def test_angr_backward_slice(request):
    file_name, func_addr = ReqParams.many(request, ['file_name', 'func_addr.hex'])
    file_path = os.path.join(MyPath.samples(), file_name)

    project = angr.Project(file_path, load_options={"auto_load_libs": False})

    cfg = project.analyses.CFGEmulated(keep_state=True, state_add_options=angr.sim_options.refs,
                                       context_sensitivity_level=2)

    cdg = project.analyses.CDG(cfg)

    ddg = project.analyses.DDG(cfg)

    target_node = cfg.get_any_node(func_addr)
    bs = project.analyses.BackwardSlice(cfg, cdg=cdg, ddg=ddg, targets=[(target_node, -1)])
    # bs.dbg_repr()

    node_has_type = False
    for node in bs.taint_graph.nodes():
        # param taint_type: Type of the taint, might be one of the following: 'reg', 'tmp', 'mem'.
        # print(node.stmt_idx)
        if hasattr(node, 'type'):
            print(node.type)
            node_has_type = True
        # if n.type == taint_type and n.addr == simrun_addr and n.stmt_id == stmt_idx:
        #     taint = n
    print('node type %s found' % ('' if node_has_type else 'not'))

    # VSA_DDG
    # vsa_ddg = project.analyses.VSA_DDG()
    return sys_app_ok()
def test_log_switch(request):
    log_configs = SystemConfig.get_cache_log_cfg()
    keys = log_configs.keys()
    for category in keys:
        LogRecords.save('test_log_switch: ' + category,
                        category=category,
                        action='test_log_switch')
    return sys_app_ok()
def test_angr_constraints(request):
    # state 的 constraints
    file_id, file_name, func_addr = ReqParams.many(request, ['file_id', 'file_name', 'func_addr.hex'])
    file_path = os.path.join(MyPath.samples(), file_name)

    project = angr.Project(file_path, load_options={"auto_load_libs": False})
    cfg = project.analyses.CFG()

    return sys_app_ok()
Пример #4
0
    def get_inverted_fw_data(self, index_con):
        index_con = InvertedIndex.str_to_hex(index_con)
        print(index_con)
        result = file_inverted_col.find({'index_con': {'$regex': index_con}})
        item_list = list(result)
        if item_list is None or len(item_list) == 0:
            return sys_app_ok()

        file_ids_str = ''
        for filePo in item_list:
            file_id = filePo.get('file_id')

            if file_ids_str.find(file_id) > -1:
                continue
            file_ids_str += file_id + ','

        file_ids = file_ids_str.split(',')

        results = []
        if len(file_ids) > 0:
            files_result = fw_files_col.find({
                'component': 1,
                'file_id': {
                    '$in': file_ids
                }
            })
            file_list = list(files_result)
            if file_list is None or len(file_list) == 0:
                return sys_app_err('ERROR_INVALID_PARAMETER')

            for file_info in file_list:
                file_info.pop('_id')
                pack_info = pack_files_col.find_one(
                    {'pack_id': file_info.get('pack_id')})
                if pack_info is not None:
                    pack_info.pop('_id')
                    file_info['pack_info'] = pack_info

            return sys_app_ok_p({'total': len(file_list), 'files': file_list})

        return sys_app_ok()
def test_angr_identifier(request):
    file_id, file_name, func_addr = ReqParams.many(request, ['file_id', 'file_name', 'func_addr.hex'])
    file_path = os.path.join(MyPath.samples(), file_name)

    project = angr.Project(file_path, load_options={"auto_load_libs": False})
    # p = angr.Project(os.path.join(bin_location, "tests", "i386", "identifiable"))
    idfer = project.analyses.Identifier(require_predecessors=False)
    seen = dict()
    for addr, symbol in idfer.run():
        seen[addr] = symbol

    return sys_app_ok()
def test_angr_plot_graph(request):
    file_id, file_name, func_addr = ReqParams.many(request, ['file_id', 'file_name', 'func_addr.hex'])
    if len(file_id) == 0:
        if len(file_name) == 0:
            return sys_app_err_p('INVALID_REQ_PARAM', 'file_id 或 file_name 必填其一')
        file_path = os.path.join(MyPath.samples(), file_name)
        project = angr.Project(file_path, load_options={'auto_load_libs': False})
        start_state = project.factory.blank_state(addr=func_addr)
        start_state.stack_push(0x0)
        with hook0(project):
            cfg = project.analyses.CFGEmulated(fail_fast=True, starts=[func_addr], initial_state=start_state,
                                         context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
        graph_file = os.path.join(MyPath.temporary(), StrUtils.uuid_str())
        plot_cfg(cfg, graph_file, asminst=True, vexinst=False, func_addr={func_addr: True},
                 debug_info=False, remove_imports=True, remove_path_terminator=True)
    else:
        func_parse = FunctionParse(file_id, func_addr)
        content = func_parse.cfg_graph()

    return sys_app_ok()
    def get_report_pdf(self, report_id, pack_id, pack_name, pdf_name):
        query_condition = {}

        if report_id is not None and len(report_id) > 0:
            query_condition['report_id'] = report_id
        if pack_id is not None and len(pack_id) > 0:
            query_condition['pack_id'] = pack_id
        if pack_name is not None and len(pack_name) > 0:
            query_condition['pack_name'] = {'$regex': pack_name}
        if pdf_name is not None and len(pdf_name) > 0:
            query_condition['pdf_name'] = {'$regex': pdf_name}

        result = report_record_col.find(query_condition).sort('_id', -1)
        item_list = list(result)

        if item_list is not None and len(item_list) > 0:

            for item in item_list:
                item.pop('_id')
            return sys_app_ok_p(item_list)
        return sys_app_ok()
Пример #8
0
    def get_inverted_data(self, index_con, file_id):
        if index_con is not None and len(index_con) > 0:
            index_con = InvertedIndex.str_to_hex(index_con)
            result = file_inverted_col.find({
                'index_con': {
                    '$regex': index_con
                }
            }).limit(100)
            item_list = list(result)
        elif file_id is not None and len(file_id) > 0:
            result = file_inverted_col.find({'file_id': file_id}).limit(100)
            item_list = list(result)
        else:
            return sys_app_err('ERROR_INVALID_PARAMETER')

        if item_list is None or len(item_list) == 0:
            return sys_app_ok()

        for item_info in item_list:
            item_info.pop("_id")
        return sys_app_ok_p({'total': len(item_list), 'items': item_list})
def test_modules(request):
    TestModulesService.test_verify_file_type_and_write_file()
    return sys_app_ok()
    def save(self, pack_id):

        title_name = '固件分析报告'

        result_pack = pack_files_col.find({'pack_id': pack_id})

        pack_list = list(result_pack)

        firmware_name = ''
        firmware_file_num = 0
        execute_file_num = 0
        fw_file_lists = ''

        firmware_md5 = ''
        firmware_size = ''

        if pack_list is not None and len(pack_list) > 0:
            pack_info = pack_list[0]
            firmware_name = pack_info.get('name')
            pack_id = pack_info.get('pack_id')
            pack_file_id = pack_info.get('file_id')

            result_files = fw_files_col.find({'pack_id': pack_id})
            fw_file_lists = list(result_files)
            if fw_file_lists is not None or len(fw_file_lists) > 0:
                firmware_file_num = len(fw_file_lists)

                for file_info in fw_file_lists:
                    fw_file_type = file_info.get('file_type')

                    if fw_file_type == 4:
                        execute_file_num += 1

            item = PackFilesStorage.fetch(pack_file_id)

            firmware_md5 = item.get('md5')
            length_b = item.get('length')
            length_kb = length_b / 1024
            length_mb = length_kb / 1024
            if length_kb < 1:
                firmware_size = str('%.2f' % length_b) + ' B'
            elif length_mb < 1:
                firmware_size = str('%.2f' % length_kb) + ' KB'
            else:
                firmware_size = str('%.2f' % length_mb) + ' MB'
        else:
            return sys_app_err('ERROR_INVALID_PARAMETER')

        # firmware_inst = 'MIPS'
        # firmware_decomp_size = '7.2M'

        content = list()

        report_time = SysUtils.get_now_time_str()

        self.draw_con(content, title_name,
                      self.text_type(20, 30, colors.black, 1))
        self.draw_con(content, '报告生成时间:' + report_time,
                      self.text_type(11, 20, colors.black, 2))
        content.append(Spacer(300, 20))  # 添加空白,长度300,宽20

        # 1 固件分析综述
        self.summary_info(content, firmware_name, firmware_md5, firmware_size,
                          pack_id, firmware_file_num, execute_file_num)

        ct = self.text_type(10, 15, colors.black, 1)
        # 设置自动换行
        ct.wordWrap = 'CJK'

        # 2 组件关联的漏洞
        self.relation_loophole(content, fw_file_lists, firmware_name, ct)

        # 3 可执行文件详情
        self.fw_file_table(content, fw_file_lists, ct)

        # 4 特征码
        self.file_inverted_table(content, fw_file_lists, ct)

        self.draw_con(content, '报告结束', self.text_type(11, 20, colors.black, 1))

        time_stamp = SysUtils.parse_time_stamp_str()
        inde = firmware_name.index('.')

        if inde > -1:
            firmware_name = firmware_name[0:inde]

        pdf_name = firmware_name + title_name + time_stamp + '.pdf'

        path = './firmware_analyze_serv_report/'

        if not os.path.exists(path):
            os.mkdir(path)

        pdf_path = path + pdf_name
        # 生成pdf文件
        doc = SimpleDocTemplate(pdf_path, pagesize=letter)
        doc.build(content)

        report_id = StrUtils.uuid_str()
        report_record_info = {
            'report_id': report_id,
            'pack_id': pack_id,
            'pack_name': firmware_name,
            'pdf_path': pdf_path,
            'pdf_name': pdf_name,
            'create_time': report_time
        }

        report_record_col.save(report_record_info)

        return sys_app_ok()
Пример #11
0
    def inverted(self, file_id):

        file_result = fw_files_col.find({'file_id': file_id})
        file_list = list(file_result)

        if file_list is None or len(file_list) == 0:
            return sys_app_err('ERROR_INVALID_PARAMETER')

        filePo = file_list[0]
        file_path = filePo.get('file_path')

        # file_path = 'E:/samples/argv_test'
        # file_path = 'E:/samples/py_code.txt'

        dict1 = {}
        dict2 = {}
        sentences = InvertedIndex.read_file(self, file_path)

        sentencesLen = len(sentences)

        for i in range(sentencesLen):
            sentence = sentences[i]
            for word in sentence:
                if word == '':
                    continue
                if word.lower() not in dict1:
                    dict1[word.lower()] = set()  # new word
                    dict2[word.lower()] = 1
                else:
                    dict2[word.lower()] += 1
                dict1[word.lower()].add(i + 1)  # update for dictionary

        answer_list = sorted(dict2.items(), key=lambda d: d[1],
                             reverse=True)  # Sort by wordcount of dictionary.
        answer_sort_ascll = sorted(answer_list, key=lambda x: x[0])

        for word in answer_sort_ascll:
            word0 = InvertedIndex.str_to_hex(word[0]).replace('/x0', '')
            sort_dotid = sorted(dict1[word[0]])

            position = ''
            for i in range(len(sort_dotid)):
                position += str(sort_dotid[i])
                if i != (len(sort_dotid) - 1):
                    position += ','

            index_con = word0
            index_con_str = InvertedIndex.hex_to_str(word0)
            appear_total = word[1]

            vulner_info = {
                'file_id': file_id,
                'file_path': file_path,
                'index_con': index_con,
                'appear_total': appear_total,
                'position': position
            }

            result = file_inverted_col.find({
                'file_id': file_id,
                'index_con': index_con,
                'appear_total': appear_total
            })
            item_list = list(result)

            if (item_list is None or len(item_list)
                    == 0) and len(index_con) > 0 and len(index_con_str) > 10:
                file_inverted_col.save(vulner_info)

        # 对组件列表增加建立 inverted 完成标志
        FwFileDO.set_inverted(file_id)

        return sys_app_ok()