- angr ON macOS
- Installation
- 1.mkvirtualenv: command not found
- 2.Command “python setup.py egg_info” failed with error code 1
- 3.No such file or directory: ‘libunicorn.dylib’
- 4.failed loading “angr_native.dylib”, unicorn support disabled
- 5.Your version of capstone does not support MIPS instruction groups.
- ex1.Ctrl + A doesn’t work in Bash Terminal on macOS
- ex2.iPython installed but not found
- 示例
- Installation
angr ON macOS
Installation
1.mkvirtualenv: command not found
My-Mac:~ username$ rm -rf ~/.venvburrito
My-Mac:~ username$ curl -sL https://raw.githubusercontent.com/brainsik/virtualenv-burrito/master/virtualenv-burrito.sh | $SHELL
My-Mac:~ username$ source /Users/username/.venvburrito/startup.sh
My-Mac:~ username$ mkvirtualenv new-env-name
(new-env-name) My-Mac:~ username$
2.Command “python setup.py egg_info” failed with error code 1
homebrew重装python,macOS自带的好像有问题
brew reinstall pip3
好像和这个问题没啥关系。
3.No such file or directory: ‘libunicorn.dylib’
一切问题都是安装unicorn的问题,homebrew安装的不行,需要用pip。
brew install capstone && export MACOS_UNIVERSAL=no && pip install capstone
brew install unicorn && UNICORN_QEMU_FLAGS="--python=`whereis python`" pip install unicorn
4.failed loading “angr_native.dylib”, unicorn support disabled
安装angr成功之后,导出时报错。
BASEDIR=/usr/local/lib/python2.7/site-packages
# If you don't know where your site-packages folder is, use this to find them:
python2 -c "import site; print(site.getsitepackages())"
install_name_tool -change libunicorn.1.dylib "$BASEDIR"/unicorn/lib/libunicorn.dylib "$BASEDIR"/angr/lib/angr_native.dylib
install_name_tool -change libpyvex.dylib "$BASEDIR"/pyvex/lib/libpyvex.dylib "$BASEDIR"/angr/lib/angr_native.dylib
5.Your version of capstone does not support MIPS instruction groups.
- Not supporting MIPS instruction groups is usually not a problem if you want to analyze MIPS firmware. It is only a problem for packages relying on the
Disassemblyanalysis, as it cannot tell whether an instruction is a call/branch or not without the instruction groups support. - The MIPS instruction groups support only exists in capstone v4. You’ll want to manually install the
nextbranch of the capstone engine.
暂时忽略该问题。
ex1.Ctrl + A doesn’t work in Bash Terminal on macOS
set -o emacs
将bash设置为emacs环境。或者vim环境set -o vi。
ex2.iPython installed but not found
ipython的wrapper/lanucher丢失引起的问题
python -m IPython
如果可以启动ipython,通过alias命令解决
alias ipython='python -m IPython'
或者写启动脚本,放到/usr/local/bin/ipython里面
#!/usr/local/opt/python/bin/python2.7
# -*- coding: utf-8 -*-
import re
import sys
from IPython import start_ipython
if __name__ == '__main__':
sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
sys.exit(start_ipython())
第二个方法显示错误 /usr/local/bin: bad interpreter: Permission denied,路径问题,开头改一下。
#!/usr/bin/env python2.7
示例
控制流信息
Linux下编译test.c得到的二进制文件test
#include <stdio.h>
void ddos() {
printf("ddos hers!\n");
}
int main() {
int year, month, day;
scanf("%d%d%d", &year, &month, &day);
if (month == 9)
if ( year == 2018)
if(day == 1)
ddos();
return 0;
}
执行angr得到控制流图,CFGAccurate()
#!/usr/bin/env python
'''
cfg visulization
'''
import angr
from angrutils import *
proj = angr.Project('/Users/cai/Desktop/test', load_options={'auto_load_libs': False})
main = proj.loader.main_object.get_symbol("main")
start_state = proj.factory.blank_state(addr=main.rebased_addr)
cfg = proj.analyses.CFGAccurate(fail_fast=True, starts=[main.rebased_addr], initial_state=start_state)
plot_cfg(cfg, "cfgaccurate", asminst=True, remove_imports=True, remove_path_terminator=True)
打印节点信息,pp()
#!/usr/bin/env python
'''
cfg visulization
'''
import angr
from angrutils import *
proj = angr.Project('/Users/cai/Desktop/test', load_options={'auto_load_libs': False})
main = proj.loader.main_object.get_symbol("main")
block = proj.factory.block(main.rebased_addr)
block.pp()
符号执行
angr大多数用例都是查找flag/passowrd,用法类似。