Giter VIP home page Giter VIP logo

deflat's Introduction

deflat

Cause angr & BARF have refactor some API . Update the python scripts in the following artical :

(腾讯安全应急响应中心 Tencent Security Response Center) 博客 利用符号执行去除控制流平坦化

requirements

usage

  • Open your terminal and install virtualenvwrapper
  • Issue mkvirtualenv angrenv to create a virtualenv
  • In the virtualenv you created above, install angr & BARF
  • Issue python deflat.py check_passwd_flat 0x400530 in your script's directory

Note the address (of function check_password) 0x400530 is copied from IDA/Hopper. Following is the output:

(angrenv) MacBookPro$ python deflat.py check_passwd_flat 0x400530

*******************relevant blocks************************
prologue:0x400530
main_dispatcher:0x400554
pre_dispatcher:0x40099b
retn:0x40098f
relevant_blocks: ['0x4007ec', '0x40080d', '0x400819', '0x400837', '0x40084e', '0x40086a', '0x400886', '0x4008a9', '0x4008cc', '0x4008ee', '0x40091b', '0x40092e', '0x40094f', '0x40095b', '0x40097c']
*******************symbolic execution*********************
-------------------dse 0x4007ec---------------------
-------------------dse 0x40080d---------------------
-------------------dse 0x400819---------------------
-------------------dse 0x400837---------------------
-------------------dse 0x40084e---------------------
-------------------dse 0x40086a---------------------
-------------------dse 0x400886---------------------
-------------------dse 0x4008a9---------------------
-------------------dse 0x4008cc---------------------
-------------------dse 0x4008ee---------------------
-------------------dse 0x40091b---------------------
-------------------dse 0x40092e---------------------
-------------------dse 0x40094f---------------------
-------------------dse 0x40095b---------------------
-------------------dse 0x40097c---------------------
-------------------dse 0x400530---------------------
************************flow******************************
0x40095b: ['0x40097cL']
0x400886: ['0x4008a9L', '0x40094fL']
0x40098f: []
0x4008a9: ['0x4008ccL', '0x40094fL']
0x40086a: ['0x400886L', '0x40094fL']
0x4007ec: ['0x400819L', '0x40080dL']
0x40080d: ['0x40084eL']
0x40084e: ['0x40086aL', '0x40095bL']
0x40094f: ['0x40097cL']
0x400530: ['0x4007ecL']
0x40092e: ['0x40094fL']
0x4008cc: ['0x4008eeL', '0x40094fL']
0x4008ee: ['0x40091bL', '0x40092eL']
0x400837: ['0x4007ecL']
0x400819: ['0x400837L']
0x40091b: ['0x40098fL']
0x40097c: ['0x40098fL']
************************patch*****************************
Successful! The recovered file: check_passwd_flat.recovered

(angrenv) MacBookPro$

deflat's People

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.