The SandBlasterPlugin for Ghidra is a specialized and sophisticated extension that leverages the functionalities of the SandBlaster tool to facilitate the streamlined analysis and reverse engineering of iOS sandbox profiles. This tool is essential in converting the profiles from their binary format into a human-readable SBPL (Sandbox Profile Language) format, directly within the Ghidra environment. The iOS operating system employs a security feature known as the sandbox, which imposes restrictions on applications, limiting their access to certain parts of the system or user data. These restrictions are delineated in sandbox profiles, typically stored in a binary format. The SandBlaster Plugin simplifies the analysis process by converting these binary profiles into the readable SBPL format, thereby aiding researchers and security analysts in comprehending and assessing the security implications of these profiles.
- Ghidra
- Python 2
- Python 3
- pip (Python package installer for Python 3)
lief
package for Python 3
The plugin handles the installation of additional Python 3 required packages, such as lief
.
This project includes the SandBlaster submodule, which requires Python 2, Python 3, pip, and the lief
package for Python 3.
-
Download the
.zip
file from releases section of this repository and install it in Ghidra in Ghidra inFile → Install Extensions...
OR
-
Clone this repository:
git clone https://github.com/yourusername/ghidra-plugin.git cd ghidra-plugin
-
Initialize and update the submodules:
git submodule init git submodule update
-
Build the Ghidra plugin:
./gradlew build
This will generate a
.zip
file in thedist
directory. -
Once built, the plugin can be installed in Ghidra in
File → Install Extensions...
Provide detailed instructions on how to use the plugin.
- Start Ghidra.
- Open
File → Configure → Miscellaneous
and enableSandBlasterPlugin
- Open
Window → SandBlasterPlugin
and the main window of plugin will be displayed - Specify
Python2
andPython3
bin paths or useAuto Detect
action - Specify a valid
iOS Version
and theSandBox Operations File Source
andSandBox Profiles File Source
Start
process- View reversed SandBox profiles in the
Result
tab - Check the logs
The built version of the Ghidra plugin can be found in the releases section of this repository.
If you are interested in contributing to this project, please read the CONTRIBUTING.md file.
This project is licensed under the MIT License - see the LICENSE file for details.