib/python3.9/site-packages/six.py /Applications/IDA\
Professional\ 9.0.app/Contents/MacOS/python- 放置 Keypatch 插件文件
sudo cp keypatch.py /Applications/IDA Professional 9.0.app/Contents/MacOS/pluginsdylib自编译
尽管我们在安装 keystone-engine 前已经安装了 cmake ,但是还是可能会没有 dylib 文件,这里我们在本地自编译生成 dylib 文件
- 拉取项目
git clone <https://github.com/keystone-engine/keystone.git>
cd keystone
mkdir build- 修改
make-common.sh文件
ARCH='arm64'- 修改
make-shared.sh文件,添加了指定 cmake 最低版本
# 修改前
cmake -DBUILD_LIBS_ONLY=$BUILD_LIBS_ONLY -DLLVM_BUILD_32_BITS="$LLVM_BUILD_32_BITS" -DCMAKE_OSX_ARCHITECTURES="$ARCH" -DCMAKE_BUILD_TYPE=$BUILDTYPE -DBUILD_SHARED_LIBS=ON -DLLVM_TARGETS_TO_BUILD="all" -G "Unix Makefiles" ..
# 修改后
cmake -DBUILD_LIBS_ONLY=$BUILD_LIBS_ONLY -DLLVM_BUILD_32_BITS="$LLVM_BUILD_32_BITS" -DCMAKE_OSX_ARCHITECTURES="$ARCH" -DCMAKE_BUILD_TYPE=$BUILDTYPE -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -DBUILD_SHARED_LIBS=ON -DLLVM_TARGETS_TO_BUILD="all" -G "Unix Makefiles" ..- 修改主目录下和
llvm目录下CMakeLists.txt文件,将有关POLICY CMP0051代码注释掉 - 编译
cd build
../make-shared.sh- 编译完成后会在
build/llvm/lib目录下生成libkeystone.dylib和libkeystone.0.dylib动态库,将其拷贝到 IDA 对应目录即可
