def run_test(self, filename, patches, set_oep=None, inputvalue=None, expected_output=None, expected_returnCode=None, try_without_cfg=True): filepath = os.path.join(self.bin_location, filename) pipe = subprocess.PIPE with patcherex.utils.tempdir() as td: tmp_file = os.path.join(td, "patched") backend = DetourBackend(filepath, try_without_cfg=try_without_cfg) backend.apply_patches(patches) if set_oep: backend.set_oep(backend.name_map[set_oep]) backend.save(tmp_file) p = subprocess.Popen([ self.qemu_location, "-L", "/usr/mips64-linux-gnuabi64", tmp_file ], stdin=pipe, stdout=pipe, stderr=pipe) res = p.communicate(inputvalue) if expected_output: self.assertEqual(res[0], expected_output) if expected_returnCode: self.assertEqual(p.returncode, expected_returnCode) return backend
def generate_medium_detour_binary(self, test_bin=True): try: nr = NetworkRules() backend = DetourBackend(self.infile) patches = [] patches.extend(IndirectCFI(self.infile, backend).get_patches()) patches.extend( TransmitProtection(self.infile, backend).get_patches()) patches.extend(ShiftStack(self.infile, backend).get_patches()) patches.extend(Adversarial(self.infile, backend).get_patches()) patches.extend(Backdoor(self.infile, backend).get_patches()) # patches.extend(NxStack(self.infile,backend).get_patches()) patches.extend( MallocExtPatcher(self.infile, backend).get_patches()) patches.extend( StackRetEncryption(self.infile, backend).get_patches()) patches.extend( UninitializedPatcher(self.infile, backend).get_patches()) patches.extend( NoFlagPrintfPatcher(self.infile, backend).get_patches()) backend.apply_patches(patches) final_content = backend.get_final_content() if test_bin: test_bin_with_qemu(self.infile, final_content) res = (final_content, "") except PatcherexError, e: traceback.print_exc(e) res = (None, None)
def test_conflicting_symbols(self): filepath = os.path.join(self.bin_location, "printf_nopie") patches = [] backend = DetourBackend(filepath) patches.append(AddRODataPatch(b"0123456789abcdef", "aaa")) patches.append(AddRODataPatch(b"\n", "aaa")) exc = False try: backend.apply_patches(patches) except ValueError: exc = True self.assertTrue(exc) patches = [] backend = DetourBackend(filepath) patches.append(AddRODataPatch(b"0123456789abcdef", "aaa")) added_code = ''' nop ''' patches.append(AddCodePatch(added_code, "aaa")) exc = False try: backend.apply_patches(patches) except ValueError: exc = True self.assertTrue(exc)
def run_test(self, file, patches, set_oep=None, inputs=None, expected_output=None, expected_returnCode=None): filepath = os.path.join(self.bin_location, file) pipe = subprocess.PIPE with patcherex.utils.tempdir() as td: tmp_file = os.path.join(td, "patched") backend = DetourBackend(filepath) backend.apply_patches(patches) if set_oep: backend.set_oep(backend.name_map[set_oep]) backend.save(tmp_file) p = subprocess.Popen([tmp_file], stdin=pipe, stdout=pipe, stderr=pipe) res = p.communicate(inputs) if expected_output: self.assertEqual(res[0], expected_output) if expected_returnCode: self.assertEqual(p.returncode, expected_returnCode) return backend
def generate_fidget_bitflip_binary(self): nr = NetworkRules() midfile = self.infile + '.fidget' + str(random.randrange(0, 1000)) fidget_it(self.infile, midfile) backend = DetourBackend(midfile) cp = Bitflip(midfile, backend) patches1 = cp.get_patches() backend.apply_patches(patches1) return (backend.get_final_content(), nr.get_bitflip_rule())
def execute(self, patches, binary, output_expected=None): with patcherex.utils.tempdir() as td: tmp_file = os.path.join(td, "patched") #backend operations backend = DetourBackend(self.binary_path + binary) backend.apply_patches(patches) backend.save(tmp_file) #run the patched binary pipe = subprocess.PIPE p = subprocess.Popen([tmp_file], stdin=pipe, stdout=pipe, stderr=pipe) res = p.communicate() #check the results self.assertEqual(res[0], output_expected)
def generate_medium_lief_detour_binary(self, test_bin=True): try: backend = DetourBackend(self.infile) patches = [] patches.extend( StackRetEncryption(self.infile, backend).get_patches()) backend.apply_patches(patches) final_content = backend.get_final_content() if test_bin: test_bin_with_qemu(self.infile, final_content) res = (final_content, "") except PatcherexError, e: traceback.print_exc(e) res = (None, None)
typedef = ''' typedef unsigned short uint16_t; typedef unsigned char uint8_t; ''' transmit_code = ''' void rx_brake_routine( uint8_t buff[], void *bumper ){ uint16_t speed_value; uint8_t brake_switch; speed_value = (buff[3] << 8) + buff[2]; brake_switch = (buff[4] & 0b00001100) >> 2; ((uint8_t*)bumper)[5] = (brake_switch) ? 1 : 0; if ( ((uint8_t*)bumper)[5] ) { if ((speed_value > 0) && ( !((uint8_t*)bumper)[4]) ){ ((uint8_t*)bumper)[6] = 1; } } else { ((uint8_t*)bumper)[6] = 0; ((uint8_t*)bumper)[4] = 0; } } ''' transmit_code = typedef + transmit_code.replace("\n", " ") patches.append(ReplaceFunctionPatch(0x400cc4, 0x84, transmit_code)) backend.apply_patches(patches) backend.save(args.patched)