You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can reproduce the issue as well. Another sample if it can prove useful: the WeaponX malware: weaponx.tar.gz.
LIEF reports it like this:
Parsing MachO
Arch: Out of range
[+] Building Load commands
Load commands are corrupted
Header
======
Magic CPU Type CPU subtype File type NCMDS Sizeof cmds Reserved Flags
CIGAM Out of range0 Out of range 3000000 10020000 0
Commands
========
Sections
========
Symbols
=======
while it should be more like this (for the header):
LIEF reported a CPU type of 301989888, which is 0x12000000, i.e. 18 in big endian.
Fixing this issue could require refactoring a good portion of the code-base in order to be able to read integers in both possible byte-orders in all possible cases. Maybe the way the Rust object crate handles it can be of inspiration for this, for example with the mach header.
Describe the bug
MachO parser doesn't check byteorder when parsing header.
To Reproduce
Try to parse: macho.zip
password is 123456
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: