{"id":771,"date":"2017-10-18T11:17:58","date_gmt":"2017-10-18T19:17:58","guid":{"rendered":"https:\/\/www.pnfsoftware.com\/blog\/?p=771"},"modified":"2017-10-18T11:17:58","modified_gmt":"2017-10-18T19:17:58","slug":"translation-contribution-and-virustotal-plugin-for-jeb","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/translation-contribution-and-virustotal-plugin-for-jeb\/","title":{"rendered":"Language Translation Contribution in Python; VirusTotal Hash Check Plugin in Java."},"content":{"rendered":"<p>This post is geared toward power-users who would like to take advantage of API additions that shipped with the latest JEB update.<sup class='footnote'><a href='#fn-771-1' id='fnref-771-1' onclick='return fdfootnote_show(771)'>1<\/a><\/sup><\/p>\n<p><span style=\"text-decoration: underline;\">TL;DR: see below for a language translation contribution in Python, and a VirusTotal hash check plugin in Java.<\/span><\/p>\n<h2>Contributions<\/h2>\n<p><strong>With JEB 2.3.6, users can now write their own unit contribution plugins in Python (or Java, of course).<\/strong><\/p>\n<p>First, let&#8217;s recap: JEB extensions consist of back-end plugins, and front-end scripts. Front-end scripts are written in Python and execute in the context\u00a0 of a client (generally, the UI client, but it could also be a script executed by a headless, command-line JEB client). Back-end plugins form a more diverse realm: they consist of parser plugins (eg, disassemblers, decompilers, decoders, etc.), generic engines plugins, and contribution plugins.\u00a0 They are mostly written in Java &#8211; although that is slowly changing as we are adding program-wide support for JEB extensions in Python.<\/p>\n<p>Contribution plugins can enhance the output produced by parser plugins. A concrete example: an interactive disassembly or other text output (eg, a decompiled piece of Java or C code) is made of text items; a contribution can provide additional information to a client about a given item, when the client requests it. When it comes to the main JEB UI client, that information can be requested when a user hovers its mouse over an interactive text item.<\/p>\n<p>Several contributions are already built-in, such as those providing live variable and register values when debugging a program; or the <a href=\"https:\/\/www.pnfsoftware.com\/blog\/dex-and-apk-updates-in-jeb-2-3-5\/\">Javadoc contribution<\/a> that displays API documentation on Java disassembly. Users may also write their own contributions.<\/p>\n<ul>\n<li>Contributions extend <a href=\"https:\/\/www.pnfsoftware.com\/jeb\/apidoc\/reference\/com\/pnfsoftware\/jeb\/core\/IUnitContribution.html\">IUnitContribution<\/a>;<\/li>\n<li>They can target any type of unit;<\/li>\n<li>They can be written in Java or in Python;<\/li>\n<li>They are plugins,\u00a0 and as such, should be dropped into the JEB&#8217;s coreplugins\/ folder (Python contributions will need a <a href=\"http:\/\/search.maven.org\/remotecontent?filepath=org\/python\/jython-standalone\/2.7.0\/jython-standalone-2.7.0.jar\">Jython package<\/a> in that folder as well);<\/li>\n<li>A Python contribution must be named exactly like the contribution class name (in the above below,\u00a0<strong>SampleContribution.py<\/strong>)<\/li>\n<\/ul>\n<p>The skeleton of a Python contribution that would enhance all code units would look like:<\/p>\n<pre style=\"font-size: 80%;\">class SampleContributionPlugin(IUnitContribution):\r\n\r\n  def __init__(self):\r\n    pass\r\n  \r\n  def getPluginInformation(self):\r\n    return PluginInformation(...)\r\n\r\n  def isTarget(self, unit):\r\n    return isinstance(unit, ICodeUnit)\r\n\r\n  def setPrimaryTarget(self, unit):\r\n    self.target = unit\r\n\r\n  def getPrimaryTarget(self):\r\n    return self.target\r\n\r\n  def getItemInformation(self, targetUnit, itemId, itemText):\r\n    # provide info about an item or a bit of text\r\n\r\n  def getLocationInformation(self, targetUnit, location):\r\n    return None\r\n<\/pre>\n<p><a href=\"https:\/\/github.com\/pnfsoftware\/jeb2-samplecode\/blob\/master\/scripts\/contributions\/TranslationContributionPlugin.py\">We uploaded a sample contribution plugin<\/a> that works for text documents produced by any type of parser plugin (eg, disassembly, decompiled code, etc.). The contribution uses Google to provide real-time translations of the text snippet your mouse pointer is currently on:<\/p>\n<figure style=\"width: 912px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/90ec584ed6cb988fe084d19df815554d.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/90ec584ed6cb988fe084d19df815554d.png\" alt=\"\" width=\"912\" height=\"390\" \/><\/a><figcaption class=\"wp-caption-text\">The translation contribution translates foreign language text items to English when the user hovers their mouse over them; here, an Arabic string found in a malware sample of Mirai is being translated.<\/figcaption><\/figure>\n<p>Note that you do not need a Google API key for it to work: the plugin scrapes Google search out; as such it is quite brittle and will almost certainly break in the future, but keep in mind this is a demo\/sample to get you started for your own contributions.<\/p>\n<h2>VirusTotal Report Plugin<\/h2>\n<p>On a side-note, JEB 2.3.6 also ships with a VirusTotal hash checker plugin (disabled by default). This plugin automatically checks the hash of top-level units against the VirusTotal database.<\/p>\n<p><a href=\"https:\/\/github.com\/pnfsoftware\/jeb2-samplecode\/blob\/master\/src\/com\/pnf\/vtplugin\/VirustotalReportPlugin.java\">We open-sourced it on GitHub (VirusTotalReportPlugin.java)<\/a>.<\/p>\n<p>To set it up, run <em>File, Plugins, Execute an Engines Plugin, VT Report Plugin<\/em>:<\/p>\n<figure style=\"width: 826px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/e72c3eb1f04fcf1e7272731832ad891f.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/e72c3eb1f04fcf1e7272731832ad891f.png\" alt=\"\" width=\"826\" height=\"520\" \/><\/a><figcaption class=\"wp-caption-text\">To set up the VT plugin, you will need a VT API key.<\/figcaption><\/figure>\n<p>Then, enter your VirusTotal API key; you&#8217;re good to go. Newly processed files will be automatically checked against VT and a log message as well as a notification will be stored to let you know the outcome.<\/p>\n<figure style=\"width: 921px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/6e642833f3ae593e8f2cdde83d301187.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2017\/10\/6e642833f3ae593e8f2cdde83d301187.png\" alt=\"\" width=\"921\" height=\"553\" \/><\/a><figcaption class=\"wp-caption-text\">The notification produced by the JEB VT plugin: here, the file looks bad (28 anti-virus products marked it as such)<\/figcaption><\/figure>\n<p>That&#8217;s it for today &#8212; until next time!<\/p>\n<div class='footnotes' id='footnotes-771'>\n<div class='footnotedivider'><\/div>\n<ol>\n<li id='fn-771-1'> No, we are not talking about <a href=\"https:\/\/www.pnfsoftware.com\/blog\/introducing-the-jeb-malware-sharing-network\/\">the JEB Malware Sharing Network, that was described in the previous post<\/a>! <span class='footnotereverse'><a href='#fnref-771-1'>&#8617;<\/a><\/span><\/li>\n<\/ol>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>This post is geared toward power-users who would like to take advantage of API additions that shipped with the latest JEB update.1 TL;DR: see below for a language translation contribution in Python, and a VirusTotal hash check plugin in Java. Contributions With JEB 2.3.6, users can now write their own unit contribution plugins in Python &hellip; <a href=\"https:\/\/www.pnfsoftware.com\/blog\/translation-contribution-and-virustotal-plugin-for-jeb\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Language Translation Contribution in Python; VirusTotal Hash Check Plugin in Java.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,8],"tags":[],"class_list":["post-771","post","type-post","status-publish","format-standard","hentry","category-api-jeb2","category-jeb2"],"_links":{"self":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/comments?post=771"}],"version-history":[{"count":0,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/771\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/media?parent=771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/categories?post=771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/tags?post=771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}