easy_re.py 1.64 KB
Newer Older
Christopher Roberts's avatar
Christopher Roberts committed
1 2 3 4 5 6
import argparse
parser = argparse.ArgumentParser(description="Quick Concolic Analysis")
parser.add_argument('-f', '--file', help='Binary File')
parser.add_argument('-s', '--start', help='Where to start analyzing from')
parser.add_argument('-e', '--end', help='Where to stop analyzing')
parser.add_argument('-a', '--args', help='Solve for a symbolic arg (optional)',default=False,action='store_true')
Christopher Roberts's avatar
Christopher Roberts committed
7 8 9
parser.add_argument('-x','--avoid',help='Where to avoid analysis, eg 0x12345678,0x12345678')

avoidList = []
Christopher Roberts's avatar
Christopher Roberts committed
10 11

args = parser.parse_args()
Christopher Roberts's avatar
Christopher Roberts committed
12 13 14 15

if args.avoid:
    avoidList = [int(x,16) for x in args.avoid.split(',')]

Christopher Roberts's avatar
Christopher Roberts committed
16 17 18
if args.file is None or args.file is '':
    print("[-] Missing file to analyze")
    exit(0)
Christopher Roberts's avatar
Christopher Roberts committed
19

Christopher Roberts's avatar
Christopher Roberts committed
20
#Load imports after displaying help to get a fast menu
Christopher Roberts's avatar
Christopher Roberts committed
21
import angr, claripy 
Christopher Roberts's avatar
Christopher Roberts committed
22 23 24 25 26 27 28
p = angr.Project(args.file,load_options={"auto_load_libs":False})
argv1 = claripy.BVS("argv1", 8 * 100) # Setting to 100 max chars for argument
state = None
if args.args:
    state = p.factory.path(args=[args.file,argv1])
else:
    state = p.factory.blank_state(addr=int(args.start,0))
Christopher Roberts's avatar
Christopher Roberts committed
29 30 31 32 33

print("[+] Analyzing {} from {} to {} avoiding {}".format(args.file,args.start,args.end,args.avoid))

pg = p.factory.simgr(state)
pg.explore(find=int(args.end,0),avoid=avoidList)
Christopher Roberts's avatar
Christopher Roberts committed
34 35 36 37 38 39 40 41 42 43
if len(pg.found):
    print("[+] Found path(s)")
    for path in pg.found:
        try:
            print("[+] STDIN: {}".format(path.state.posix.dumps(0)))
            print("[+] STDOUT: {}".format(path.state.posix.dumps(1)))
            if args.args:
                print("[+] argv1: {}".format(path.state.se.any_str(argv1)))
        except:
            print("[-] Error printing data. Found paths likely unsatisfiable")