Skip to content

moshekaplan/angr_tutorial

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

angr_tutorial

The goal is to demonstrate angr's usage through a series of examples

  1. Running angr
  2. https://github.com/angr/angr-doc/blob/master/examples/CSCI-4968-MBE/challenges/crackme0x00a/solve.py
  3. https://github.com/angr/angr-doc/blob/master/examples/CSCI-4968-MBE/challenges/crackme0x04/solve.py ( and see https://github.com/angr/angr-doc/blob/2d45c9e6d9f91e83988719aa19940aec2cfd8747/docs/analyses/cfg_accurate.md#function-manager )
  4. Symbolizing cmd-line arguments
  5. See args
  6. fairlight
  7. Symbolizing a single integer
  8. See magic_number's symbolize_int()
  9. Symbolizing a single string
  10. See bomb32/phase1
  11. Symbolizing function arguments
  12. Via modifying the stack contents directly 1. See bomb32/phase2 2. See https://github.com/angr/angr-doc/blob/master/examples/flareon2015_2/solve.py
  13. Via stack_push(symbol) 1. See magic_number's symbolize_stack_param()
  14. Symbolizing user input
  15. read() (?? https://github.com/angr/angr-doc/blob/master/examples/fauxware/fauxware.c ??)
  16. scanf() (?? https://github.com/angr/angr-doc/blob/master/examples/defcon2016quals_baby-re_1/solve.py ??)
  17. gets()
  18. https://github.com/angr/angr-doc/blob/master/examples/csaw_wyvern/solve.py
  19. Using success conditions not based on reaching an address
  20. Based on a specific register or memory values
  21. Based on user output (??? state.posix.dumps(1) ?? )
  22. Finding multiple solutions
  23. https://github.com/angr/angr-doc/blob/master/examples/cmu_binary_bomb/solve.py#L85
  24. Symbolizing files (?? https://docs.angr.io/docs/toplevel.html ??)
  25. https://github.com/angr/angr-doc/blob/master/examples/asisctffinals2015_license/solve.py
  26. Using state constraints
  27. https://github.com/angr/angr-doc/blob/master/examples/google2016_unbreakable_0/solve.py
  28. https://github.com/angr/angr-doc/blob/master/examples/google2016_unbreakable_1/solve.py
  29. https://github.com/angr/angr-doc/blob/master/examples/asisctffinals2015_fake/solve.py
  30. https://github.com/angr/angr-doc/blob/master/examples/whitehatvn2015_re400/solve.py
  31. Using callables
  32. https://github.com/angr/angr-doc/blob/master/docs/structured_data.md#callables
  33. https://github.com/angr/angr-doc/blob/master/examples/mma_howtouse/solve.py
  34. Using hooks
  35. https://github.com/angr/angr-doc/blob/master/examples/ekopartyctf2015_rev100/solve.py
  36. https://github.com/angr/angr-doc/blob/master/examples/layer7_onlyone/solve.py
  37. Finding exploitable conditions
  38. strcpy 1. https://github.com/angr/angr-doc/blob/master/examples/strcpy_find/solve.py

About

Some samples from playing with angr

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published