def generate_false_constraint(path_constraint):
false_constraint = None
if path_constraint.is_and() or path_constraint.is_or():
prefix = None
while path_constraint.is_and() or path_constraint.is_or():
constraint = path_constraint.arg(1)
constraint_str = str(constraint.serialize())
if "angelic!bool" in constraint_str:
model = generate_model(constraint)
for var_name, byte_list in model:
if "angelic!bool" in var_name:
value = utilities.get_signed_value(byte_list)
if value != 0:
constraint = Not(constraint)
if false_constraint:
if path_constraint.is_and():
false_constraint = And(false_constraint, constraint)
elif path_constraint.is_or():
false_constraint = Or(false_constraint, constraint)
else:
false_constraint = constraint
prefix = path_constraint.arg(0)
if prefix.is_and() or prefix.is_or():
path_constraint = prefix
else:
prefix_str = str(prefix.serialize())
if "angelic!bool" in prefix_str:
model = generate_model(prefix)
for var_name, byte_list in model:
if "angelic!bool" in var_name:
value = utilities.get_signed_value(byte_list)
if value != 0:
prefix = Not(prefix)
if path_constraint.is_and():
false_constraint = And(false_constraint, prefix)
elif path_constraint.is_or():
false_constraint = Or(false_constraint, prefix)
else:
model = generate_model(path_constraint)
for var_name in model:
byte_list = model[var_name]
if "angelic!bool" in var_name:
value = utilities.get_signed_value(byte_list)
if value != 0:
false_constraint = Not(path_constraint)
else:
false_constraint = path_constraint
return false_constraint
def extract_input_list(model):
input_list = dict()
for var_name in model:
if "rvalue!" in str(var_name) and "_" not in str(var_name):
byte_list = model[var_name]
input_list[str(var_name)] = utilities.get_signed_value(byte_list)
is_multi_dimension = False
if len(input_list) > 1:
is_multi_dimension = True
return input_list, is_multi_dimension
def extract_parameter_list(model):
parameter_list = dict()
for var_name in model:
if "const_" in str(var_name):
byte_list = model[var_name]
parameter_list[str(var_name)] = utilities.get_signed_value(
byte_list)
is_multi_dimension = False
if len(parameter_list) > 1:
is_multi_dimension = True
return parameter_list, is_multi_dimension
def generate_constant_value_list(sym_path):
gen_const_list = dict()
gen_var_list = dict()
const_val_list = dict()
model = generate_model(sym_path)
if model is None:
return None
for var_name in model:
var_byte_list = model[var_name]
if "const" in var_name:
gen_const_list[var_name] = var_byte_list
else:
gen_var_list[var_name] = var_byte_list
for const_name in gen_const_list:
bit_vector = gen_const_list[const_name]
const_value = utilities.get_signed_value(bit_vector)
print(const_name, const_value)
const_val_list[const_name] = const_value
emitter.data("Generated Constant List", const_val_list)
return const_val_list
def generate_new_input(sym_path, argument_list=None, poc_path=None, gen_path=None):
gen_arg_list = dict()
gen_var_list = dict()
input_var_list = list()
input_arg_dict = dict()
input_arg_list = list()
model = generate_model(sym_path)
if model is None:
return None, None
for var_name in model:
var_byte_list = model[var_name]
if "arg" in var_name:
gen_arg_list[var_name] = var_byte_list
else:
gen_var_list[var_name] = var_byte_list
mask_list = values.CONF_MASK_ARG
mask_map = dict()
if values.CONF_MASK_ARG:
min_val = 0
new_idx = 0
max_val = len(argument_list)
for idx in range(min_val, max_val):
if str(idx) not in mask_list:
mask_map[new_idx] = idx
new_idx = new_idx + 1
for arg_name in gen_arg_list:
bit_vector = gen_arg_list[arg_name]
arg_index = int(str(arg_name).replace("arg", ""))
arg_str = utilities.get_str_value(bit_vector)
arg_value = utilities.get_signed_value(bit_vector) - 48
arg_index_orig = arg_index
if values.CONF_MASK_ARG:
arg_index_orig = mask_map[arg_index_orig]
# print(arg_name, arg_index, arg_value)
if str(argument_list[arg_index_orig]).isnumeric() or \
(not str(argument_list[arg_index_orig]).isalpha() and any(op in str(argument_list[arg_index_orig]) for op in ["+", "-", "/", "*"])):
input_arg_dict[arg_index] = str(arg_value)
# emitter.debug(arg_name, arg_value)
else:
arg_str_filtered = str(arg_str).replace("<", "a").replace("&", "s").replace(">", "a").replace("'", "a")
input_arg_dict[arg_index] = arg_str_filtered
# emitter.debug(arg_name, arg_str)
# fill random values if not generated
offset = 0
for arg in argument_list:
index = list(argument_list).index(arg) - offset
if "$POC" in arg:
input_arg_list.append(str(argument_list[index]))
offset = 1
elif str(index) in values.CONF_MASK_ARG:
input_arg_list.append(arg)
elif index in input_arg_dict:
input_arg_list.append(input_arg_dict[index])
else:
arg_len = len(str(argument_list[index]))
random_value = ""
for j in range(0, arg_len):
random_value += chr(random.randint(32, 128))
input_arg_list.append(random_value)
for var_name in gen_var_list:
bit_vector = gen_var_list[var_name]
var_value = 0
var_size = len(bit_vector)
if var_name in ["A-data", "A-data-stat"]:
if var_name == "A-data":
generate_binary_file(bit_vector, poc_path, gen_path)
continue
if bit_vector:
var_value = utilities.get_signed_value(bit_vector)
# emitter.debug(var_name, var_value)
if "angelic" in var_name:
input_var_list.append({"identifier": var_name, "value": var_value, "size": 4})
# input_var_list.append({"identifier": var_name, "value": var_value, "size": 4})
# for var_tuple in second_var_list:
# var_name = var_tuple['identifier']
# if var_name not in gen_var_list:
# emitter.warning("\t[warning] variable " + var_name + " assigned random value")
# var_size = var_tuple['size']
# var_value = 0
# for i in range(1, var_size):
# var_value += ((2 << 7) << (int(i) - 1)) * random.randint(0, 255)
# input_var_list.append({"identifier": var_name, "value": var_value, "size": var_size})
emitter.data("Generated Arg List", input_arg_list)
emitter.data("Generated Var List", input_var_list)
return input_arg_list, input_var_list