FernandoDoming · November 15, 2020 23:19
diff --git a/yaragen.py b/yaragen.py
 import r2pipe
 import sys

 def zignature_to_yara(zignature):
    b = zignature["bytes"]
    b = b.replace(".", "?")
    if len(b) % 2 != 0:
        b += "?"

    yarastr = " ".join(b[i:i+2] for i in range(0, len(b), 2))
    return yarastr

 def main():
    if len(sys.argv) < 3:
        print("Usage: %s <file> <function name>" % (sys.argv[0]))
        sys.exit(1)

    filename = sys.argv[1]
    fname    = sys.argv[2]

    r2 = r2pipe.open(filename, flags=[])
    r2.cmd("aaa")
    r2.cmd("zaf %s %s" % (fname, fname))
    zignatures = r2.cmdj("zj~%s" % (fname))
    if not zignatures:
        print("Could not obtain zignatures for %s" % (fname))
        sys.exit(1)

    zignature = None
    for z in zignatures:
        if z["name"] == fname:
            zignature = z

    yarastr = None
    if zignature is not None:
        yarastr = zignature_to_yara(zignature)

    print("Generated Yara hex string from function %s:\n%s" % (fname, yarastr))
    r2.quit()

 if __name__ == "__main__":
    main()
	import r2pipe
	import sys

	def zignature_to_yara(zignature):
	b = zignature["bytes"]
	b = b.replace(".", "?")
	if len(b) % 2 != 0:
	b += "?"

	yarastr = " ".join(b[i:i+2] for i in range(0, len(b), 2))
	return yarastr

	def main():
	if len(sys.argv) < 3:
	print("Usage: %s <file> <function name>" % (sys.argv[0]))
	sys.exit(1)

	filename = sys.argv[1]
	fname = sys.argv[2]

	r2 = r2pipe.open(filename, flags=[])
	r2.cmd("aaa")
	r2.cmd("zaf %s %s" % (fname, fname))
	zignatures = r2.cmdj("zj~%s" % (fname))
	if not zignatures:
	print("Could not obtain zignatures for %s" % (fname))
	sys.exit(1)

	zignature = None
	for z in zignatures:
	if z["name"] == fname:
	zignature = z

	yarastr = None
	if zignature is not None:
	yarastr = zignature_to_yara(zignature)

	print("Generated Yara hex string from function %s:\n%s" % (fname, yarastr))
	r2.quit()

	if __name__ == "__main__":
	main()