The goal is to demonstrate angr's usage through a series of examples
- Running angr
- https://github.com/angr/angr-doc/blob/master/examples/CSCI-4968-MBE/challenges/crackme0x00a/solve.py
- https://github.com/angr/angr-doc/blob/master/examples/CSCI-4968-MBE/challenges/crackme0x04/solve.py ( and see https://github.com/angr/angr-doc/blob/2d45c9e6d9f91e83988719aa19940aec2cfd8747/docs/analyses/cfg_accurate.md#function-manager )
- Symbolizing cmd-line arguments
- See
args
- fairlight
- Symbolizing a single integer
- See
magic_number
'ssymbolize_int()
- Symbolizing a single string
- See
bomb32/phase1
- Symbolizing function arguments
- Via modifying the stack contents directly
1. See
bomb32/phase2
2. See https://github.com/angr/angr-doc/blob/master/examples/flareon2015_2/solve.py - Via
stack_push(symbol)
1. Seemagic_number
'ssymbolize_stack_param()
- Symbolizing user input
- read() (?? https://github.com/angr/angr-doc/blob/master/examples/fauxware/fauxware.c ??)
- scanf() (?? https://github.com/angr/angr-doc/blob/master/examples/defcon2016quals_baby-re_1/solve.py ??)
- gets()
- https://github.com/angr/angr-doc/blob/master/examples/csaw_wyvern/solve.py
- Using success conditions not based on reaching an address
- Based on a specific register or memory values
- Based on user output (??? state.posix.dumps(1) ?? )
- Finding multiple solutions
- https://github.com/angr/angr-doc/blob/master/examples/cmu_binary_bomb/solve.py#L85
- Symbolizing files (?? https://docs.angr.io/docs/toplevel.html ??)
- https://github.com/angr/angr-doc/blob/master/examples/asisctffinals2015_license/solve.py
- Using state constraints
- https://github.com/angr/angr-doc/blob/master/examples/google2016_unbreakable_0/solve.py
- https://github.com/angr/angr-doc/blob/master/examples/google2016_unbreakable_1/solve.py
- https://github.com/angr/angr-doc/blob/master/examples/asisctffinals2015_fake/solve.py
- https://github.com/angr/angr-doc/blob/master/examples/whitehatvn2015_re400/solve.py
- Using callables
- https://github.com/angr/angr-doc/blob/master/docs/structured_data.md#callables
- https://github.com/angr/angr-doc/blob/master/examples/mma_howtouse/solve.py
- Using hooks
- https://github.com/angr/angr-doc/blob/master/examples/ekopartyctf2015_rev100/solve.py
- https://github.com/angr/angr-doc/blob/master/examples/layer7_onlyone/solve.py
- Finding exploitable conditions
- strcpy 1. https://github.com/angr/angr-doc/blob/master/examples/strcpy_find/solve.py