def create_dict(binary, dict_filename): create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin", "create_dict.py") args = [sys.executable, create_dict_script, binary] with open(dict_filename, 'wb') as df: p = subprocess.Popen(args, stdout=df) retcode = p.wait() df.close() return_ok = retcode == 0 and os.path.getsize(dict_filename) if return_ok: # angr prints 'wtf' on some lines, I think due to this file https://github.com/angr/angr/blob/8b1f0325187f28ba7721ee1e9a1f33f46394c487/angr/analyses/cfg/cfg_fast.py # so I remove these lines and log it with open(dict_filename, 'rb') as df: lines = df.readlines() df.close() WTF = b'wtf\n' if WTF in lines: logger.warn("Found 'wtf' lines in dictionary. Removing them") content = b''.join([line for line in lines if line != WTF]) with open(dict_filename, 'wb') as df: df.write(content) return return_ok
def create_dict(binary, dict_filename): create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin", "create_dict.py") args = [sys.executable, create_dict_script, binary] with open(dict_filename, 'wb') as df: p = subprocess.Popen(args, stdout=df) retcode = p.wait() return retcode == 0 and os.path.getsize(dict_filename)
def create_dict(binary, dict_filename): create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin", "create_dict.py") args = [sys.executable, create_dict_script, binary] with open(dict_filename + '.org', 'wb') as df: p = subprocess.Popen(args, stdout=df) retcode = p.wait() out = open(dict_filename + '.org') file = open(dict_filename, 'w') for line in out: match = re.match(r"string_[\d]+=.+[\n]{0,1}", line) if match: file.writelines(line) return retcode == 0 and os.path.getsize(dict_filename)
def __init__(self, binary_path, testcase): """ :param binary_path: path to the binary which the testcase applies to :param testcase: string representing the contents of the testcase """ self.binary_path = binary_path self.testcase = testcase Fuzzer._perform_env_checks() self.base = Fuzzer._get_base() l.debug("got base dir %s", self.base) # unfortunately here is some code reuse between Fuzzer and Minimizer p = angr.Project(self.binary_path) tracer_id = 'cgc' if p.loader.main_bin.os == 'cgc' else p.arch.qemu_name self.tmin_path = os.path.join(afl_wrapper.afl_dir(tracer_id), "afl-tmin") self.afl_path_var = afl_wrapper.afl_path_var(tracer_id) l.debug("tmin_path: %s", self.tmin_path) l.debug("afl_path_var: %s", self.afl_path_var) os.environ['AFL_PATH'] = self.afl_path_var # create temp self.work_dir = tempfile.mkdtemp(prefix='tmin-', dir='/tmp/') # flag for work directory removal self._removed = False self.input_testcase = os.path.join(self.work_dir, 'testcase') self.output_testcase = os.path.join(self.work_dir, 'minimized_result') l.debug("input_testcase: %s", self.input_testcase) l.debug("output_testcase: %s", self.output_testcase) # populate contents of input testcase with open(self.input_testcase, 'w') as f: f.write(testcase)
def __init__(self, binary_path, testcase, timeout=None): """ :param binary_path: path to the binary which the testcase applies to :param testcase: string representing the contents of the testcase :param timeout: millisecond timeout """ self.binary_path = binary_path self.testcase = testcase self.timeout = None if isinstance(binary_path, basestring): self.is_multicb = False self.binaries = [binary_path] elif isinstance(binary_path, (list,tuple)): self.is_multicb = True self.binaries = binary_path else: raise ValueError("Was expecting either a string or a list/tuple for binary_path! " "It's {} instead.".format(type(binary_path))) if timeout is not None: if isinstance(timeout, (int, long)): self.timeout = str(timeout) elif isinstance(timeout, (str)): self.timeout = timeout else: raise ValueError("timeout param must be of type int or str") # will be set by showmap's return code self.causes_crash = False Fuzzer._perform_env_checks() self.base = Fuzzer._get_base() l.debug("got base dir %s", self.base) # unfortunately here is some code reuse between Fuzzer and Minimizer (and Showmap!) p = angr.Project(self.binaries[0]) tracer_id = 'cgc' if p.loader.main_bin.os == 'cgc' else p.arch.qemu_name if self.is_multicb: tracer_id = 'multi-{}'.format(tracer_id) self.showmap_path = os.path.join(afl_wrapper.afl_dir(tracer_id), "afl-showmap") self.afl_path_var = afl_wrapper.afl_path_var(tracer_id) l.debug("showmap_path: %s", self.showmap_path) l.debug("afl_path_var: %s", self.afl_path_var) os.environ['AFL_PATH'] = self.afl_path_var # create temp self.work_dir = tempfile.mkdtemp(prefix='showmap-', dir='/tmp/') # flag for work directory removal self._removed = False self.input_testcase = os.path.join(self.work_dir, 'testcase') self.output = os.path.join(self.work_dir, 'out') l.debug("input_testcase: %s", self.input_testcase) l.debug("output: %s", self.output) # populate contents of input testcase with open(self.input_testcase, 'w') as f: f.write(testcase)