# angr 二进制自动化分析 angr是一个多架构的二进制分析平台,具备对二进制文件的动态符号执行能力和多种静态分析能力。 ## 安装 在Ubuntu上,首先我们应该安装所有的编译所需要的依赖环境: ```shell sudo apt install python-dev libffi-dev build-essential virtualenvwrapper ``` 强烈建议在虚拟环境中安装angr,因为有几个angr的依赖(比如z3)是从他们的原始库中fork而来,如果你已经安装了z3,那么你肯定不希望angr的依赖覆盖掉官方的共享库。 对于大多数*unix系统,只需要`mkvirtualenv angr && pip install angr`安装angr就好了。 如果这样安装失败的话,那么你可以按照这样的顺序: ```text 1. claripy 2. archinfo 3. pyvex 4. cle 5. angr ``` 从angr的官方仓库安装。 附安装方法: ```shell git clone https://github.com/angr/claripy cd claripy sudo pip install -r requirements.txt sudo python setup.py build sudo python setup.py install ``` 其他几个angr官方库的安装也是如此。 ## 一些`import angr`可能出现的问题 如果你在安装angr之后,进入python环境,在import之后有这样的报错: ```python Python 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import angr Traceback (most recent call last): File "", line 1, in File "angr/__init__.py", line 25, in from .project import * File "angr/project.py", line 592, in from .analyses.analysis import Analyses File "angr/analyses/__init__.py", line 22, in from .reassembler import Reassembler File "angr/analyses/reassembler.py", line 9, in import capstone File "/usr/local/lib/python2.7/dist-packages/capstone/__init__.py", line 6, in from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore ImportError: cannot import name arm >>> ``` 在ipython环境中也许会有这样的报错: ```python Python 2.7.12 (default, Nov 19 2016, 06:48:10) Type "copyright", "credits" or "license" for more information. IPython 2.4.1 -- An enhanced Interactive Python. ? -> Introduction and overview of IPython's features. %quickref -> Quick reference. help -> Python's own help system. object? -> Details about 'object', use 'object??' for extra details. In [1]: import angr --------------------------------------------------------------------------- ImportError Traceback (most recent call last) in () ----> 1 import angr /root/angr/angr/__init__.pyc in () 23 from .state_plugins.inspect import BP 24 ---> 25 from .project import * 26 from .errors import * 27 #from . import surveyors /root/angr/angr/project.py in () 590 from .factory import AngrObjectFactory 591 from .simos import SimOS, os_mapping --> 592 from .analyses.analysis import Analyses 593 from .surveyors import Surveyors 594 from .knowledge_base import KnowledgeBase /root/angr/angr/analyses/__init__.py in () 20 from .congruency_check import CongruencyCheck 21 from .static_hooker import StaticHooker ---> 22 from .reassembler import Reassembler 23 from .binary_optimizer import BinaryOptimizer 24 from .disassembly import Disassembly /root/angr/angr/analyses/reassembler.py in () 7 from itertools import count 8 ----> 9 import capstone 10 import cffi 11 import cle /usr/local/lib/python2.7/dist-packages/capstone/__init__.py in () 4 if _python2: 5 range = xrange ----> 6 from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore 7 8 __all__ = [ ImportError: cannot import name arm ``` 可以看到,是capstone出现了问题。 解决这个问题的方法是重新安装angr: ```shell sudo pip install -I --no-use-wheel capstone ``` 这样就能解决问题。 若是问题依然存在,那么请先卸载所有的capstone: ```shell sudo pip3 uninstall capstone sudo pip uninstall capstone ``` 然后从pypi源中获取最新版本安装: ```shell wget https://pypi.python.org/packages/fd/33/d1fc2d01b85572b88c9b4c359f36f88f8c32f2f0b9ffb2d21cd41bad2257/capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl#md5=ecd7e1e39ea6dacf027c0cfe7eb1bf94 sudo pip2 install capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl ``` (如果wget这个安装包失败的话,你可以在[https://pypi.python.org/pypi/capstone/](https://pypi.python.org/pypi/capstone/)找到capstone最新的版本) ## 一个例子 这里是一个简单的使用符号执行去获取一道CTF赛题的flag: ```python import angr project = angr.Project("CTF-All-In-One/src/Reverse/defcamp_r100", auto_load_libs=False) @project.hook(0x400844) def print_flag(state): print "FLAG SHOULD BE:", state.posix.dump_fd(0) project.terminate_execution() project.execute() ```