Example #1
0
def generate_false_constraint(path_constraint):
    false_constraint = None
    if path_constraint.is_and() or path_constraint.is_or():
        prefix = None
        while path_constraint.is_and() or path_constraint.is_or():
            constraint = path_constraint.arg(1)
            constraint_str = str(constraint.serialize())
            if "angelic!bool" in constraint_str:
                model = generate_model(constraint)
                for var_name, byte_list in model:
                    if "angelic!bool" in var_name:
                        value = utilities.get_signed_value(byte_list)
                        if value != 0:
                            constraint = Not(constraint)

            if false_constraint:
                if path_constraint.is_and():
                    false_constraint = And(false_constraint, constraint)
                elif path_constraint.is_or():
                    false_constraint = Or(false_constraint, constraint)
            else:
                false_constraint = constraint
            prefix = path_constraint.arg(0)
            if prefix.is_and() or prefix.is_or():
                path_constraint = prefix
            else:
                prefix_str = str(prefix.serialize())
                if "angelic!bool" in prefix_str:
                    model = generate_model(prefix)
                    for var_name, byte_list in model:
                        if "angelic!bool" in var_name:
                            value = utilities.get_signed_value(byte_list)
                            if value != 0:
                                prefix = Not(prefix)
        if path_constraint.is_and():
            false_constraint = And(false_constraint, prefix)
        elif path_constraint.is_or():
            false_constraint = Or(false_constraint, prefix)

    else:
        model = generate_model(path_constraint)
        for var_name in model:
            byte_list = model[var_name]
            if "angelic!bool" in var_name:
                value = utilities.get_signed_value(byte_list)
                if value != 0:
                    false_constraint = Not(path_constraint)
                else:
                    false_constraint = path_constraint
    return false_constraint
Example #2
0
def extract_input_list(model):
    input_list = dict()
    for var_name in model:
        if "rvalue!" in str(var_name) and "_" not in str(var_name):
            byte_list = model[var_name]
            input_list[str(var_name)] = utilities.get_signed_value(byte_list)
    is_multi_dimension = False
    if len(input_list) > 1:
        is_multi_dimension = True
    return input_list, is_multi_dimension
Example #3
0
def extract_parameter_list(model):
    parameter_list = dict()
    for var_name in model:
        if "const_" in str(var_name):
            byte_list = model[var_name]
            parameter_list[str(var_name)] = utilities.get_signed_value(
                byte_list)
    is_multi_dimension = False
    if len(parameter_list) > 1:
        is_multi_dimension = True
    return parameter_list, is_multi_dimension
Example #4
0
def generate_constant_value_list(sym_path):
    gen_const_list = dict()
    gen_var_list = dict()
    const_val_list = dict()
    model = generate_model(sym_path)
    if model is None:
        return None
    for var_name in model:
        var_byte_list = model[var_name]
        if "const" in var_name:
            gen_const_list[var_name] = var_byte_list
        else:
            gen_var_list[var_name] = var_byte_list

    for const_name in gen_const_list:
        bit_vector = gen_const_list[const_name]
        const_value = utilities.get_signed_value(bit_vector)
        print(const_name, const_value)
        const_val_list[const_name] = const_value

    emitter.data("Generated Constant List", const_val_list)
    return const_val_list
Example #5
0
def generate_new_input(sym_path, argument_list=None, poc_path=None, gen_path=None):
    gen_arg_list = dict()
    gen_var_list = dict()
    input_var_list = list()
    input_arg_dict = dict()
    input_arg_list = list()
    model = generate_model(sym_path)
    if model is None:
        return None, None
    for var_name in model:
        var_byte_list = model[var_name]
        if "arg" in var_name:
            gen_arg_list[var_name] = var_byte_list
        else:
            gen_var_list[var_name] = var_byte_list
    mask_list = values.CONF_MASK_ARG
    mask_map = dict()
    if values.CONF_MASK_ARG:
        min_val = 0
        new_idx = 0
        max_val = len(argument_list)
        for idx in range(min_val, max_val):
            if str(idx) not in mask_list:
                mask_map[new_idx] = idx
                new_idx = new_idx + 1

    for arg_name in gen_arg_list:
        bit_vector = gen_arg_list[arg_name]
        arg_index = int(str(arg_name).replace("arg", ""))
        arg_str = utilities.get_str_value(bit_vector)
        arg_value = utilities.get_signed_value(bit_vector) - 48
        arg_index_orig = arg_index
        if values.CONF_MASK_ARG:
            arg_index_orig = mask_map[arg_index_orig]
        # print(arg_name, arg_index, arg_value)
        if str(argument_list[arg_index_orig]).isnumeric() or \
                (not str(argument_list[arg_index_orig]).isalpha() and any(op in str(argument_list[arg_index_orig]) for op in ["+", "-", "/", "*"])):
            input_arg_dict[arg_index] = str(arg_value)
            # emitter.debug(arg_name, arg_value)
        else:
            arg_str_filtered = str(arg_str).replace("<", "a").replace("&", "s").replace(">", "a").replace("'", "a")
            input_arg_dict[arg_index] = arg_str_filtered
            # emitter.debug(arg_name, arg_str)

    # fill random values if not generated
    offset = 0
    for arg in argument_list:
        index = list(argument_list).index(arg) - offset
        if "$POC" in arg:
            input_arg_list.append(str(argument_list[index]))
            offset = 1
        elif str(index) in values.CONF_MASK_ARG:
            input_arg_list.append(arg)
        elif index in input_arg_dict:
            input_arg_list.append(input_arg_dict[index])
        else:
            arg_len = len(str(argument_list[index]))
            random_value = ""
            for j in range(0, arg_len):
                random_value += chr(random.randint(32, 128))
            input_arg_list.append(random_value)

    for var_name in gen_var_list:
        bit_vector = gen_var_list[var_name]
        var_value = 0
        var_size = len(bit_vector)
        if var_name in ["A-data", "A-data-stat"]:
            if var_name == "A-data":
                generate_binary_file(bit_vector, poc_path, gen_path)
            continue
        if bit_vector:
            var_value = utilities.get_signed_value(bit_vector)
        # emitter.debug(var_name, var_value)
        if "angelic" in var_name:
            input_var_list.append({"identifier": var_name, "value": var_value, "size": 4})
        # input_var_list.append({"identifier": var_name, "value": var_value, "size": 4})

    # for var_tuple in second_var_list:
    #     var_name = var_tuple['identifier']
    #     if var_name not in gen_var_list:
    #         emitter.warning("\t[warning] variable " + var_name + " assigned random value")
    #         var_size = var_tuple['size']
    #         var_value = 0
    #         for i in range(1, var_size):
    #             var_value += ((2 << 7) << (int(i) - 1)) * random.randint(0, 255)
    #         input_var_list.append({"identifier": var_name, "value": var_value, "size": var_size})
    emitter.data("Generated Arg List", input_arg_list)
    emitter.data("Generated Var List", input_var_list)
    return input_arg_list, input_var_list