Esempio n. 1
0
		candidates = get_numbers(f, section_names, 0xffffffff, use_segment=use_segment, no_null_bytes=True)
		#candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True)
		f.close()
		coins = list(set(candidates.values()))

		pg = PayloadGenerator()
		if prologue:
			python_code += pg.add_prologue()

		first = True
		for gap in slice_gaps:
			# Not elegant, but for first element, remove the initial value of accumulator register
			if first:
				first_gap = list(gap)
				accumulator_value += first_gap[1] - 1
				first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value))
				print(first_gap[1])
				gap = tuple(first_gap)
				first = False
			else:
				accumulator_value += gap[1]
			print(gap, hex(gap[1]))
			num_ops, nums = solve_gready(coins, gap[1])
			print(num_ops, nums)
			print_results(candidates, nums)
			python_code += pg.add_payload(candidates, nums, stack_frame + gap[0])

	python_code += '# Accumulator register has a final value of: %d => 0x%08x' % (accumulator_value, accumulator_value)
	print(python_code)
Esempio n. 2
0
    try:
        f = open(args.filename, "rb")
    except Exception as ex:
        print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
        exit(1)

    candidates = get_numbers(f, section_names, change, exclude, use_segment,
                             no_null_bytes)
    f.close()

    if candidates != None:
        unique_values = set(candidates.values())
        #oper, results = solve_dp(list(unique_values), change)

        oper, results = solve_gready(list(unique_values), change)

        if oper != 0:
            print("Found a solution using %u operations: %s" % (oper, results))
        else:
            print("No solution was found. Exiting...", file=stderr)
            exit(2)
    else:
        print("Found no candidate numbers in elf file. Exiting...",
              file=stderr)
        exit(1)

    print_results(candidates, results, duplicates, print_zero)
    #print(generate_payload(candidates, results))
    exit(0)
Esempio n. 3
0
        #candidates = get_numbers(f, section_names, slice_gaps[0][1], use_segment=True, no_null_bytes=True)
        f.close()
        coins = list(set(candidates.values()))

        pg = PayloadGenerator()
        if prologue:
            python_code += pg.add_prologue()

        first = True
        for gap in slice_gaps:
            # Not elegant, but for first element, remove the initial value of accumulator register
            if first:
                first_gap = list(gap)
                accumulator_value += first_gap[1] - 1
                first_gap[1] = abs(cmp2(first_gap[1] - initial_reg_value))
                print(first_gap[1])
                gap = tuple(first_gap)
                first = False
            else:
                accumulator_value += gap[1]
            print(gap, hex(gap[1]))
            num_ops, nums = solve_gready(coins, gap[1])
            print(num_ops, nums)
            print_results(candidates, nums)
            python_code += pg.add_payload(candidates, nums,
                                          stack_frame + gap[0])

    python_code += '# Accumulator register has a final value of: %d => 0x%08x' % (
        accumulator_value, accumulator_value)
    print(python_code)
Esempio n. 4
0
		section_names = (".text", ".data")
	
	try:
		f = open(args.filename, "rb")
	except Exception as ex:
		print("Can't open file %s: %s" % (argv[1], ex), file=stderr)
		exit(1)

	candidates = get_numbers(f, section_names, change, exclude, use_segment, no_null_bytes)
	f.close()
	
	if candidates != None:
		unique_values = set(candidates.values())
		#oper, results = solve_dp(list(unique_values), change)

		oper, results = solve_gready(list(unique_values), change)

		if oper != 0:
			print("Found a solution using %u operations: %s" % (oper, results))
		else:
			print("No solution was found. Exiting...", file=stderr)
			exit(2)
	else:
		print("Found no candidate numbers in elf file. Exiting...", file=stderr)
		exit(1)

	print_results(candidates, results, duplicates, print_zero)
	#print(generate_payload(candidates, results))
	exit(0)