def _garbage(self, n):
import random
out = ''
while len(out) < n:
x = random.choice(self.garbage)
out += x if isinstance(x, str) else pwn.pint(x)
return out[:n]
def gadget(self, what, avoid = ''):
if what in self._gadget_cache:
return self._gadget_cache[(what, avoid)]
gs = []
err = 'Unknown gadget type: "%s"' % what
if what == 'ret':
gs = self._gadgets.get('popret', {}).get(0, [])
elif what == 'leave':
gs = self._gadgets.get('leave', [])
elif what == 'popebp':
gs = self._gadgets.get('popebp', [])
elif what.startswith('pop'):
if what.startswith('popret'):
offset = what[6:]
else:
if what[-3:] == 'ret':
what = what[:-3]
offset = what[3:]
if offset.isdigit():
offset = int(offset)
elif offset == '':
offset = 1
else:
pwn.die(err)
gs = self._gadgets.get('popret', {}).get(offset, [])
else:
pwn.die(err)
for g in gs:
gstr = pwn.pint(g)
if all(c not in gstr for c in avoid):
self._gadget_cache[(avoid, what)] = g
return g
def gadget(self, what, avoid=''):
if what in self._gadget_cache:
return self._gadget_cache[(what, avoid)]
gs = []
err = 'Unknown gadget type: "%s"' % what
if what == 'ret':
gs = self._gadgets.get('popret', {}).get(0, [])
elif what == 'leave':
gs = self._gadgets.get('leave', [])
elif what == 'popebp':
gs = self._gadgets.get('popebp', [])
elif what.startswith('pop'):
if what.startswith('popret'):
offset = what[6:]
else:
if what[-3:] == 'ret':
what = what[:-3]
offset = what[3:]
if offset.isdigit():
offset = int(offset)
elif offset == '':
offset = 1
else:
pwn.die(err)
gs = self._gadgets.get('popret', {}).get(offset, [])
else:
pwn.die(err)
for g in gs:
gstr = pwn.pint(g)
if all(c not in gstr for c in avoid):
self._gadget_cache[(avoid, what)] = g
return g
def _garbage(self, n):
import random
out = ''
while len(out) < n:
x = random.choice(self.garbage)
out += x if isinstance(x, str) else pwn.pint(x)
return out[:n]
def de_bruijn_find(subseq, alphabet=string.ascii_lowercase, n=None):
"""Returns the index for the subsequence of a De Bruijn Sequence for the given alphabet and subsequences of length n. If not specified, n will default to len(subseq).
There exists better algorithms for this, but they depend on generating the De Bruijn sequence in another fashion. Somebody should look at it:
http://www.sciencedirect.com/science/article/pii/S0012365X00001175
"""
if isinstance(subseq, int):
subseq = pwn.pint(subseq)
if n == None:
n = len(subseq)
return gen_find(subseq, de_bruijn_generator(alphabet, n))
def de_bruijn_find(subseq, alphabet = string.ascii_lowercase, n = None):
"""Returns the index for the subsequence of a De Bruijn Sequence for the given alphabet and subsequences of length n. If not specified, n will default to len(subseq).
There exists better algorithms for this, but they depend on generating the De Bruijn sequence in another fashion. Somebody should look at it:
http://www.sciencedirect.com/science/article/pii/S0012365X00001175
"""
if isinstance(subseq, int):
subseq = pwn.pint(subseq)
if n == None:
n = len(subseq)
return gen_find(subseq, de_bruijn_generator(alphabet, n))