def test_java_simple4():
binary_path = os.path.join(self_dir, "simple4.jar")
proj = angr.Project(binary_path)
print proj.loader.main_object._classes['simple4.Class1']
simgr = proj.factory.simgr()
main_method = next(proj.loader.main_object.main_methods)
simgr.active[0].ip = SootAddressDescriptor(
SootMethodDescriptor.from_method(main_method), 0, 0)
simgr.explore()
paths = simgr.deadended
assert len(paths) == 2
winnning_paths = []
for pp in paths:
pp.state.posix.set_pos(0, 0)
pp.state.posix.set_pos(1, 0)
oo = pp.state.posix.read_from(1, 1)
# a winning path is printing 'W'
pp.state.add_constraints(oo == pp.state.se.BVV(ord('W'), 8))
if pp.satisfiable():
winnning_paths.append(pp)
assert len(winnning_paths) == 1
winning_path = winnning_paths[0]
# on the winning path, we ask for the input
ii = winning_path.state.posix.read_from(0, 1)
solution = chr(winning_path.state.se.eval(ii))
print repr(solution)
assert solution == 'F'
def __init__(self,
path,
additional_jars=None,
additional_jar_roots=None,
main_class=None,
**kwargs):
if not pysoot:
raise ImportError(
'Cannot import PySoot. The Soot backend requires PySoot to function. '
'Please install PySoot first.')
if kwargs.get('has_memory', False):
raise CLEError(
'The parameter "has_memory" must be False for Soot backend.')
super(Soot, self).__init__(path, has_memory=False, **kwargs)
if not main_class:
# parse main_class from the manifest
self.manifest = self.get_manifest()
main_class = self.manifest.get('Main-Class', None)
# load the classes
pysoot_lifter = Lifter(
path,
additional_jars=additional_jars,
additional_jar_roots=additional_jar_roots,
# main_class=main_class,
)
self._classes = pysoot_lifter.classes
# find entry method
try:
main_method_descriptor = SootMethodDescriptor.from_method(
next(self.get_method("main", main_class)))
entry = SootAddressDescriptor(main_method_descriptor, 0, 0)
except CLEError:
_l.warning(
'Failed to identify the entry (the Main method) of this JAR.')
entry = None
self._entry = entry
self.os = 'javavm'
self.rebase_addr = None
self.set_arch(archinfo.arch_from_id('soot'))
def test_java_simple3():
binary_path = os.path.join(self_dir, "simple3.jar")
proj = angr.Project(binary_path)
print proj.loader.main_object._classes['simple3.Class1']
simgr = proj.factory.simgr()
main_method = next(proj.loader.main_object.main_methods)
simgr.active[0].ip = SootAddressDescriptor(
SootMethodDescriptor.from_method(main_method), 0, 0)
simgr.explore()
pp = simgr.deadended[0]
pp.state.posix.set_pos(0, 0)
pp.state.posix.set_pos(1, 0)
ii = pp.state.posix.read_from(0, 1)
oo = pp.state.posix.read_from(1, 1)
pp.state.add_constraints(oo == pp.state.se.BVV(ord('c'), 8))
print ii, "-->", oo
cinput = chr(pp.state.se.eval(ii))
print repr(cinput)
assert cinput == "b"