def __init__(self, base, config, **kargs):
self.as_assert(base is None, 'Must be first Address Space')
addrspace.BaseAddressSpace.__init__(self, base, config, **kargs)
if not config.LOCATION:
self.as_assert(False, "Not a Reven2 Address Space")
location = config.LOCATION.split(':')
self.as_assert(
len(location) == 3,
"Invalid Reven2 location (should be <host>:<port>:<transition id>)."
)
hostname = location[0]
try:
port = int(location[1])
transition_id = int(location[2])
except (ValueError):
self.as_assert(
False,
"Invalid Reven2 location (should be <host>:<port>:<transition id>)."
)
try:
self.rvn = reven2.RevenServer(hostname, port)
except (RuntimeError):
self.as_assert(
False,
"Impossible to connect to the REVEN Server at {}:{}.".format(
hostname, port))
try:
self.context = self.rvn.trace.context_before(transition_id)
except (ValueError):
self.as_assert(
False,
"Impossible to jump at the REVEN transition #{}.".format(
transition_id))
self.physical_memory_regions = list(
self.context.physical_memory_regions())
self.name = "Reven Server on {}:{} at {}".format(
hostname, port, transition_id)
def main():
args = parse_cli_args()
host = args.host
port = args.port
binary_path = args.BINARY
srv = reven2.RevenServer(host, port)
if binary_path is None:
print_binaries(srv)
return
from_context = None
to_context = None
if vars(args)["from"] is not None:
from_context = srv.trace._context(vars(args)["from"])
if args.to is not None:
to_context = srv.trace._context(args.to)
print_ltrace(srv, binary_path, from_context, to_context, args.pretty)
def main(host, port):
print('\n**** Resolve executed XREFS *****')
rvn = reven2.RevenServer(host, port)
print("\n* REVEN Server: {}:{}".format(host, port))
binary = find_binary(rvn.ossi,
os.path.basename(idc.GetInputFilePath()).lower())
print('\n* Binary path: {}'.format(binary))
print('\n* Compute Trace XREFS')
bfcs = search_breaking_control_flow(rvn.trace.search, binary)
xrefs = compute_trace_xrefs(bfcs)
print('\n* Convert Trace XREFS to IDA indirect XREFS')
xrefs = convert_to_ida_indirect_xrefs(xrefs)
print('\n* Apply XREFS in IDA')
ida_apply_xrefs(xrefs)
print('\n* Finish')
def main(host, port):
print('\n**** Coverage Info *****')
rvn = reven2.RevenServer(host, port)
print("\n* REVEN Server: {}:{}".format(host, port))
binary = find_binary(rvn.ossi,
os.path.basename(idc.GetInputFilePath()).lower())
print('\n* binary path: {}'.format(binary))
print('\n* Compute Trace coverage')
coverage = compute_coverage(rvn.trace.search, binary)
display_coverage(coverage)
print('\n* Compute frequency colors')
fcolors = colors.compute_frequency_colors(coverage.values())
display_colors(fcolors)
print('\n* Apply colors in IDA')
ida_apply_colors(coverage, fcolors)
print('\n* Finished')
def script_main():
parser = argparse.ArgumentParser(
description=
"Convert the bookmarks of a scenario to a WinDbg breakpoints commands."
)
parser.add_argument(
"--host",
type=str,
default="localhost",
required=False,
help='REVEN host, as a string (default: "localhost")',
)
parser.add_argument(
"-p",
"--port",
type=int,
default="13370",
required=False,
help="REVEN port, as an int (default: 13370)",
)
parser.add_argument(
"-o",
"--output-file",
type=str,
required=False,
help=
"The target file of the script. If absent, the results will be printed on the standard output.",
)
args = parser.parse_args()
try:
server = reven2.RevenServer(args.host, args.port)
except RuntimeError:
raise RuntimeError(
f"Could not connect to the server on {args.host}:{args.port}.")
bk2bp(server, args.output_file)
buf, size = get_network_buffer_send_NdisSendNetBufferLists(ctx)
else:
buf, size = get_network_buffer_recv_RxPacketAssemble(ctx)
if buf is not None:
packet = Ether(buf)
# Here we check wether or not we have to fix checksum.
if fix_checksum:
if TCP in packet:
del packet[TCP].chksum
# Replace the time in the packet by the transition ID, so that we get
# it in Wireshark in a nice way.
packet.time = ctx.transition_before().id
# Write packet to pcap file
wrpcap(output_file, packet, append=True)
print("[+] Finished: PCAP file is \'{}\'.".format(output_file))
if __name__ == '__main__':
args = parse_args()
# Get a server instance
reven_server = reven2.RevenServer(args.host, args.port)
# Generate the PCAP file
dump_pcap(reven_server, output_file=args.file_name, fix_checksum=args.fix_checksum)
port = 13370
# Output target
#
# If set to a path, writes the breakpoint commands file there
output_file = None # display bp commands inline in the Jupyter Notebook
# output_file = "breakpoints.txt" # write bp commands to a file named "breakpoints.txt" in the current directory
# %% [markdown]
# ### Execution cell
#
# This cell executes according to the [parameters](#Parameters) when in notebook context, or according to the
# [parsed arguments](#Argument-parsing) when in script context.
#
# When in notebook context, if the `output` parameter is `None`, then the output will be displayed in the last cell of
# the notebook.
# %%
if __name__ == "__main__":
if in_notebook():
try:
server = reven2.RevenServer(host, port)
except RuntimeError:
raise RuntimeError(
f"Could not connect to the server on {host}:{port}.")
bk2bp(server, output_file)
else:
script_main()
# %%
def script_main():
parser = argparse.ArgumentParser(description="Export the bookmarks of a scenario to a report.")
parser.add_argument(
"--host",
type=str,
default="localhost",
required=False,
help='REVEN host, as a string (default: "localhost")',
)
parser.add_argument(
"-p",
"--port",
type=int,
default="13370",
required=False,
help="REVEN port, as an int (default: 13370)",
)
parser.add_argument(
"-C",
"--context",
type=int,
required=False,
help="Print CONTEXT lines of surrounding context around the bookmark's instruction",
)
parser.add_argument(
"--header",
type=str,
default="no",
required=False,
choices=["no", "simple"],
help="Whether to preprend the output with a header or not (default: no)",
)
parser.add_argument(
"--format",
type=str,
default="html",
required=False,
choices=["html", "md", "raw"],
help="The output format (default: html).",
)
parser.add_argument(
"--order",
type=str,
default="transition",
choices=["transition", "creation"],
required=False,
help="The sort order of bookmarks in the report (default: transition).",
)
parser.add_argument(
"--no-escape-description",
action="store_true",
default=False,
required=False,
help="If present, don't escape the HTML in the bookmark descriptions.",
)
parser.add_argument(
"-o",
"--output-file",
type=str,
required=False,
help="The target file of the report. If absent, the report will be printed on the standard output.",
)
args = parser.parse_args()
try:
server = reven2.RevenServer(args.host, args.port)
except RuntimeError:
raise RuntimeError(f"Could not connect to the server on {args.host}:{args.port}.")
sort = get_sort(args.order)
header = get_header(args.header)
format = get_format(args.format)
export_bookmarks(
server,
sort,
args.context,
header,
format,
escape_description=(not args.no_escape_description),
output=args.output_file,
)
last_symbol = None
for change in taint.changes().all():
loc = change.transition.context_before().ossi.location()
if loc is None:
continue
symbol = loc.symbol
if symbol is None or last_symbol is not None and symbol == last_symbol:
continue
if len(user_symbols) == 0 or found_symbol(symbol, user_symbols):
# if user_symbols is an empty list then no requested symbols, don't filter output
print("{}: {}".format(change.transition, symbol))
last_symbol = symbol
print(
"=====================================================================================\n"
)
print("[+] Finished: tainting all pcap in the trace")
if __name__ == '__main__':
args = parse_args()
print("[+] Start tainting pcap from trace...")
# Get a server instance
rvn = reven2.RevenServer(args.host, args.port)
taint_pcap(rvn, args.recv_only, args.symbols)
