OpenSSL 1.1.1 about flirtdb HOT 24 OPEN

Yeah, I've got right the same result as you when trying to use plb under Windows
I"ve got more info when using nm command against your .a file

nm libssl.a  
nm: bio_ssl.o: File format not recognized
nm: d1_lib.o: File format not recognized
nm: d1_msg.o: File format not recognized
nm: d1_srtp.o: File format not recognized
nm: methods.o: File format not recognized
nm: packet.o: File format not recognized
nm: pqueue.o: File format not recognized
nm: dtls1_bitmap.o: File format not recognized
nm: rec_layer_d1.o: File format not recognized
nm: rec_layer_s3.o: File format not recognized
nm: ssl3_buffer.o: File format not recognized
nm: ssl3_record.o: File format not recognized
nm: ssl3_record_tls13.o: File format not recognized
nm: s3_cbc.o: File format not recognized
nm: s3_enc.o: File format not recognized
nm: s3_lib.o: File format not recognized
nm: s3_msg.o: File format not recognized
nm: ssl_asn1.o: File format not recognized
nm: ssl_cert.o: File format not recognized
nm: ssl_ciph.o: File format not recognized
nm: ssl_conf.o: File format not recognized
nm: ssl_err.o: File format not recognized
nm: ssl_init.o: File format not recognized
nm: ssl_lib.o: File format not recognized
nm: ssl_mcnf.o: File format not recognized
nm: ssl_rsa.o: File format not recognized
nm: ssl_sess.o: File format not recognized
nm: ssl_stat.o: File format not recognized
nm: ssl_txt.o: File format not recognized
nm: ssl_utst.o: File format not recognized
nm: extensions.o: File format not recognized
nm: extensions_clnt.o: File format not recognized
nm: extensions_cust.o: File format not recognized
nm: extensions_srvr.o: File format not recognized
nm: statem.o: File format not recognized
nm: statem_clnt.o: File format not recognized
nm: statem_dtls.o: File format not recognized
nm: statem_lib.o: File format not recognized
nm: statem_srvr.o: File format not recognized
nm: t1_enc.o: File format not recognized
nm: t1_lib.o: File format not recognized
nm: t1_trce.o: File format not recognized
nm: tls13_enc.o: File format not recognized
nm: tls_srp.o: File format not recognized

and if you check the embedded object files form the archive file you will figure out that they were built Mac OS:

 file ./tls_srp.o 
./tls_srp.o: Mach-O 64-bit x86_64 object, flags:<|SUBSECTIONS_VIA_SYMBOLS>

so I believe you need to use IDA under Mac in order to get the sig files by FLIRT

from flirtdb.

Heh, it's much more easier - try to use tool named pmacho.exe (it understands Mach-o format)
then feed the resulted .pat file into sigmake
that easy

from flirtdb.

Would you help me do that please?

from flirtdb.

I managed to create it some time ago
it was for OpenSSL 1.1.1a Library x64 (MSVC 16)
uploaded here https://www.sendspace.com/file/m28j31

from flirtdb.

I managed to create it some time ago it was for OpenSSL 1.1.1a Library x64 (MSVC 16) uploaded here https://www.sendspace.com/file/m28j31

I use the ida SDK tool flair to convert [libssl.lib]->[libssl.sig], but the size is abnormal. Can you share your flair tool? Or is it easier to communicate?

from flirtdb.

What do you mean under abnormal size
too big or too low...
Flair tool AFAIK is not a public domain...
lets discuss what's wrong going on
what ver do you use and what OS, etc

from flirtdb.

What do you mean under abnormal size too big or too low... Flair tool AFAIK is not a public domain... lets discuss what's wrong going on what ver do you use and what OS, etc

I am using IDA_Pro_v7.5, the generated file is too small, and the symbols related to openssl cannot be recovered by importing ida, but the articles I read are indeed ok. I imported his libssl.sig and recovered many symbols, but his version is 1.1.1i, not openssl1.1.1k which I want.

(https://github.com/avcatshy/noobs/tree/main/zoom-easy-analysis)

from flirtdb.

What do you mean under abnormal size too big or too low... Flair tool AFAIK is not a public domain... lets discuss what's wrong going on what ver do you use and what OS, etc

He is compiled with mac, can you convert his [.a] file to [.sig] file? When I use the command "plb libssl.a" to convert it keeps getting an error:
"xxx\xxx\libssl.a: skipped 44, total 44"

https://github.com/avcatshy/noobs/tree/main/zoom-easy-analysis/zoomRSA_OpenSSL/lib

from flirtdb.

Heh, it's much more easier - try to use tool named pmacho.exe (it understands Mach-o format) then feed the resulted .pat file into sigmake that easy

First of all thank you very much for your help! I also tried to use the pmacho tool, the size of the converted pat file looks normal, but the sig file converted by sigmark is extraordinarily small (for example, libssl.sig is only 30kb)

from flirtdb.

Heh, it's much more easier - try to use tool named pmacho.exe (it understands Mach-o format) then feed the resulted .pat file into sigmake that easy

The most incomprehensible thing for me is: I tried to convert the .a file provided by @avcatshy with pmacho, and then the libssl.sig file generated by sigmake was only 30kb. But when I used the libssl.pat provided by him to generate libssl.sig, everything was fine It has become normal, and some symbols of openssl can be restored by importing ida. . . (Unfortunately - not the version I wanted)

from flirtdb.

Yeah, I agree.. for some reason final .sig is a way small...
what are your ideas - if you try to compare the pat you were given with the one generatd by the flirt tool for mach-o?
maybe it'll give you some clues cause right now everyting looks legit and fine...

from flirtdb.

Yeah, I agree.. for some reason final .sig is a way small... what are your ideas - if you try to compare the pat you were given with the one generatd by the flirt tool for mach-o? maybe it'll give you some clues cause right now everyting looks legit and fine...

My mac is an m1 chip, and the file compiled on the mac will report such an error "Warning: IDA does not yet support Mach-O relocation information for this CPU". So please help me to compile the openssl static library on your mac, is it ok? (Please use the script provided below and run "./openssl-build.sh")
https://github.com/943301098/openssl-compile-script

from flirtdb.

Well, I don't have Mac HW, so can't help here, sorry...
about that warning - where does it come from

from flirtdb.

Well, I don't have Mac HW, so can't help here, sorry... about that warning - where does it come from

This warning appears when I use pmacho libssl.a to generate libssl.pat.

from flirtdb.

I don't think that warning somehow impacts the output result...
here is for example what I see here (win, tool from 7.7)

c:\Temp\sdk\flair77\bin\win>pmacho.exe libssl2.a
c:\Temp\sdk\flair77\bin\win\libssl2.a: skipped 0, total 42

c:\Temp\sdk\flair77\bin\win>pmacho.exe libcrypto.a
c:\Temp\sdk\flair77\bin\win\libcrypto.a: skipped 0, total 637

c:\Temp\sdk\flair77\bin\win>pmacho.exe --version
Mach-O parser. Copyright (c) 2010-2021 Hex-Rays SA. Version 1.1
Supported processors: x86, x64, ARM

as you see - no warnings, but still the scanned number of functions is not as expected, right?
BTW, what are the expected numbers, like 10 times higher?

from flirtdb.

@avcatshy with pmacho, and then the libssl.sig file generated by sigmake was only 30kb. But when I used the libssl.pat provided by him to generate libssl.sig, everything was fine It has become normal, and some symbols of openssl can be restored by importing ida. . . (Unfortunately - not the version I wanted)

The openssl1.1.1i version provided by @avcatshy has a libssl.sig size of 136kb and a libcrypto.sig size of 431kb. I think the sig file corresponding to the openssl1.1.1k version should be close to this size.

from flirtdb.

Could you attach the pat files for M1 which you are happy about?
maybe we'll have some clues how they differ with existing ones... maybe the guy did some manual corrections, etc

from flirtdb.

Could you attach the pat files for M1 which you are happy about? maybe we'll have some clues how they differ with existing ones... maybe the guy did some manual corrections, etc

Use this pat file to generate a satisfactory sig file, please use the link below
https://github.com/avcatshy/noobs/tree/main/sigDB/openssl1.1.1i/libssl

from flirtdb.

Yeah, I agree
the pat file from your link is OK
but you dont have corresponding .a from which it was created...

Now, after some thinking I guess that you have to write to IDA support because most probably the pmacho.exe does not fully understand the M1 object files and for some reason it reads out much less functions comparing to real case...

as FLAIR is closed source, I dont see other options than asking for support ticket, or
you could find some other tool which might create .pat file out of M1 objects..

Good luck!

from flirtdb.

@greenozon how did you make the signature for the openssl 1.1.1 msvc? I tried to compile openssl 3.0.0 with msvc by clone the branch 3.0.0 and then run:

perl configure
nmake 
nmake test
nmake install

and then get the libssl.lib and libcrypto.lib in programfile/openssl/lib.

But i tried both plb and pcf to get the pat file but both give me back zero libary?
Did i compile the openssl wrong?

from flirtdb.

what branch (location) are you referring to?

from flirtdb.

@greenozon this branch: https://github.com/openssl/openssl/tree/openssl-3.0.0

from flirtdb.

Here are the two lib file: https://www.sendspace.com/filegroup/6EhnO3HBif7F55Mr5HFa3Q

from flirtdb.

Yeah, I understand what's going on
Please use statically built libs, not dynamic (you used dynamic -> 0 output which is OK)

static libs to be used:
libssl_static.lib (near 4 MB)
libcrypto_static.lib (near 28 MB)
if all goes fine you'll see big .pat files in output

from flirtdb.