如何从 Mac 中的二进制文件中提取硬编码字符串?

【问题标题】:How to extract hardcoded strings from a binary in Mac?如何从 Mac 中的二进制文件中提取硬编码字符串?
【发布时间】:2011-11-16 08:45:50
【问题描述】:

是否有可以在 Mac (Perl/Python/Cocoa/etc) 上运行的任何语言的 API 或可用于加载二进制文件 (app/bundle/framework/etc) 并提取硬-代码中使用的编码字符串?

背后的原因是我们想检查我们编译的二进制文件中是否有硬编码的路径。

【问题讨论】:

    标签: string macos cocoa binary-data


    【解决方案1】:

    是的,您可以使用strings 命令行工具:

    $ man strings

NAME
       strings - find the printable strings in a object, or other binary, file

SYNOPSIS
       strings [ - ] [ -a ] [ -o ] [ -t format ] [ -number ] [ -n number ] [--] [file ...]

DESCRIPTION
       Strings looks for ASCII strings in a binary file or standard input.  Strings is useful for identifying random object files and many other things.  A string
       is any sequence of 4 (the default) or more printing characters ending with a newline or a null.  Unless the - flag is given, strings looks in all  sections
       of the object files except the (__TEXT,__text) section.  If no files are specified standard input is read.

       The file arguments may be of the form libx.a(foo.o), to request information about only that object file and not the entire library.   (Typically this argu-
       ment must be quoted, ``libx.a(foo.o)'', to get it past the shell.)

       The options to strings(1) are:

       -a     This option causes strings to look for strings in all sections of the object file (including the (__TEXT,__text) section.

       -      This option causes strings to look for strings in all bytes of the files (the default for non-object files).

       --     This option causes strings to treat all the following arguments as files.

       -o     Preceded each string by its offset in the file (in decimal).

       -t format
              Write each string preceded by its byte offset from the start of the file.  The format shall be dependent on the single character used as the  format
              option-argument:

       d      The offset shall be written in decimal.

       o      The offset shall be written in octal.

       x      The offset shall be written in hexadecimal.

       -number
              The decimal number is used as the minimum string length rather than the default of 4.

       -n number
              Specify the minimum string length, where the number argument is a positive decimal integer. The default shall be 4.

       -arch arch_type
              Specifies  the  architecture, arch_type, of the file for strings(1) to operate on when the file is a universal file.  (See arch(3) for the currently
              know arch_types.)  The arch_type can be "all" to operate on all architectures in the file, which is the default.

SEE ALSO
       od(1)

BUGS
       The algorithm for identifying strings is extremely primitive.

Apple Computer, Inc.                                                    September 11, 2006                                                              STRINGS(1)

    【讨论】:

    • strings 会找到由unichar 字符而不是 8 位字符组成的 NSString 常量吗?
    • @trojanfoe: 好点 - 我相信它只适用于 ASCII,因此不会打印任何包含宽字符的字符串
    • 此外,如果二进制文件是通用二进制文件(具有多种架构),您可能需要剥离并只留下一个二进制文件,因为相同的字符串将在结果中重新出现 N 次,其中 N 是还有打包在通用二进制文件中的架构数量。
    • @radj:你可以使用 lipo。
    • strings 命令的唯一问题是它搜索“...以换行符或空字符结尾的字符”。这意味着如果您使用任何通用二进制文件(例如 Word 文档),您会漏掉很多单词。
    猜你喜欢
    • 2012-09-02
    • 1970-01-01
    • 2011-09-09
    • 1970-01-01
    • 2020-10-30
    • 2014-06-18
    • 2012-09-05
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode