diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/EncryptedInformationCommand.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/EncryptedInformationCommand.java index 3af4045f34..0fbb222f3b 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/EncryptedInformationCommand.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/EncryptedInformationCommand.java @@ -37,13 +37,15 @@ public class EncryptedInformationCommand extends LoadCommand { private int cryptoff; private int cryptsize; private int cryptid; + + private boolean is32bit; static EncryptedInformationCommand createEncryptedInformationCommand( - FactoryBundledWithBinaryReader reader) throws IOException { + FactoryBundledWithBinaryReader reader, boolean is32bit) throws IOException { EncryptedInformationCommand command = (EncryptedInformationCommand) reader.getFactory().create( EncryptedInformationCommand.class); - command.initEncryptedInformationCommand(reader); + command.initEncryptedInformationCommand(reader, is32bit); return command; } @@ -53,9 +55,11 @@ public class EncryptedInformationCommand extends LoadCommand { public EncryptedInformationCommand() { } - private void initEncryptedInformationCommand(FactoryBundledWithBinaryReader reader) - throws IOException { + private void initEncryptedInformationCommand(FactoryBundledWithBinaryReader reader, + boolean is32bit) throws IOException { initLoadCommand(reader); + this.is32bit = is32bit; + cryptoff = reader.readNextInt(); cryptsize = reader.readNextInt(); cryptid = reader.readNextInt(); @@ -102,6 +106,9 @@ public class EncryptedInformationCommand extends LoadCommand { struct.add(DWORD, "cryptoff", null); struct.add(DWORD, "cryptsize", null); struct.add(DWORD, "cryptid", null); + if (!is32bit) { + struct.add(DWORD, "pad", null); + } struct.setCategoryPath(new CategoryPath(MachConstants.DATA_TYPE_CATEGORY)); return struct; } diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/LoadCommandTypes.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/LoadCommandTypes.java index 03dbcd9c9a..ac112a6c13 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/LoadCommandTypes.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/bin/format/macho/commands/LoadCommandTypes.java @@ -124,8 +124,10 @@ public final class LoadCommandTypes { case LC_REEXPORT_DYLIB: { return DynamicLibraryCommand.createDynamicLibraryCommand(reader); } - case LC_ENCRYPTION_INFO: { - return EncryptedInformationCommand.createEncryptedInformationCommand(reader); + case LC_ENCRYPTION_INFO: + case LC_ENCRYPTION_INFO_64: { + return EncryptedInformationCommand.createEncryptedInformationCommand(reader, + header.is32bit()); } case LC_DYLD_INFO: case LC_DYLD_INFO_ONLY: { diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MachoProgramBuilder.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MachoProgramBuilder.java index fe75402ec4..2fab612d7a 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MachoProgramBuilder.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/MachoProgramBuilder.java @@ -112,6 +112,7 @@ public class MachoProgramBuilder { monitor.setCancelEnabled(true); setImageBase(); + processEncryption(); processEntryPoint(); processMemoryBlocks(machoHeader, provider.getName(), true, true); processUnsupportedLoadCommands(); @@ -155,6 +156,17 @@ public class MachoProgramBuilder { program.setImageBase(space.getAddress(0), true); } } + + private void processEncryption() throws Exception { + monitor.setMessage("Processing encryption..."); + for (EncryptedInformationCommand cmd : machoHeader + .getLoadCommands(EncryptedInformationCommand.class)) { + if (cmd.getCryptID() != 0) { + log.appendMsg(String.format("ENCRYPTION DETECTED: (file offset 0x%x, size 0x%x)", + cmd.getCryptOffset(), cmd.getCryptSize())); + } + } + } private void processEntryPoint() throws Exception { monitor.setMessage("Processing entry point...");