Monthly Archives: April 2010

Installing PaiMei on Snow Leopard with Python 2.6

0
Posted by spoofy on April 28, 2010 – 1:32 pm
Filed under Educational, Reverse Engineering

Why PaiMei on 2.6 and not 2.4? No real reason, I manged to end up with 4 versions of Python on my laptop recently and decided it was time to stick to a single version of 2x and 3x. The only painful part of this move was to get PaiMei working.

PaiMai is a reverse engineering framework developed initially to work on windows but now works on OS X as well. If you have experience with Python it is a great tool of choice for examining binaries. It is one of many projects from Pedram Amini at Tipping Point.

Python Setup

Python 2.6 runs as 64 bit by default on Snow Leopard and wxPython requires 32 bit. So you will have to force it to run in 32 bit mode.

I’d recommend making 2.6 your default python version.

% export VERSIONER_PYTHON_VERSION=2.6 # Bourne-like shells
or
% setenv VERSIONER_PYTHON_VERSION 2.6 # C-like shells

Set Python to run in 32 bit mode.

% export VERSIONER_PYTHON_PREFER_32_BIT=yes # Bourne-like shells
or
% setenv VERSIONER_PYTHON_PREFER_32_BIT yes # C-like shells

wxPython

get and install wxPython

http://downloads.sourceforge.net/wxpython/wxPython2.8-osx-unicode-2.8.10.1-universal-py2.6.dmg

MySQL 5.0 (32 bit)

Before installing update your path

bash-3.2# export PATH=$PATH:/usr/local//mysql-5.0.67-osx10.5-x86/bin

get and install MySQL 5.0 (community server)

http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.67-osx10.5-x86.dmg/from/http://mysql-mirror.codehelpers.com/

Install the package and then drag the MySQL.PrefPane file on your Library/PreferencePane Then go to System Preference and start Mysql

Install the following python modules

uDrawGraph

Download uDrawGraph here. The application simply runs as a process and listens on a port for connections. Keep in mind you have to allow the connections through your firewall.


bash-3.2# tar xvfz uDrawGraph-3.1.1-4-macosx-i386.tar.gz
bash-3.2# cd uDrawGraph-3.1/bin
bash-3.2# ./uDrawGraph -server

PaiMei

bash-3.2# svn checkout http://paimei.googlecode.com/svn/trunk/ paimei-read-only

patch trunk/pydbg/my_ctypes.py


- c_types = (Structure, c_char, c_byte, c_ubyte, c_short, c_ushort, c_int, c_uint, c_long, c_ulong, c_longlong, \
+ class Structure2(Structure):
+ pass
+
+ c_types = (Structure2, c_char, c_byte, c_ubyte, c_short, c_ushort, c_int, c_uint, c_long, c_ulong, c_longlong, \

macdll

macdll is a C library that provides translation from the Windows API to a Mac OS X API. When you checkout the code from SVN it will already be built but I would rebuild it to be safe.

bash-3.2# cd trunk/MacOSX/macdll/
bash-3.2# xcodebuild -target macdll -configuration debug

copy the file to a few locations:

bash-3.2# cp libmacdll.dylib /Library/Python/2.6/site-packages/utils/
bash-3.2# cd console
bash-3.2# cp ../pydbg/libmacdll.dylib .

macsetup.sh

This script builds macdll and checks for some basic items. I would run it just to be safe.

$ chmod +x macsetup.sh
$ ./macsetup.sh

PaiMai Modules


$ cd trunk/
$ python setup.py install

setup database


$ cd trunk/
$ python __setup_mysql.py localhost root

Start PaiMei


bash-3.2# cd console/
bash-3.2# python PAIMEIconsole.pyw

and enjoy!