def main(self):
self.clients = [LightClient(), MotorClient(), MFCClient()]
self.replayer = Replayer(self.shutdown)
self.replay_binder = threading.Thread(target=self.replayer.bind)
self.replay_binder.start()
self.connect_source()
self.replay_binder.join()
self.bind()
self.clients_binder = threading.Thread(target=self.bind_clients)
self.clients_binder.start()
[client.connect() for client in self.clients]
self.clients_binder.join()
self.replay_thread = threading.Thread(target=self.replayer.replay)
self.replay_thread.start()
self.reader_thread = threading.Thread(target=self.read_from_source)
self.reader_thread.start()
self.client_threads = [
threading.Thread(target=client.run) for client in self.clients
]
[thread.start() for thread in self.client_threads]
self.writer_thread = threading.Thread(target=self.write_to_destination)
self.writer_thread.start()
input()
self.activate_shutdown('soft')
[thread.join() for thread in self.client_threads]
self.activate_shutdown('hard')
self.reader_thread.join()
self.writer_thread.join()
self.replay_thread.join()
print('Done... Shutting Down')
import sys
sys.path.append("../../source")
from replayer import Replayer
# import angr.storage.memory_mixins.clouseau_mixin
import os
from util.info_print import *
#os.system("../../set-aslr.sh off")
rr = Replayer("./ffmpeg_g_normal", "./syscalls.record", "./maps", new_syscall=True)
# def _hook_tcache_init(state):
# print("in socket")
#
#
# rr.hook_symbol("tcache_init", _hook_tcache_init())
# rr.hook_symbol("_int_malloc")
# rr.enable_analysis(["heap_analysis"])
# now: socket
# now: connect
# Found exploited state: execve('/bin/sh', [], ...)
# Replay finished.
# time cost: 860.9132940769196 s
# over
# now: socket
import sys
sys.path.append("../../source")
from replayer import Replayer
rr = Replayer("./level5",
"./syscalls.record",
"./maps",
"2.23",
new_syscall=True)
rr.enable_analysis([
"heap_analysis", "shellcode_analysis", "leak_analysis", "got_analysis",
"call_analysis"
])
rr.do_analysis()
rr.generate_report()
from replayer import Replayer
# import angr.storage.memory_mixins.clouseau_mixin
import os
from util.info_print import *
# os.system("../../set-aslr.sh off")
rr = Replayer("./ffmpeg", "./syscalls.record", "./maps.803108", new_syscall=True)
# def _hook_tcache_init(state):
# print("in socket")
#
#
# rr.hook_symbol("tcache_init", _hook_tcache_init())
# rr.hook_symbol("_int_malloc")
# rr.enable_analysis(["heap_analysis"])
# now: socket
# now: connect
# Found exploited state: execve('/bin/sh', [], ...)
# Replay finished.
# time cost: 860.9132940769196 s
# over
# now: socket
# now: connect
# Found exploited state: execve('/bin/sh', [], ...)
import sys
sys.path.append("../../../source")
from replayer import Replayer
import angr
from claripy.ast.bv import BV
import claripy
import os
from util.info_print import stack_backtrace, printable_backtrace, printable_memory
# os.system("../../set-aslr.sh off")
rr = Replayer("./easy_heap",
"./output.txt",
"./maps",
"2.27",
new_syscall=True)
# rr.do_track()
# a = claripy.BVV(0x603040, 64)
# b = claripy.BVV(0x603020, 64)
# print(a > b)
# rr.do_track()
# rr = Replayer("./ptrace/mutil/thread_tests/thread", "./ptrace/mutil/thread_tests/stdin.txt", "./ptrace/mutil/thread_tests/maps.76058", test=True)
from parse_helpers import *
# dumps = parse_dumps(rr, "./maps.19158.dump")
# s = rr.get_entry_state()
from replayer import Replayer
import angr
from claripy.ast.bv import BV
import claripy
import os
from util.info_print import stack_backtrace, printable_backtrace, printable_memory
# os.system("../../set-aslr.sh off")
rr = Replayer("./easy_heap",
"./output.txt",
"./maps.249119",
"2.27",
new_syscall=True)
# rr.do_track()
# a = claripy.BVV(0x603040, 64)
# b = claripy.BVV(0x603020, 64)
# print(a > b)
# rr.do_track()
# rr = Replayer("./ptrace/mutil/thread_tests/thread", "./ptrace/mutil/thread_tests/stdin.txt", "./ptrace/mutil/thread_tests/maps.76058", test=True)
from parse_helpers import *
# dumps = parse_dumps(rr, "./maps.19158.dump")
# s = rr.get_entry_state()
def bp_overflow():
def write_bp(state):
from replayer import Replayer
import os
from util.info_print import stack_backtrace, printable_backtrace, printable_memory
# os.system("../../set-aslr.sh off")
rr = Replayer("./server", "./output.txt", "./maps.128811", new_syscall=True)
# rr = Replayer("./ptrace/mutil/thread_tests/thread", "./ptrace/mutil/thread_tests/stdin.txt", "./ptrace/mutil/thread_tests/maps.76058", test=True)
from parse_helpers import *
# dumps = parse_dumps(rr, "./maps.19158.dump")
# s = rr.get_entry_state()
simgr = rr.get_simgr()
simgr.run()
# while(True):
# simgr.step()
# if simgr.active[0].addr == 0x60307b:q
# print(printable_memory(simgr.active[0], 0x603040, 0x20))
# print("===================")
# if simgr.active[0].addr == 0x60307b:
# print(printable_memory(simgr.active[0], 0x603070, 0x20))
# print("===================")
# if simgr.active[0].addr == 0x60362a:
# break
# if len(simgr.active) == 0:
# break
from replayer import Replayer
rr = Replayer("./ptrace/stdin/tests/test",
"./ptrace/stdin/tests/stdin.txt",
"./ptrace/stdin/tests/maps.88499",
test=True)
from parse_helpers import *
dumps = parse_dumps(rr, "./ptrace/stdin/tests/maps.88499.dump")
s = rr.get_entry_state()
simgr = rr.get_simgr()
simgr.run()
import sys
sys.path.append("../../source")
from replayer import Replayer
rr = Replayer("./wget", "./syscalls.record", "./maps", new_syscall=True)
rr.enable_analysis(["call_analysis", "heap_analysis", "shellcode_analysis"])
rr.do_analysis()
rr.generate_report()