def chain(self, *args):
if len(args) % 2 <> 0:
args = args + ((),)
args = pwn.group(2, args)
for f, a in args:
self.call(f, a)
return self
def all_crcs():
"""Generates a dictionary of all the known CRC formats from:
http://reveng.sourceforge.net/crc-catalogue/all.htm"""
import os, re
data = pwn.read(os.path.join(pwn.installpath, 'data', 'crcsums'))
out = {}
def fixup(s):
if s == 'true':
return True
elif s == 'false':
return False
elif s.startswith('"'):
assert re.match('"[^"]+"', s)
return s[1:-1]
elif s.startswith('0x'):
assert re.match('0x[0-9a-fA-F]+', s)
return int(s[2:], 16)
else:
assert re.match('[0-9]+', s)
return int(s, 10)
data = [l for l in data.strip().split('\n') if l and l[0] != '#']
assert len(data) % 2 == 0
for ref, l in pwn.group(2, data):
cur = {}
cur['link'] = 'http://reveng.sourceforge.net/crc-catalogue/all.htm#' + ref
for key in ['width', 'poly', 'init', 'refin', 'refout', 'xorout', 'check', 'name']:
cur[key] = fixup(re.findall('%s=(\S+)' % key, l)[0])
cur['impl'] = make_crc(cur['name'], cur['poly'], cur['width'], cur['init'], cur['refin'], cur['refout'], cur['xorout'], 'See also: ' + cur['link'])
assert cur['impl']('123456789') == cur['check']
assert cur['name'] not in out
out[cur['name']] = cur
return out
def chain(self, *args):
if len(args) % 2 <> 0:
args = args + ((), )
args = pwn.group(2, args)
for f, a in args:
self.call(f, a)
return self
def fmtstring(towrite,
buf_offset,
writesize=1,
pre_written=0,
use_posix_extension=True):
out = ''
if not (1 <= writesize <= 4):
pwn.die('fmtstring: writesize has to be between 1-4')
if not isinstance(towrite, dict):
pwn.die('fmtstring: towrite has to be {address,data}')
for address in towrite.keys():
data = towrite[address]
out += pwn.flat(address + n * writesize for n in range(len(data)))
if '%' in out:
pwn.die('I do not know how to handle addresses with "%" in them')
if '\x00' in out:
pwn.die(
'I do not know how to handle addresses with null characters in them'
)
bytes_written = len(out) + pre_written
for data in towrite.values():
bufsize = len(data)
data = [pwn.uint(dat) for dat in pwn.group(writesize, data)]
for n, dat in enumerate(data):
bufpos = writesize * n
bufleft = bufsize - bufpos
mod_value = 0x100**min(bufleft, writesize)
cur_num_bytes = (dat - bytes_written) % mod_value
cur_num_bytes = (cur_num_bytes + mod_value) % mod_value
bytes_written += cur_num_bytes
if cur_num_bytes == 0:
pass
if cur_num_bytes == 1:
out += '%c'
elif cur_num_bytes > 1:
out += '%' + str(cur_num_bytes) + 'c'
out += '%' + str(buf_offset + n) + '$'
if use_posix_extension:
if bufleft == 1:
out += 'hh'
elif bufleft == 2:
out += 'h'
out += 'n'
return out
def setKeys(self, *subkeys):
subkeys = list(subkeys)
if len(subkeys) == 1:
key = subkeys[0]
if isinstance(key, str):
key = _tobits(key)
subkeys = pwn.group(key, self.blocksize)
for i in range(len(subkeys)):
if isinstance(subkeys[i], str):
subkeys[i] = _tobits(subkeys[i])
if len(subkeys[i]) <> self.blocksize:
raise ValueError("Wrong subkey size")
for kmix, k in zip(self.klayers, subkeys):
kmix.subkey = k
def setKeys(self, *subkeys):
subkeys = list(subkeys)
if len(subkeys) == 1:
key = subkeys[0]
if isinstance(key, str):
key = _tobits(key)
subkeys = pwn.group(key, self.blocksize)
for i in range(len(subkeys)):
if isinstance(subkeys[i], str):
subkeys[i] = _tobits(subkeys[i])
if len(subkeys[i]) <> self.blocksize:
raise ValueError('Wrong subkey size')
for kmix, k in zip(self.klayers, subkeys):
kmix.subkey = k
def fmtstring(towrite, buf_offset, writesize = 1, pre_written = 0, use_posix_extension = True):
out = ''
if not (1 <= writesize <= 4):
pwn.die('fmtstring: writesize has to be between 1-4')
if not isinstance(towrite,dict):
pwn.die('fmtstring: towrite has to be {address,data}')
for address in towrite.keys():
data = towrite[address]
out += pwn.flat(address + n * writesize for n in range(len(data)))
if '%' in out:
pwn.die('I do not know how to handle addresses with "%" in them')
if '\x00' in out:
pwn.die('I do not know how to handle addresses with null characters in them')
bytes_written = len(out) + pre_written
for data in towrite.values():
bufsize = len(data)
data = [pwn.uint(dat) for dat in pwn.group(writesize, data)]
for n, dat in enumerate(data):
bufpos = writesize*n
bufleft = bufsize - bufpos
mod_value = 0x100 ** min(bufleft, writesize)
cur_num_bytes = (dat - bytes_written) % mod_value
cur_num_bytes = (cur_num_bytes + mod_value) % mod_value
bytes_written += cur_num_bytes
if cur_num_bytes == 0:
pass
if cur_num_bytes == 1:
out += '%c'
elif cur_num_bytes > 1:
out += '%' + str(cur_num_bytes) + 'c'
out += '%' + str(buf_offset+n) + '$'
if use_posix_extension:
if bufleft == 1:
out += 'hh'
elif bufleft == 2:
out += 'h'
out += 'n'
return out
def all_crcs():
"""Generates a dictionary of all the known CRC formats from:
http://reveng.sourceforge.net/crc-catalogue/all.htm"""
import os, re
data = pwn.read(os.path.join(pwn.installpath, 'data', 'crcsums'))
out = {}
def fixup(s):
if s == 'true':
return True
elif s == 'false':
return False
elif s.startswith('"'):
assert re.match('"[^"]+"', s)
return s[1:-1]
elif s.startswith('0x'):
assert re.match('0x[0-9a-fA-F]+', s)
return int(s[2:], 16)
else:
assert re.match('[0-9]+', s)
return int(s, 10)
data = [l for l in data.strip().split('\n') if l and l[0] != '#']
assert len(data) % 2 == 0
for ref, l in pwn.group(2, data):
cur = {}
cur['link'] = 'http://reveng.sourceforge.net/crc-catalogue/all.htm#' + ref
for key in [
'width', 'poly', 'init', 'refin', 'refout', 'xorout', 'check',
'name'
]:
cur[key] = fixup(re.findall('%s=(\S+)' % key, l)[0])
cur['impl'] = make_crc(cur['name'], cur['poly'], cur['width'],
cur['init'], cur['refin'], cur['refout'],
cur['xorout'], 'See also: ' + cur['link'])
assert cur['impl']('123456789') == cur['check']
assert cur['name'] not in out
out[cur['name']] = cur
return out