Exemple #1
0
    def __init__(self):
        b = r_bin.RBin()
        b.load(
            "./apks/exploits/617efb2d51ad5c4aed50b76119ad880c6adcd4d2e386b3170930193525b0563d",
            None)
        baddr = b.get_baddr()
        print '-> Sections'
        for i in b.get_sections():
            print 'offset=0x%08x va=0x%08x size=%05i %s' % (
                i.offset, baddr + i.rva, i.size, i.name)

        core = r_core.RCore()
        core.config.set_i("io.va", 1)
        core.config.set_i("anal.split", 1)

        core.file_open(
            "./apks/exploits/617efb2d51ad5c4aed50b76119ad880c6adcd4d2e386b3170930193525b0563d",
            0, 0)
        core.bin_load(None)

        core.anal_all()

        for fcn in core.anal.get_fcns():
            print type(fcn), fcn.type, "%x" % fcn.addr, fcn.ninstr, fcn.name
            #                    if (fcn.type == FcnType_FCN or fcn.type == FcnType_SYM):

        for s in core.bin.get_entries():
            print s, type(s), s.rva, "%x" % s.offset

        #a = r_asm.RAsm()
        for s in core.bin.get_symbols():
            print s, s.name, s.rva, s.offset, s.size
            if s.name == "rootshell":
                #print core.disassemble_bytes( 0x8000 + s.offset, s.size )

                #core.assembler.mdisassemble( 0x8000 + s.offset, s.size )
                z = core.op_anal(0x8000 + s.offset)
                print z.mnemonic

                raise ("oo")

                print core.bin.bins, core.bin.user
                d = core.bin.read_at(0x8000 + s.offset, x, s.size)
                print d
                raise ("ooo")
                j = 0
                while j < s.size:
                    v = core.disassemble(0x8000 + s.offset + j)
                    v1 = core.op_str(0x8000 + s.offset + j)

                    print v1
                    #    print 0x8000 + s.offset + j, j, v.inst_len, v.buf_asm
                    j += v.inst_len
Exemple #2
0
from r2 import r_core

rc = r_core.RCore()
rc.file_open("/bin/ls", 0, 0)
rc.bin_load("", 0)

rc.anal_all()
funcs = rc.anal.get_fcns()

for f in funcs:
    blocks = f.get_bbs()
    print("+" + (72 * "-"))
    print("| FUNCTION: %s @ 0x%x" % (f.name, f.addr))
    print("| (%d blocks)" % (len(blocks)))
    print("+" + (72 * "-"))

    for b in blocks:
        print("---[ Block @ 0x%x ]---" % (b.addr))
        print("   | size:        %d" % (b.size))
        print("   | jump:        0x%x" % (b.jump))
        print("   | conditional: %d" % (b.conditional))
        print("   | return:      %d" % (b.returnbb))

        end_byte = b.addr + b.size
        cur_byte = b.addr

        while (cur_byte < end_byte):
            #anal_op = rc.op_anal(cur_byte)
            asm_op = rc.disassemble(cur_byte)

            if asm_op.inst_len == 0: