scripts: add CONTROL_FLOW to ELF security checks

author: fanquake <fanquake@gmail.com> 2021-10-15 13:41:49 +0800
committer: fanquake <fanquake@gmail.com> 2022-01-04 22:45:45 +0800
commit: 5a8f907c93f158c54e58706d6d8c6b0a1a3205ba (patch)
tree: 285a035513c5b10faa5390287e84fdafaaf0e847 /contrib/devtools/security-check.py
parent: e13f8f775d9e8da04db0e072040d11237c5d1089 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index 97192a21f6..9e7059685c 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -111,6 +111,17 @@ def check_ELF_separate_code(binary):
                 return False
     return True
 
+def check_ELF_control_flow(binary) -> bool:
+    '''
+    Check for control flow instrumentation
+    '''
+    main = binary.get_function_address('main')
+    content = binary.get_content_from_virtual_address(main, 4, lief.Binary.VA_TYPES.AUTO)
+
+    if content == [243, 15, 30, 250]: # endbr64
+        return True
+    return False
+
 def check_PE_DYNAMIC_BASE(binary) -> bool:
     '''PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)'''
     return lief.PE.DLL_CHARACTERISTICS.DYNAMIC_BASE in binary.optional_header.dll_characteristics_lists
@@ -210,7 +221,7 @@ BASE_MACHO = [
 
 CHECKS = {
     lief.EXE_FORMATS.ELF: {
-        lief.ARCHITECTURES.X86: BASE_ELF,
+        lief.ARCHITECTURES.X86: BASE_ELF + [('CONTROL_FLOW', check_ELF_control_flow)],
         lief.ARCHITECTURES.ARM: BASE_ELF,
         lief.ARCHITECTURES.ARM64: BASE_ELF,
         lief.ARCHITECTURES.PPC: BASE_ELF,
author	fanquake <fanquake@gmail.com>	2021-10-15 13:41:49 +0800
committer	fanquake <fanquake@gmail.com>	2022-01-04 22:45:45 +0800
commit	5a8f907c93f158c54e58706d6d8c6b0a1a3205ba (patch)
tree	285a035513c5b10faa5390287e84fdafaaf0e847 /contrib/devtools/security-check.py
parent	e13f8f775d9e8da04db0e072040d11237c5d1089 (diff)