From 113d2a3d9bf54d344efd18617d5f941efd3e664f Mon Sep 17 00:00:00 2001 From: liu1l <1071662300@qq.com> Date: Tue, 12 Sep 2017 19:57:05 +0800 Subject: [PATCH] update angr --- doc/5.3_angr.md | 163 +++++++++++++++++++++++++++++++++++++++ src/Reverse/defcamp_r100 | Bin 0 -> 6320 bytes 2 files changed, 163 insertions(+) create mode 100644 src/Reverse/defcamp_r100 diff --git a/doc/5.3_angr.md b/doc/5.3_angr.md index 06ee211..142a3d1 100644 --- a/doc/5.3_angr.md +++ b/doc/5.3_angr.md @@ -1 +1,164 @@ # angr 二进制自动化分析 + +angr是一个多架构的二进制分析平台,具备对二进制文件的动态符号执行能力和多种静态分析能力。 + +## 安装 + +在Ubuntu上,首先我们应该安装所有的编译所需要的依赖环境: + +```shell +sudo apt install python-dev libffi-dev build-essential virtualenvwrapper +``` + +强烈建议在虚拟环境中安装angr,因为有几个angr的依赖(比如z3)是从他们的原始库中fork而来,如果你已经安装了z3,那么你肯定不希望angr的依赖覆盖掉官方的共享库。 + +对于大多数*unix系统,只需要`mkvirtualenv angr && pip install angr`安装angr就好了。 + +如果这样安装失败的话,那么你可以按照这样的顺序: + +```text +1. claripy +2. archinfo +3. pyvex +4. cle +5. angr +``` + +从angr的官方仓库安装。 + +附安装方法: + +```shell +git clone https://github.com/angr/claripy +cd claripy +sudo pip install -r requirements.txt +sudo python setup.py build +sudo python setup.py install +``` + +其他几个angr官方库的安装也是如此。 + +## 一些`import angr`可能出现的问题 + +如果你在安装angr之后,进入python环境,在import之后有这样的报错: + +```python +Python 2.7.12 (default, Nov 19 2016, 06:48:10) +[GCC 5.4.0 20160609] on linux2 +Type "help", "copyright", "credits" or "license" for more information. +>>> import angr +Traceback (most recent call last): + File "", line 1, in + File "angr/__init__.py", line 25, in + from .project import * + File "angr/project.py", line 592, in + from .analyses.analysis import Analyses + File "angr/analyses/__init__.py", line 22, in + from .reassembler import Reassembler + File "angr/analyses/reassembler.py", line 9, in + import capstone + File "/usr/local/lib/python2.7/dist-packages/capstone/__init__.py", line 6, in + from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore +ImportError: cannot import name arm +>>> +``` + +在ipython环境中也许会有这样的报错: + +```python +Python 2.7.12 (default, Nov 19 2016, 06:48:10) +Type "copyright", "credits" or "license" for more information. + +IPython 2.4.1 -- An enhanced Interactive Python. +? -> Introduction and overview of IPython's features. +%quickref -> Quick reference. +help -> Python's own help system. +object? -> Details about 'object', use 'object??' for extra details. + +In [1]: import angr +--------------------------------------------------------------------------- +ImportError Traceback (most recent call last) + in () +----> 1 import angr + +/root/angr/angr/__init__.pyc in () + 23 from .state_plugins.inspect import BP + 24 +---> 25 from .project import * + 26 from .errors import * + 27 #from . import surveyors + +/root/angr/angr/project.py in () + 590 from .factory import AngrObjectFactory + 591 from .simos import SimOS, os_mapping +--> 592 from .analyses.analysis import Analyses + 593 from .surveyors import Surveyors + 594 from .knowledge_base import KnowledgeBase + +/root/angr/angr/analyses/__init__.py in () + 20 from .congruency_check import CongruencyCheck + 21 from .static_hooker import StaticHooker +---> 22 from .reassembler import Reassembler + 23 from .binary_optimizer import BinaryOptimizer + 24 from .disassembly import Disassembly + +/root/angr/angr/analyses/reassembler.py in () + 7 from itertools import count + 8 +----> 9 import capstone + 10 import cffi + 11 import cle + +/usr/local/lib/python2.7/dist-packages/capstone/__init__.py in () + 4 if _python2: + 5 range = xrange +----> 6 from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore + 7 + 8 __all__ = [ + +ImportError: cannot import name arm +``` + +可以看到,是capstone出现了问题。 + +解决这个问题的方法是重新安装angr: + +```shell +sudo pip install -I --no-use-wheel capstone +``` + +这样就能解决问题。 + +若是问题依然存在,那么请先卸载所有的capstone: + +```shell +sudo pip3 uninstall capstone +sudo pip uninstall capstone +``` + +然后从pypi源中获取最新版本安装: + +```shell +wget https://pypi.python.org/packages/fd/33/d1fc2d01b85572b88c9b4c359f36f88f8c32f2f0b9ffb2d21cd41bad2257/capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl#md5=ecd7e1e39ea6dacf027c0cfe7eb1bf94 +sudo pip2 install capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl +``` + +(如果wget这个安装包失败的话,你可以在[https://pypi.python.org/pypi/capstone/](https://pypi.python.org/pypi/capstone/)找到capstone最新的版本) + +## 一个例子 + +这里是一个简单的使用符号执行去获取一道CTF赛题的flag: + +```python +import angr + +project = angr.Project("CTF-All-In-One/src/Reverse/defcamp_r100", auto_load_libs=False) + +@project.hook(0x400844) +def print_flag(state): + print "FLAG SHOULD BE:", state.posix.dump_fd(0) + project.terminate_execution() + +project.execute() +``` + diff --git a/src/Reverse/defcamp_r100 b/src/Reverse/defcamp_r100 new file mode 100644 index 0000000000000000000000000000000000000000..c604b7f18cdbd9a1064e5740f4c0b6dbeaa80daa GIT binary patch literal 6320 zcmeHLZETxY6~1=9+@-T!$iQo=#X+e^E8-=YTe4MSuhY1_nbHzMTq;IpJGK+Mi$7$) zUYk`b9%(0eSw?>Fks%@V2P%{JL4Ls0P0%>aXaWK$L+XUI{HR8Y;-u3eR*EH9%{lkI zCw_U?KqbV#9?SRK=bZE0d+x`3-;Zy5`wp2+CPrdrUtx&swTdulC1bNY1eCTewv8!l z7i(m-V5xz>B0Q+I8tIa3nzTj6Re`RCf0tP^beR=VA-zj8Lm!$@hN!W>iYT(G>FW<@ zkThdXVL%?{YOx9kIv^^f12T`4)Wk!GyjIC;l|0hRGBMILJ{%kV2W5MMW(5#p1r_TN zWkq8wO8*TtjP>X?0YNLGLV7FS*MNt4-mBPU;DGFJt9hYyBQ1x^9vzDf?{_~s7H%7h zC9b@W(xXe%m45^845R-2BmxazA~2 zvA*%d&6lDWk5fSFhU<|7jDq%2Uyz0%Y{tS3hR+y{fa|xgV`F!V|Kb+*?k()DE$o9} zcf#K&2f%Q*ew)F*gFVcm_JE+!zG5)%A)My@ER|I=%r!O(O5Q1m(fNH8|WGHN)M zV5xL0p^mVT(Fnvq5lKAHQffLFiU0$fKw4V$$Ab{;_m9St32E`O!+pKo2mPHc_hzlr zwGWdp!>>w|xH^b%eavEwXfYaMu?KNwL*PSOc4rKh%go|XM=99?LgQYo6E&@%apJWt zx4v*VQBc z9CEQB@Cn2?)Z(nb!-#Q+#q$Dx6EP00I4$r1VjNO2C-BpVaVW(U;EoS_^Y1>(^B?eu z>l^)py^965O<{a-e%gX+akWlit3QOmTO+on9>y*vVc>CN>-k~and}ra1q)Q z1HLshhpzH9TT>2g7ZFkXe5nfJdHyn=Uwew1mifD-ERf&EKz{Cz>a8K3zoPL!ko??} zZ*6nJw%XwX=IR+pWavuG1u&UDUcmX|6HoFw2v8r{OrgOy=Y&%m;>*iJ#nV8sHL+p_ zG`7L>FD@;5S45YK-fInFwBFTSn%-yuE#2#h$s;RoAM^Qq`K7w^|n2OvUpy#Bel0W^5fAcj*T?0oV_Da;?+F8YQmp#%KCT^MoMn$BX< zu>D~_dA{Mvmp#XN^S3>|-uzY1VBgg4K#dc&%v4(x^w<0L+~|0p&wo;dSJvu}|A}dR zs6IlC^ySz3^0#}SjdH^ZpI9*Q$JeuKeBvF;Gee$ld4@dCdi)C`l}rh;y5P_E@ zo@YJTk?3%IgryD#V)0~#MNaxg$5JZm>+$ywc>BKU>0#c48c93VXvCQcW-=#}>F^Uy zb~F}>G_&4BD49-2Lh7cg8QX2FIsn5HXPyI+o`(7xpaY=4FK14H`TP^$9Ox40R@kBr zn7|p(0h~w>ylc-Bt(0cUvuDUTy-t9oo^~53tGma(@Qy&%l44f#q671iS(Fca&L) z1%N^xKbv~HbOdS?QG*x*_pi>6gv?-xa;b8aw)dT-OUyzbW+rbS9Qe{2TCtFC7^RB0<(tV=8tTgHny0f^q}^_>$qE8f30W)IX9A#v}e{ z7`TKqhCi522gfxA)lY;V3|bGyV?mrKqk{MXec1Jzq5|!mi2&TLh{U zM!p+dx8Yi${^@*}G4Sz)2ZgRn4Ket-rF{b+e!;AOg|UJ(YzU-%^TDwbpRVIWV8gS6 z_;eo4$^(VYAKA>O=IqrpU%Vcl3xHn3i9zDVdS3y8|H=iq0s#!AUmY{g67q7r8;Vy zUp+r3&z+p)PwRuBZkL$!Sp%QGbJ}G>f2D~r@FZlf82EI*tCj~oo%<9or-dNH{4js& z#xC!dc1b+88L3r_{22qEz6;X#!k+)azhL0c%Km3%|87i9C$xTKnuQ8}3Z?re-QVf^ zA`|Qe$o~Vx;!+cz?tk=sm%iiD{-pkC zT<-x_-#>lND&e3&C|*MqO!oJ|q31LC{6QP_I1!~L9_i}_{&C4aE)%3YsTtxCUV{qS tX#Ds&1|@or{Er|O^KVCzPKbX*XTvJSqUbgCt$DQam$Lto-l*e|`Cr>cA}{~| literal 0 HcmV?d00001