ALLirt
Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
Install / Use
/learn @push0ebp/ALLirtREADME
ALLIRT
Tool that converts All of libc to signatures for IDA Pro FLIRT Plugin. and utility make sig with FLAIR easily
Usage
$ python3 allirt.py
Usage : python3 alirt.py (-o <out_dir> -s <start> -e <end> -f <flair_dir> -c <compress>)
you must have flair utilities. (pelf, sigmake, zipsig)
Options
$ allirt.py -h
Usage: allirt.py -o <out_dir>
Options:
-h, --help show this help message and exit
-o OUT_DIR, --outdir=OUT_DIR
set result directory
-s START, --start=START
set series start range
-e END, --end=END set series end range
-f FLAIR, --flair=FLAIR
set flair util directory
-c, --no-compress sig not compress
-f option is flair utilities directory ( default : flair )
├── dumpsig
├── pcf
├── pelf
├── pelf.rtb
├── plb
├── pmacho
├── pomf166
├── ppsx
├── ptmobj
├── sigmake
└── zipsig
requires pelf sigmake zipsig
Get all of signatures of libc packages
$ python3 allirt.py -f flair -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev
[INFO] OS Series (1/30) : warty (4.10)
[INFO] Architecture (1/3) : amd64
[INFO] Package Version (1/3) : 2.3.2.ds1-13ubuntu2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2 2018-06-03 02:09:52.441499
[INFO] Download Completed : http://launchpadlibrarian.net/1251110/libc6-dev_2.3.2.ds1-13ubuntu2_amd64.deb (2961464 bytes)
[INFO] Target library : ./usr/lib/libc.a
[INFO] Signature has been generated. -> tmp/ubuntu/4.10 (warty)/amd64/libc6_2.3.2.ds1-13ubuntu2_amd64.sig
[INFO] Package Version (2/3) : 2.3.2.ds1-13ubuntu2.2
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.2 2018-06-03 02:10:10.521781
[WARNING] Package deleted
[INFO] Package Version (3/3) : 2.3.2.ds1-13ubuntu2.3
[INFO] ubuntu 4.10 libc6-dev amd64 2.3.2.ds1-13ubuntu2.3 2018-06-03 02:10:11.242
.........................
[INFO] Architecture (5/5) : sparc
[WARNING] SKIPPED
[INFO] Finished
Get signatures of some libc packages
using -s start -e end options.
range of os series
$ python3 allirt.py -f flair -s 1 -e 2 -o tmp
[INFO] OS : ubuntu
[INFO] Package : libc6-dev
[INFO] OS Series (1/1) : hoary (5.04)
[INFO] Architecture (1/5) : amd64
[INFO] Package Version (1/3) : 2.3.2.ds1-20ubuntu13
[INFO] ubuntu 5.04 libc6-dev amd64 2.3.2.ds1-20ubuntu13 2018-06-03 02:04:58.0489
Result
└── ubuntu
├── 4.10\ (warty)
│ └── amd64
│ └── libc6_2.3.2.ds1-13ubuntu2_amd64.sig
└── 5.04\ (hoary)
├── amd64
│ ├── libc6_2.3.2.ds1-20ubuntu13_amd64.sig
│ └── libc6_2.3.2.ds1-20ubuntu15_amd64.sig
├── i386
│ ├── libc6_2.3.2.ds1-20ubuntu13_i386.sig
│ └── libc6_2.3.2.ds1-20ubuntu15_i386.sig
├── ia64
└── powerpc
├── libc6_2.3.2.ds1-20ubuntu13_powerpc.sig
└── libc6_2.3.2.ds1-20ubuntu15_powerpc.sig
TODO
- save a file (static library ex: libc.a)
- fliar.py command line interface
suggests me your idea and issue
this tool uses launchpad.net mirror. I am finding package mirrors.
Thanks to @hstocks - Unknown relocation type
Related Skills
node-connect
351.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.2kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
