angr is a platform-agnostic binary analysis framework. It is dropped at you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their related CTF staff, Shellphish, the open supply neighborhood, and @rhelmot.
angr is a collection of Python three libraries that allow you to load a binary and do lots of cool issues to it:
- Disassembly and intermediate-illustration lifting
- Program instrumentation
- Symbolic execution
- Control-flow evaluation
- Data-dependency evaluation
- Value-set analysis (VSA)
p = angr.Project('/bin/bash')If you do that in an enhanced REPL like IPython, you should utilize tab-autocomplete to browse the top-level-accessible methods and their docstrings.
The brief model of “how to install angr” is
mkvirtualenv --python=$(which python3) angr && python -m pip set up angr.
angr does lots of binary evaluation stuff. To get you began, here is a easy instance of utilizing symbolic execution to get a flag in a CTF problem.
import angr venture = angr.Project("angr-doc/examples/defcamp_r100/r100", auto_load_libs=False) @venture.hook(0x400844) def print_flag(state): print("FLAG SHOULD BE:", state.posix.dumps(0)) venture.terminate_execution() venture.execute()