本文整理汇总了Python中r2pipe.open函数的典型用法代码示例。如果您正苦于以下问题:Python open函数的具体用法?Python open怎么用?Python open使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了open函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: radare_kungfu
def radare_kungfu(files):
unsafe = ('strcpy', 'strcat', 'sprintf', 'vsprintf', 'gets', 'strlen', 'scanf', 'fscanf', 'sscanf', 'vscanf', 'vsscanf', 'vfscanf', 'realpath', 'getopt', 'getpass', 'streadd', 'strecpy', 'strtrns', 'getwd')
for fi in files:
filename = fi[0]
if isElf(filename):
#print("File is binary, running radare & saving result to database")
r2=r2pipe.open("/tmp/111"+filename)
r2.cmd("s 0")
r2i = r2.cmd("i")
fi[5] = unicodedata.normalize('NFKD', r2i).encode('ascii','ignore')
#I'm commenting this atm because it takes too much time to complete, maybe let's try
# to get rid of all those warnings?
# if 'static true' in r2i: # binary is linked statically, stop analysis
# continue
# r2.cmd('aaa')
# for function in unsafe:
# result = r2.cmd('ii~' + function)
# if result:
# plt = result.split()[1]
# address = plt[4:] # location of unsafe function
# formatted = address.split('x', 1)[1].lstrip('0')
# tmp = r2.cmd('/c' + formatted)
# tmp = tmp.splitlines()
# refs = '' # addresses that contain call to current unsafe function
# for lines in tmp:
# refs = refs + lines.split()[0] + '\n'
print('returning')
return示例2: find_functions
def find_functions(self, mapping):
fname = mapping._memdumpname
log.debug('Opening %s', fname)
# FIXME is that even useful
import r2pipe
r2 = r2pipe.open(fname)
r2.cmd("aaa")
analysis = r2.cmd("afl")
print analysis
res = analysis.split('\n')
log.debug("len %d - %d", len(analysis), len(res))
#if len(analysis) > 40:
# import pdb
# pdb.set_trace()
nb = 0
for f_line in res:
if "0x" not in res:
continue
addr, size, bbs, name = f_line.split(' ')
addr = int(addr, 16)
if addr == 0x0:
continue
size = int(size)
bbs = int(bbs)
self.functions[mapping.start+addr] = (size, bbs, name)
nb += 1
log.debug('Found %d functions in 0x%x', nb, mapping.start)示例3: scan_file
def scan_file(file_path):
ret = []
print('Scanning \"%s\"...' % file_path)
# start radare instance
r2 = r2pipe.open(file_path)
# perform initial analysis
r2.cmd('aa;aad')
# enumerate available functions
for addr in r2.cmdj('aflqj'):
# check for vulnerable function
if match_func(r2, addr):
print('VULNERABLE FUNCTION: %s' % addr)
ret.append(addr)
# close radare instance
r2.quit()
return ret示例4: solve_ch111
def solve_ch111(fn):
ringzer0.output('solving')
r2 = r2pipe.open(fn)
asm_lines = r2.cmd('aa; s sym.main; pif~&mov dword,rbp | grep ", 0x"').splitlines()
# mov dword [rbp - 0x60], 0x485e2beb
# mov dword [rbp - 0x5c], 0xc180c931
# (..)
shellcode = ''
for asm_line in asm_lines:
val = asm_line.split(',')[-1:][0].strip()
if val.startswith('0x'): val = val[2:]
val = val.zfill(8)
shellcode += val.decode('hex')[::-1]
dlen = 0x22 - 1
# 0x00000006 add cl, 0x22
# 0x00000009 xor byte [esi], 0x13
# 0x0000000c dec eax
# 0x0000000d inc esi
# 0x0000000f loop 9
# (..)
dloc = 0x2d + 5
# 0x0000002d e8d0ffffff call 2
buf = shellcode[dloc:dloc+dlen]
xr = 0x4a
r = ''.join(chr(ord(c) ^ xr) for c in buf).strip()
ringzer0.output('solved', r)
return r示例5: radare_kungfu
def radare_kungfu(files):
unsafe = ('strcpy', 'strcat', 'sprintf', 'vsprintf', 'gets', 'strlen', 'scanf', 'fscanf', 'sscanf', 'vscanf', 'vsscanf', 'vfscanf', 'realpath', 'getopt', 'getpass', 'streadd', 'strecpy', 'strtrns', 'getwd')
results=[]
for fi in files:
filename = fi[0]
if isElf(filename):
#print("File is binary, running radare & saving result to database")
r2=r2pipe.open("/tmp/111"+filename)
r2.cmd("s 0")
r2i = r2.cmd("i")
fi[5] = unicodedata.normalize('NFKD', r2i).encode('ascii','ignore')
if 'static false' in r2i: # binary is linked statically, stop analysis
continue
r2.cmd('aaa')
for function in unsafe:
result = r2.cmd('ii~' + function)
if result:
results.append(result)
plt = result.split()[1]
address = plt[4:] # location of unsafe function
formatted = address.split('x', 1)[1].lstrip('0')
tmp = r2.cmd('/c' + formatted)
tmp = tmp.splitlines()
refs = '' # addresses that contain call to current unsafe function
for lines in tmp:
refs = refs + lines.split()[0] + '\n'
fi.append(results)
return示例6: __init__
def __init__(self, filename):
self.r = r2pipe.open(filename)
self.gp = self.r.cmdj("ij")["core"]["size"]
self.r.cmd("e anal.gp = " + str(self.gp))
self.r.cmd("e io.cache = true")
self.r.cmd("e asm.arch = bpf")
self.r.cmd("e cfg.bigendian=true")
self.r.cmd("aaa")示例7: __init__
def __init__(self, binary, bininfo, force=False):
self.binary = binary
self.bininfo = bininfo
self.force = force
# open binary in Radare2 and trigger binary analysis
self.r2 = r2pipe.open(self.binary)
self.r2.cmd('aaa') # analyze all referenced code
# done
return示例8: loadModule
def loadModule():
global r2
modules = r2.cmdj("ilj")
for module in modules:
# If we found a python shared library
if "python" in module.lower():
modulePath = _findModuleFullPath(module)
write("Loading shared library {0} ... ".format(module))
# TODO: Better support for finding modules
r2_module = r2pipe.open(modulePath,["-AA"])
write("[ Done ]\n")
return (r2_module, module)
return (None, None)示例9: __init__
def __init__(self, binfile, logfile=None):
self.r2 = r2pipe.open(binfile)
self.r2.cmd("aaa")
self.r2.cmd("e asm.esil = true")
self.r2.cmd("e scr.color = false")
self.r2.cmd("e io.cache = true")
self.r2.cmd("aei")
self.r2.cmd("aeip")
self.stats = {}
self.binfile = binfile
self.logfile = logfile
self.logs = []
self.prev_state = {}
self.last_emulated = {}示例10: parse_elf
def parse_elf(workspace, file):
r2 = r2pipe.open(file.filepath)
r2.cmd("aa")
r2.cmd("afl")
result = r2.cmd("agC")
output_dir = os.path.join(workspace, "graphs")
if not os.path.exists(output_dir):
os.makedirs(output_dir)
out_file = os.path.join(output_dir, file.hash)
graph = pydot.graph_from_dot_data(result)
graph[0].write_png(out_file)
file.graph_file = out_file
file.save()
print("%s parsed" % file.filepath)示例11: __init__
def __init__(self, filename, filecontent=None):
self.r = r2pipe.open(filename)
self.r.cmd("e io.cache = true")
self.r.cmd("e asm.arch = bpf")
self.inited = False
if filecontent != None:
self.filecontent = filecontent
self.inject_filecontent()
else:
self.gp = self.r.cmdj("ij")["core"]["size"]
self.filecontent = None
self.r.cmd("e anal.gp = " + str(self.gp))
self.r.cmd("e cfg.bigendian=true")
self.r.cmd("aaa")示例12: __init__
def __init__(self, filename, anal, debug=False, force_replace=False, write=False):
self.debug = debug
self.force = force_replace
flags = ["-q"]
if write:
flags.append("-w")
print("[INFO] Opening file with r2")
self.r2 = r2pipe.open(filename, flags)
info = json.loads(self.r2.cmd("ij").replace("\\", "\\\\"))
if not info["bin"]["bits"] in constants.supported_bits or \
not info["bin"]["arch"] in constants.supported_archs:
raise Exception("[ERROR] Architecture not supported")
self.arch = info["bin"]["arch"]
self.bits = info["bin"]["bits"]
if anal:
print("[INFO] Analyzing functions with r2")
self.r2.cmd("aaa")示例13: solve_ch11
def solve_ch11(fn):
ringzer0.output('solving')
r2 = r2pipe.open(fn)
asm_lines = r2.cmd('aa; s sym.main; pif~&mov,word,eax | grep ", 0x"').splitlines()
# mov dword [eax], 0x47414c46
# mov dword [eax + 4], 0x3930342d
# mov word [eax + 8], 0x32
# mov dword [eax], 0x75393438
# mov dword [eax + 4], 0x6a326f69
# mov word [eax + 8], 0x66
# mov dword [eax], 0x6a736c6b
# mov dword [eax + 4], 0x6c6b34
buf = ''
for asm_line in asm_lines:
val = asm_line.split(',')[-1:][0].strip()
if val.startswith('0x'): val = val[2:]
buf += val.decode('hex')[::-1]
ringzer0.output('solved', buf)
return buf示例14: ch15
def ch15():
ch, s = 15, ringzer0.login()
sections = ringzer0.read_challenge(s, ch)
title, msg, chksum = sections['title'], sections['elf message'], sections['checksum']
ringzer0.output('solving')
elf = msg
while re.match(r'^[a-zA-Z0-9+/]*={0,3}$', elf):
elf = base64.b64decode(elf)
elf = elf[::-1]
elf_md5 = hashlib.md5(elf).hexdigest()
if chksum != elf_md5:
ringzer0.error('checksum mismatch ({0} vs {1})'.format(chksum, elf_md5))
result = ''
with ringzer0.tmpfile() as (fd, fn):
ringzer0.write_bin_file(fd, elf)
r2 = r2pipe.open(fn)
asm_lines = r2.cmd('aa; s sym.main; pif~&mov,rbp').splitlines()
asm_rg = re.compile(r'^mov [^,]*\[rbp\s?-\s?([0-9a-fx]+)\],\s?([^\s]+)$')
asm_vals, top = {}, 0
for asm_line in asm_lines:
rx = re.match(asm_rg, asm_line)
if not rx:
continue
pos, val = rx.group(1), rx.group(2)
if val.startswith('r'):
continue
if val.startswith('0x'): val = val[2:]
if len(val) % 2 == 1: val = '0' + val
pos, val = int(pos, 16), val.decode('hex')
asm_vals[pos] = val
top = max(top, pos)
stack = bytearray('\0' * top)
for k in sorted(asm_vals, reverse=True):
v = asm_vals[k]
stack[top - k:len(v)] = v[::-1]
result = stack[:stack.index('\00')]
ringzer0.output('solved', result)
response = ringzer0.submit_challenge(s, ch, result)
ringzer0.output('response', response)示例15: __init__
def __init__(self, name):
self.name = name
self.r2 = r2pipe.open()
bininfo = self.r2.cmdj("ij")["bin"]
self.arch = bininfo["arch"]
self.bits = bininfo["bits"]
self.regs = self.r2.cmdj("drlj")
self.switch_flagspace(self.name)
self.sections = self.get_sections()
imports = self.get_imports()
self.imports = {}
for imp in imports:
self.imports[imp["plt"]] = imp["name"]
exports = self.get_exports()
self.exports = {}
for exp in exports:
self.exports[exp["name"]] = exp["vaddr"]