1. Advisor
  2. archr
  3. functions
  4. archr.targets
View all archr analysis

How to use the archr.targets function in archr

To help you get started, we’ve selected a few archr examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / rex / tests / test_rex.py View on Github external
def test_boolector_solving():
    # Test boolector's ability to generate the correct values at pov runtime.

    inp = b"A" * 64 * 4
    path = os.path.join(bin_location, "tests/cgc/add_payload")
    with archr.targets.LocalTarget([path], target_os='cgc') as target:
        crash = rex.Crash(target, inp, fast_mode=True, rop_cache_path=os.path.join(cache_location, 'add_payload'))

        arsenal = crash.exploit(blacklist_techniques={'rop_leak_memory'})

        crash.project.loader.close()

        nose.tools.assert_true(len(arsenal.register_setters) >= 3)
        nose.tools.assert_true(len(arsenal.leakers) >= 1)

        for reg_setter in arsenal.register_setters:
            nose.tools.assert_true(_do_pov_test(reg_setter))

        for leaker in arsenal.leakers:
            nose.tools.assert_true(_do_pov_test(leaker))
github angr / archr / tests / test_bow_netcat.py View on Github external
def test_netcat_network_local():
    with archr.targets.LocalTarget("socat tcp-l:1337,reuseaddr exec:cat".split(), tcp_ports=[1337]).build().start() as t:
        netcat_checks(t)
github angr / rex / tests / test_chall_resp.py View on Github external
def test_chall_resp_rand():
    inp = b" (((" \
          b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \
          b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \
          b"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n"
    path = bin_location + "/tests/cgc/overflow_after_chall_resp_rand"

    with archr.targets.LocalTarget([path], target_os='cgc') as target:
        crash = rex.Crash(target, crash=inp, rop_cache_path=os.path.join(cache_location, "overflow_after_chall_resp_rand"))
        exploit_f = crash.exploit()
        crash.project.loader.close()

        for e in exploit_f.register_setters:
            nose.tools.assert_true(_do_pov_test(e))
        for e in exploit_f.leakers:
            nose.tools.assert_true(_do_pov_test(e))
github angr / archr / tests / test_localtarget_simple.py View on Github external
def test_local_cat(self):
        with archr.targets.LocalTarget(["/bin/cat"]).build().start() as t:
            p = t.run_command()
            p.stdin.write(b"Hello!\n")
            assert p.stdout.read(7) == b"Hello!\n"
github angr / archr / tests / test_bow_datascout.py View on Github external
def test_datascout_local(self):
        # copy to a writable location
        tf = tempfile.mktemp()
        shutil.copy("/usr/bin/env", tf)
        with archr.targets.LocalTarget([tf], target_env=["ARCHR=YES"]).build().start() as t:
            _,_,_,maps = self.datascout_checks(t)
            local_ref = {
                '/lib/x86_64-linux-gnu/libc-2.27.so': 0x7ffff79e4000,
                '/lib/x86_64-linux-gnu/ld-2.27.so': 0x7ffff7dd5000,
                '[stack-end]': 0x7ffffffff000,
                '[heap]': 0x55555575d000,
                '[vvar]': 0x7ffff7ff8000,
                '[vdso]': 0x7ffff7ffb000,
                '[vsyscall]': 0xffffffffff600000
            }
            assert all(maps[x] == local_ref[x] for x in local_ref)

        os.unlink(tf)
github angr / archr / tests / test_dockertarget_fs.py View on Github external
def test_env_injection(self):
        with archr.targets.DockerImageTarget('archr-test:entrypoint-env').build().start() as t:
            t.inject_path("/etc/passwd", "/poo")
            rf = t.retrieve_contents("/poo")
            with open("/etc/passwd", "rb") as lf:
                assert lf.read() == rf

            t.inject_paths({"/poobin": "/bin", "/poolib": "/lib64"})
            rf = t.retrieve_contents("/poobin/true")
            with open("/bin/true", "rb") as lf:
                assert lf.read() == rf
github angr / archr / tests / test_bow_ltrace.py View on Github external
def test_ltrace_proc_docker(self):
        with archr.targets.DockerImageTarget('archr-test:cat', target_args=['/bin/cat', '/etc/passwd']).build().start() as t:
            self.check_ltrace_proc(t)
github angr / archr / tests / test_bow_strace.py View on Github external
def check_strace_attach(self, t, **kwargs):
        target = t.run_command() # start target
        b = archr.arsenal.STraceAttachBow(t)
        pid = target.pid if isinstance(t, archr.targets.LocalTarget) else t.get_proc_pid('socat')
        with b.fire_context(pid=pid, trace_args=STRACE_ARGS, **kwargs) as flight:
            sleep(2)
            nc = flight.open_channel('tcp:0') # misuse of flight
            nc.send(b'ahoi!')
            assert nc.readuntil(b'ahoi!', timeout=5) == b'ahoi!'
            nc.close()
            target.terminate()

        trace = flight.result.splitlines()
        assert any(b'read' in t and b'ahoi' in t for t in trace)
        assert any(b'write' in t and b'ahoi' in t for t in trace)
github angr / archr / tests / test_bow_memorymap.py View on Github external
def test_cat_ldd():
    with archr.targets.DockerImageTarget('archr-test:cat').build() as t:
        b = archr.arsenal.MemoryMapBow(t)
        s = b.fire()
        assert s == {
            'linux-vdso.so.1': 0x7ffff7ffa000,
            '/lib/x86_64-linux-gnu/libc.so.6': 0x7ffff77c4000,
            '/lib64/ld-linux-x86-64.so.2': 0x7ffff7dd5000,
            '[stack-end]': 0x7ffffffff000,
            '[heap]': 0x55555575d000,
            '[vvar]': 0x7ffff7ff7000,
            '[vdso]': 0x7ffff7ffa000,
            '[vsyscall]': 0xffffffffff600000
        }

archr

Target-centric program analysis.

GitHub
BSD-2-Clause
Latest version published 1 day ago

Package Health Score

75 / 100
Full package analysis

Popular archr functions

Similar packages