Python ManticoreEVM.SByte Exemples

Exemple #1

Fichier : simple_mapping.py Projet : zgos/manticore

    function Test(){
        balances[0x1111111111111111111111111111111111111111] = 10;
        balances[0x2222222222222222222222222222222222222222] = 20;
        balances[0x3333333333333333333333333333333333333333] = 30;
        balances[0x4444444444444444444444444444444444444444] = 40;
        balances[0x5555555555555555555555555555555555555555] = 50;
    }
    
    function target(address key) returns (bool){
        if (balances[key] > 20)
            Log("Balance greater than 20");
        else
            Log("Balance less or equal than 20");
    } 

}
'''
#Initialize accounts
user_account = m.create_account(balance=1000)
contract_account = m.solidity_create_contract(source_code, owner=user_account)

symbolic_data = m.SByte(64)
symbolic_value = 0
m.transaction(caller=user_account,
              address=contract_account,
              value=symbolic_value,
              data=symbolic_data)

m.finalize()
print "[+] Look for results in %s" % m.workspace

Exemple #2

Fichier : reentrancy_symbolic.py Projet : zgos/manticore

print "[+] Initial world state"
print "     attacker_account %x balance: %d"% (attacker_account, m.get_balance(attacker_account))
print "     exploit_account %x balance: %d"%  (exploit_account, m.get_balance(exploit_account))
print "     user_account %x balance: %d"%  (user_account, m.get_balance(user_account))
print "     contract_account %x balance: %d"%  (contract_account, m.get_balance(contract_account))



print "[+] Setup the exploit"
exploit_account.set_vulnerable_contract(contract_account)

print "\t Setting 30 reply reps"
exploit_account.set_reentry_reps(30)

print "\t Setting reply string"
exploit_account.set_reentry_attack_string(m.SByte(4))

#Attacker is
print "[+] Attacker first transaction"
exploit_account.proxycall(m.SByte(4), value=m.SValue)

print "[+] Attacker second transaction" 
exploit_account.proxycall(m.SByte(4))

print "[+] The attacker destroys the exploit contract and profit" 
exploit_account.get_money()

#Let seth know we are not sending more transactions so it can output 
# info about running states and global statistics
m.finalize()
print "[+] Look for results in %s"% m.workspace

Exemple #3

#And now make the contract account to analyze
source_code = file('coverage.sol').read()

user_account = m.create_account(balance=1000)

bytecode = m.compile(source_code)
#Initialize contract
contract_account = m.create_contract(owner=user_account,
                                     balance=0,
                                     init=bytecode)

m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)

#Up to here we get only ~30% coverage.
#We need 2 transactions to fully explore the contract
m.transaction(
    caller=user_account,
    address=contract_account,
    value=None,
    data=m.SByte(164),
)

print "[+] There are %d reverted states now" % len(m.final_state_ids)
print "[+] There are %d alive states now" % len(m.running_state_ids)
for state_id in m.running_state_ids:
    print m.report(state_id)