mirror of
https://github.com/nganhkhoa/CTF-All-In-One.git
synced 2024-10-19 01:12:52 +07:00
4.9 KiB
4.9 KiB
angr 二进制自动化分析
angr是一个多架构的二进制分析平台,具备对二进制文件的动态符号执行能力和多种静态分析能力。
安装
在Ubuntu上,首先我们应该安装所有的编译所需要的依赖环境:
sudo apt install python-dev libffi-dev build-essential virtualenvwrapper
强烈建议在虚拟环境中安装angr,因为有几个angr的依赖(比如z3)是从他们的原始库中fork而来,如果你已经安装了z3,那么你肯定不希望angr的依赖覆盖掉官方的共享库。
对于大多数*unix系统,只需要mkvirtualenv angr && pip install angr安装angr就好了。
如果这样安装失败的话,那么你可以按照这样的顺序:
1. claripy
2. archinfo
3. pyvex
4. cle
5. angr
从angr的官方仓库安装。
附安装方法:
git clone https://github.com/angr/claripy
cd claripy
sudo pip install -r requirements.txt
sudo python setup.py build
sudo python setup.py install
其他几个angr官方库的安装也是如此。
一些import angr可能出现的问题
如果你在安装angr之后,进入python环境,在import之后有这样的报错:
Python 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import angr
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "angr/__init__.py", line 25, in <module>
from .project import *
File "angr/project.py", line 592, in <module>
from .analyses.analysis import Analyses
File "angr/analyses/__init__.py", line 22, in <module>
from .reassembler import Reassembler
File "angr/analyses/reassembler.py", line 9, in <module>
import capstone
File "/usr/local/lib/python2.7/dist-packages/capstone/__init__.py", line 6, in <module>
from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore
ImportError: cannot import name arm
>>>
在ipython环境中也许会有这样的报错:
Python 2.7.12 (default, Nov 19 2016, 06:48:10)
Type "copyright", "credits" or "license" for more information.
IPython 2.4.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object', use 'object??' for extra details.
In [1]: import angr
---------------------------------------------------------------------------
ImportError Traceback (most recent call last)
<ipython-input-1-bcea9b74a356> in <module>()
----> 1 import angr
/root/angr/angr/__init__.pyc in <module>()
23 from .state_plugins.inspect import BP
24
---> 25 from .project import *
26 from .errors import *
27 #from . import surveyors
/root/angr/angr/project.py in <module>()
590 from .factory import AngrObjectFactory
591 from .simos import SimOS, os_mapping
--> 592 from .analyses.analysis import Analyses
593 from .surveyors import Surveyors
594 from .knowledge_base import KnowledgeBase
/root/angr/angr/analyses/__init__.py in <module>()
20 from .congruency_check import CongruencyCheck
21 from .static_hooker import StaticHooker
---> 22 from .reassembler import Reassembler
23 from .binary_optimizer import BinaryOptimizer
24 from .disassembly import Disassembly
/root/angr/angr/analyses/reassembler.py in <module>()
7 from itertools import count
8
----> 9 import capstone
10 import cffi
11 import cle
/usr/local/lib/python2.7/dist-packages/capstone/__init__.py in <module>()
4 if _python2:
5 range = xrange
----> 6 from . import arm, arm64, mips, ppc, sparc, systemz, x86, xcore
7
8 __all__ = [
ImportError: cannot import name arm
可以看到,是capstone出现了问题。
解决这个问题的方法是重新安装angr:
sudo pip install -I --no-use-wheel capstone
这样就能解决问题。
若是问题依然存在,那么请先卸载所有的capstone:
sudo pip3 uninstall capstone
sudo pip uninstall capstone
然后从pypi源中获取最新版本安装:
wget https://pypi.python.org/packages/fd/33/d1fc2d01b85572b88c9b4c359f36f88f8c32f2f0b9ffb2d21cd41bad2257/capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl#md5=ecd7e1e39ea6dacf027c0cfe7eb1bf94
sudo pip2 install capstone-3.0.5rc2-py2-none-manylinux1_x86_64.whl
(如果wget这个安装包失败的话,你可以在https://pypi.python.org/pypi/capstone/找到capstone最新的版本)
一个例子
这里是一个简单的使用符号执行去获取一道CTF赛题的flag:
import angr
project = angr.Project("CTF-All-In-One/src/Reverse/defcamp_r100", auto_load_libs=False)
@project.hook(0x400844)
def print_flag(state):
print "FLAG SHOULD BE:", state.posix.dump_fd(0)
project.terminate_execution()
project.execute()