def __exec_data(self, args):
if self.gctx.dis is None:
error("load a file before")
return
nb_lines = self.gctx.nb_lines
if len(args) <= 1:
self.gctx.entry = None
error("no address in parameter")
return
if len(args) == 3:
try:
nb_lines = int(args[2])
except:
pass
ctx = self.gctx.get_addr_context(args[1])
if ctx:
if args[0] == "da":
self.gctx.dis.dump_data_ascii(ctx, nb_lines)
elif args[0] == "db":
self.gctx.dis.dump_data(ctx, nb_lines, 1)
elif args[0] == "dw":
self.gctx.dis.dump_data(ctx, nb_lines, 2)
elif args[0] == "dd":
self.gctx.dis.dump_data(ctx, nb_lines, 4)
elif args[0] == "dq":
self.gctx.dis.dump_data(ctx, nb_lines, 8)
def inner(user, *args, **kwargs):
user_permissions = current_app.mdb.user_permissions.find_one({"id": user.id})
if user_permissions is None:
return error(403, "User has no permissions")
elif not all(user_permissions.get(p) for p in required_permissions):
return error(403, f"Missing one or more permissions: {required_permissions!r}")
return func(user, *args, **kwargs)
def __exec_data(self, args):
if self.ctx.dis is None:
error("load a file before")
return
lines = self.ctx.lines
if len(args) <= 1:
self.ctx.entry = None
error("no address in parameter")
return
self.ctx.entry = args[1]
if len(args) == 3:
lines = int(args[2])
self.ctx.print_data = True
if init_entry_addr(self.ctx):
if args[0] == "da":
self.ctx.dis.dump_data_ascii(self.ctx, lines)
elif args[0] == "db":
self.ctx.dis.dump_data(self.ctx, lines, 1)
elif args[0] == "dw":
self.ctx.dis.dump_data(self.ctx, lines, 2)
elif args[0] == "dd":
self.ctx.dis.dump_data(self.ctx, lines, 4)
elif args[0] == "dq":
self.ctx.dis.dump_data(self.ctx, lines, 8)
self.ctx.entry = None
self.ctx.entry_addr = 0
self.ctx.print_data = False
def disasm(ctx):
ctx.gph = ctx.dis.get_graph(ctx.entry_addr)
if ctx.gph == None:
error("capstone can't disassemble here")
return
ctx.gph.graph_init(ctx)
if ctx.graph:
ctx.gph.html_graph()
try:
ast = generate_ast(ctx)
except ExcIfelse as e:
error("can't have a ifelse here %x" % e.addr)
if ctx.interactive:
return
die()
if ctx.vim:
base = os.path.basename(ctx.filename) + "_" + ctx.entry
# re-assign if no colors
ctx.libarch.process_ast.assign_colors(ctx, ast)
ctx.color = False
generate_vim_syntax(ctx, base + ".vim")
sys.stdout = open(base + ".rev", "w+")
o = ctx.libarch.output.Output(ctx)
o.print_ast(ctx.entry_addr, ast)
if ctx.vim:
print("Run : vim {0}.rev -S {0}.vim".format(base), file=sys.stderr)
def __exec_save(self, args):
if self.ctx.dis is None:
error("load a file before")
return
fd = open(self.ctx.db_path, "w+")
db = {
"symbols": self.ctx.dis.binary.symbols,
"history": self.rl.history,
"inline_comments": self.ctx.dis.inline_comments,
"previous_comments": self.ctx.dis.previous_comments,
"jmptables": [],
"mips_gp": self.ctx.dis.mips_gp,
}
for j in self.ctx.dis.jmptables.values():
o = {
"inst_addr": j.inst_addr,
"table_addr": j.table_addr,
"table": j.table,
"name": j.name,
}
db["jmptables"].append(o)
fd.write(json.dumps(db))
fd.close()
print("database saved to", self.ctx.db_path)
self.ctx.db_modified = False
def __exec_save(self, args):
if self.ctx.dis is None:
error("load a file before")
return
fd = open(self.ctx.db_path, "w+")
db = {
"symbols": self.ctx.dis.binary.symbols,
"history": self.rl.history,
"inline_comments": self.ctx.dis.inline_comments,
"previous_comments": self.ctx.dis.previous_comments,
"jmptables": [],
"mips_gp": self.ctx.dis.mips_gp,
}
for j in self.ctx.dis.jmptables.values():
o = {
"inst_addr": j.inst_addr,
"table_addr": j.table_addr,
"table": j.table,
"name": j.name,
}
db["jmptables"].append(o)
fd.write(json.dumps(db))
fd.close()
print("database saved to", self.ctx.db_path)
self.ctx.db_modified = False
def decorated_function(*args, **kwargs):
encoded_jwt = request.headers.get('authorization')
if encoded_jwt is None:
return error(403, "missing credentials")
if validate_jwt(encoded_jwt):
return f(*args, **kwargs)
return error(403, "not cool enough for this club")
def __exec_load(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
load_file(self.ctx)
def get_explore_collections():
"""
Returns a paginated list of collection IDs (50/page), based on given filters.
:q str order: The method to explore by: popular-1w, popular-1m, popular-6m, popular-all, newest, edittime, relevance
:q str tags: A comma-separated list of tags that returned collections must have all of.
:q str q: A search query.
:q int page: The page of results to return.
"""
order = request.args.get('order', 'popular-1w')
tags = request.args.get('tags')
if tags:
tags = tags.split(',')
else:
tags = []
q = request.args.get('q')
page = request.args.get('page', 1)
if page:
try:
page = int(page)
except ValueError:
return error(400, 'page must be int')
try:
coll_ids = explore_collections(order, tags, q, page)
except ValueError as e:
return error(400, str(e))
return success(coll_ids, 200)
def __exec_save(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.ctx.db.save(self.rl.history)
print("database saved to", self.ctx.db.path)
self.ctx.db.modified = False
def __exec_save(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.ctx.db.save(self.rl.history)
print("database saved to", self.ctx.db.path)
self.ctx.db.modified = False
def decompile(self):
self.is_dump = False
self.gph, pe_nb_new_syms = self.gctx.dis.get_graph(self.entry)
if self.gph is None:
error("capstone can't disassemble here")
return None
self.gph.simplify()
if self.gctx.db.loaded and pe_nb_new_syms:
self.gctx.db.modified = True
try:
self.gph.loop_detection(self.entry)
ast, correctly_ended = generate_ast(self)
if not correctly_ended:
debug__("Second try...")
self.gph.loop_detection(self.entry, True)
ast, _ = generate_ast(self)
self.ast = ast
except ExcIfelse as e:
error("can't have a ifelse here %x" % e.addr)
if self.gctx.interactive_mode:
return None
die()
o = self.gctx.libarch.output.Output(self)
o._ast(self.entry, ast)
self.output = o
return o
def __exec_data(self, args):
if self.gctx.dis is None:
error("load a file before")
return
nb_lines = self.gctx.nb_lines
if len(args) <= 1:
self.gctx.entry = None
error("no address in parameter")
return
if len(args) == 3:
try:
nb_lines = int(args[2])
except:
pass
ctx = self.gctx.get_addr_context(args[1])
if ctx:
if args[0] == "da":
self.gctx.dis.dump_data_ascii(ctx, nb_lines)
elif args[0] == "db":
self.gctx.dis.dump_data(ctx, nb_lines, 1)
elif args[0] == "dw":
self.gctx.dis.dump_data(ctx, nb_lines, 2)
elif args[0] == "dd":
self.gctx.dis.dump_data(ctx, nb_lines, 4)
elif args[0] == "dq":
self.gctx.dis.dump_data(ctx, nb_lines, 8)
def handle_auth(data):
"""
POST /discord/auth
Content-Type: application/json
{"code": str}
Returns:
{"success": bool, "data": {"jwt": str}, "error": str}
"""
try:
access_token_resp = exchange_code(data['code'])
_, user = handle_token_response(access_token_resp)
except HTTPError as e:
if 400 <= e.response.status_code < 500:
return error(e.response.status_code, str(e))
return error(500, str(e))
token = jwt.encode(
{
'iss': 'avrae.io',
'aud': 'avrae.io',
'iat': datetime.datetime.now(),
'id': str(user.id),
'username': user.username,
'discriminator': user.discriminator,
'avatar': user.avatar
},
config.JWT_SECRET,
algorithm='HS256')
return success({'jwt': token.decode()}) # token is str
def __exec_data(self, args):
if self.ctx.dis is None:
error("load a file before")
return
lines = self.ctx.lines
if len(args) <= 1:
self.ctx.entry = None
error("no address in parameter")
return
self.ctx.entry = args[1]
if len(args) == 3:
lines = int(args[2])
self.ctx.print_data = True
if init_entry_addr(self.ctx):
if args[0] == "da":
self.ctx.dis.dump_data_ascii(self.ctx, lines)
elif args[0] == "db":
self.ctx.dis.dump_data(self.ctx, lines, 1)
elif args[0] == "dw":
self.ctx.dis.dump_data(self.ctx, lines, 2)
elif args[0] == "dd":
self.ctx.dis.dump_data(self.ctx, lines, 4)
elif args[0] == "dq":
self.ctx.dis.dump_data(self.ctx, lines, 8)
self.ctx.entry = None
self.ctx.entry_addr = 0
self.ctx.print_data = False
def __exec_load(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
load_file(self.ctx)
def disasm(ctx):
ctx.gph = ctx.dis.get_graph(ctx.entry_addr)
if ctx.gph == None:
error("capstone can't disassemble here")
return
ctx.gph.graph_init(ctx)
if ctx.graph:
ctx.gph.html_graph(ctx.dis.jmptables)
try:
ast = generate_ast(ctx)
except ExcIfelse as e:
error("can't have a ifelse here %x" % e.addr)
if ctx.interactive:
return
die()
if ctx.vim:
base = os.path.basename(ctx.filename) + "_" + ctx.entry
# re-assign if no colors
ctx.libarch.process_ast.assign_colors(ctx, ast)
ctx.color = False
generate_vim_syntax(ctx, base + ".vim")
sys.stdout = open(base + ".rev", "w+")
o = ctx.libarch.output.Output(ctx)
o.print_ast(ctx.entry_addr, ast)
if ctx.vim:
print("Run : vim {0}.rev -S {0}.vim".format(base), file=sys.stderr)
def __exec_lrawmips64(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "mips64"
self.ctx.filename = args[1]
load_file(self.ctx)
def __exec_lrawmips64(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "mips64"
self.ctx.filename = args[1]
load_file(self.ctx)
def __exec_lrawmips(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "mips"
self.ctx.filename = args[1]
load_file(self.ctx)
self.analyzer.set(self.ctx.dis, self.ctx.db)
def __exec_lrawx64(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "x64"
self.ctx.raw_big_endian = False
self.ctx.filename = args[1]
load_file(self.ctx)
def __exec_load(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
load_file(self.ctx)
if self.ctx.db is not None:
self.rl.history = self.ctx.db["history"]
def __exec_lrawmips64(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = "mips64"
if self.gctx.load_file(args[1]):
self.analyzer.set(self.gctx.dis, self.gctx.db)
def __exec_load(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
load_file(self.ctx)
if self.ctx.db is not None:
self.rl.history = self.ctx.db["history"]
def __exec_lrawmips64(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = "mips64"
if self.gctx.load_file(args[1]):
self.analyzer.set(self.gctx.dis, self.gctx.db)
def __exec_lrawx64(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "x64"
self.ctx.raw_big_endian = False
self.ctx.filename = args[1]
load_file(self.ctx)
def __exec_lrawmips(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "mips"
self.ctx.filename = args[1]
load_file(self.ctx)
self.analyzer.set(self.ctx.dis, self.ctx.db)
def __exec_lrawx86(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "x86"
self.ctx.raw_big_endian = False
self.ctx.filename = args[1]
load_file(self.ctx)
self.analyzer.set(self.ctx.dis, self.ctx.db)
def create_snippet(user, body, coll_id):
coll = get_collection_with_editor_check(coll_id, user)
if ' ' in body['name']:
return error(400, "snippet names cannot contain spaces")
if len(body['name']) < 2:
return error(400, "snippet names must be at least 2 characters")
snippet = coll.create_snippet(body['name'], body['docs'])
return success(snippet.to_dict(js=True), 201)
def __exec_sections(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.rl.print("NAME".ljust(20))
self.rl.print(" [START - END]\n")
for (name, start, end) in self.ctx.dis.binary.iter_sections():
self.ctx.dis.print_section_meta(name, start, end)
def __exec_xrefs(self, args):
if self.gctx.dis is None:
error("load a file before")
return
ad = None if len(args) == 1 else args[1]
ctx = self.gctx.get_addr_context(ad)
if ctx:
if ctx.entry not in self.gctx.dis.xrefs:
return
ctx.dump_xrefs().print()
def __exec_lrawx86(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = "x86"
self.gctx.raw_big_endian = False
if self.gctx.load_file(args[1]):
self.analyzer.set(self.gctx.dis, self.gctx.db)
def __exec_v(self, args):
if self.gctx.dis is None:
error("load a file before")
return
ad = None if len(args) == 1 else args[1]
ctx = self.gctx.get_addr_context(ad)
if ctx:
o = ctx.dump_asm(NB_LINES_TO_DISASM)
if o is not None:
Visual(self.gctx, ctx, self.analyzer)
def __exec_lrawx86(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = "x86"
self.gctx.raw_big_endian = False
if self.gctx.load_file(args[1]):
self.analyzer.set(self.gctx.dis, self.gctx.db)
def __exec_xrefs(self, args):
if self.gctx.dis is None:
error("load a file before")
return
ad = None if len(args) == 1 else args[1]
ctx = self.gctx.get_addr_context(ad)
if ctx:
if ctx.entry not in self.gctx.dis.xrefs:
return
ctx.dump_xrefs().print()
def edit_snippet(user, body, snippet_id):
snippet = get_collectable_with_editor_check(WorkshopSnippet, snippet_id, user)
if ' ' in body['name']:
return error(400, "snippet names cannot contain spaces")
if len(body['name']) < 2:
return error(400, "snippet names must be at least 2 characters")
snippet.update_info(body['name'], body['docs'])
return success(snippet.to_dict(js=True), 200)
def __exec_sections(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.rl.print("NAME".ljust(20))
self.rl.print(" [ START - END - VIRTUAL_SIZE - RAW_SIZE ]\n")
for s in self.ctx.dis.binary.iter_sections():
s.print_header()
def __exec_lrawx86(self, args):
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "x86"
self.ctx.raw_big_endian = False
self.ctx.filename = args[1]
load_file(self.ctx)
self.analyzer.set(self.ctx.dis, self.ctx.db)
def __exec_sections(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.rl.print("NAME".ljust(20))
self.rl.print(" [ START - END - VIRTUAL_SIZE - RAW_SIZE ]\n")
for s in self.ctx.dis.binary.iter_sections():
s.print_header()
def __exec_v(self, args):
if self.gctx.dis is None:
error("load a file before")
return
ad = None if len(args) == 1 else args[1]
ctx = self.gctx.get_addr_context(ad)
if ctx:
o = ctx.dump_asm(NB_LINES_TO_DISASM)
if o is not None:
Visual(self.gctx, ctx, self.analyzer)
def __exec_sections(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.rl.print("NAME".ljust(20))
self.rl.print(" [START - END]\n")
for (name, start, end) in self.ctx.dis.binary.iter_sections():
self.ctx.dis.print_section_meta(name, start, end)
def __exec_lrawarm(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "arm"
self.ctx.filename = args[1]
if load_file(self.ctx):
self.analyzer.set(self.ctx.dis, self.ctx.db)
def __exec_load(self, args):
# TODO: kill the thread analyzer before loading a new file
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = None
if self.gctx.load_file(args[1]):
self.rl.history = self.gctx.db.history
self.push_analyze_symbols()
def __exec_mips_set_gp(self, args):
if self.ctx.dis is None:
error("load a file before")
return
try:
self.ctx.dis.mips_gp = int(args[1], 16)
except:
error("bad address")
self.ctx.db.modified = True
def __exec_mips_set_gp(self, args):
if self.ctx.dis is None:
error("load a file before")
return
try:
self.ctx.dis.mips_gp = int(args[1], 16)
except:
error("bad address")
self.ctx.db.modified = True
def __exec_load(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
if load_file(self.ctx):
self.rl.history = self.ctx.db.history
self.push_analyze_symbols()
def __exec_load(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.filename = args[1]
if load_file(self.ctx):
self.rl.history = self.ctx.db.history
self.push_analyze_symbols()
def __exec_lrawarm(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "arm"
self.ctx.filename = args[1]
load_file(self.ctx)
self.analyzer.set(self.ctx.dis, self.ctx.db)
def __exec_load(self, args):
# TODO: kill the thread analyzer before loading a new file
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.gctx.raw_type = None
if self.gctx.load_file(args[1]):
self.rl.history = self.gctx.db.history
self.push_analyze_symbols()
def set_state(user, body, coll_id):
coll = WorkshopCollection.from_id(coll_id)
if not coll.is_owner(int(user.id)):
return error(403, "you do not have permission to change the state of this collection")
try:
coll.set_state(body['state'])
except ValueError as e: # invalid publication state
return error(400, str(e))
return success(coll.to_dict(js=True), 200)
def __exec_lrawx64(self, args):
if self.check_db_modified():
return
if len(args) != 2:
error("filename required")
return
self.ctx.reset_all()
self.ctx.raw_type = "x64"
self.ctx.raw_big_endian = False
self.ctx.filename = args[1]
if load_file(self.ctx):
self.analyzer.set(self.ctx.dis, self.ctx.db)
def edit_alias(user, body, alias_id):
alias = get_collectable_with_editor_check(WorkshopAlias, alias_id, user)
if not body['name']:
return error(400, "Alias must have a name")
if ' ' in body['name']:
return error(400, "Alias names cannot contain spaces")
if not alias.has_parent and body['name'] in current_app.rdb.jget("default_commands", []):
return error(409, f"{body['name']} is already a built-in command")
alias.update_info(body['name'], body['docs'])
return success(alias.to_dict(js=True), 200)
def __exec_calls(self, args):
if len(args) != 2:
error("section required")
return
if self.ctx.dis is None:
error("load a file before")
return
self.ctx.calls_in_section = args[1]
if init_entry_addr(self.ctx):
self.ctx.dis.print_calls(self.ctx)
self.ctx.entry = None
self.ctx.entry_addr = 0
self.ctx.calls_in_section = None
def __exec_x(self, args):
if self.gctx.dis is None:
error("load a file before")
return
ad = None if len(args) == 1 else args[1]
ctx = self.gctx.get_addr_context(ad)
if ctx:
try:
o = ctx.decompile()
if o is not None:
o.print()
except:
traceback.print_exc()
def __exec_x(self, args):
if self.ctx.dis is None:
error("load a file before")
return
if len(args) == 1:
self.ctx.entry = None
else:
self.ctx.entry = args[1]
self.ctx.reset_vars()
if init_entry_addr(self.ctx):
disasm(self.ctx)
self.ctx.entry = None
self.ctx.entry_addr = 0
def exec_command(self, line):
args = shlex.split(line)
if args[0] not in self.COMMANDS:
error("unknown command")
return
c = self.COMMANDS[args[0]]
if len(args)-1 > c.max_args:
error("%s takes max %d args" % (args[0], c.max_args))
return
if c.callback_exec is not None:
c.callback_exec(args)
def __exec_sections(self, args):
if self.ctx.dis is None:
error("load a file before")
return
self.rl.print("NAME".ljust(20))
self.rl.print("START".ljust(16))
self.rl.print("END\n")
for (name, start, end) in self.ctx.dis.binary.iter_sections():
self.rl.print(name.ljust(20))
self.rl.print(hex(start).ljust(16))
self.rl.print(hex(end).ljust(16))
self.rl.print("\n")
def init_entry_addr(ctx):
if ctx.entry == "EP":
entry_addr = ctx.dis.binary.get_entry_point()
else:
try:
entry_addr = ctx.dis.get_addr_from_string(ctx.entry, ctx.raw_type != None)
# An exception is raised if the symbol was not found
if ctx.entry is None:
ctx.entry = "main"
except ExcSymNotFound as e:
error("symbol %s not found" % e.symname)
if ctx.interactive_mode:
return False
error("You can see all symbols with -s (if resolution is done).")
error("Note: --dump need the option -x.")
die()
s = ctx.dis.binary.get_section(entry_addr)
if s is None:
error("the address 0x%x was not found" % entry_addr)
if ctx.interactive_mode:
return False
die()
ctx.entry_addr = entry_addr
return True
def init_addr(ctx):
if ctx.entry == "EP":
addr = ctx.dis.binary.get_entry_point()
else:
try:
addr = ctx.dis.get_addr_from_string(ctx.entry, ctx.raw_type != None)
except ExcSymNotFound as e:
error("symbol %s not found" % e.symname)
if ctx.interactive:
return False
error("Try with --sym to see all symbols.")
die()
try:
ctx.dis.check_addr(addr)
except ExcNotExec as e:
error("the address 0x%x is not in an executable section" % e.addr)
if ctx.interactive:
return False
die()
except ExcNotAddr as e:
error("the address 0x%x cannot be found" % e.addr)
if ctx.interactive:
return False
die()
ctx.addr = addr
return True