Manticore – Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

0
5
Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution device for evaluation of binaries and good contracts.

Note: Beginning with model 0.2.0, Python 3.6+ is required.

Features

  • Input Generation: Manticore mechanically generates inputs that set off distinctive code paths
  • Crash Discovery: Manticore discovers inputs that crash packages by way of reminiscence security violations
  • Execution Tracing: Manticore information an instruction-stage hint of execution for every generated enter
  • Programmatic Interface: Manticore exposes programmatic entry to its evaluation engine by way of a Python API

Manticore can analyze the next forms of packages:

  • Ethereum good contracts (EVM bytecode)
  • Linux ELF binaries (x86, x86_64 and ARMv7)


Usage

CLI
Manticore has a command line interface which can be utilized to simply symbolically execute a supported program or good contract. Analysis outcomes will likely be positioned into a brand new listing starting with mcore_.
Use the CLI to discover attainable states in Ethereum good contracts. Manticore contains detectors that flag doubtlessly vulnerable code in found states. Solidity good contracts will need to have a .sol extension for evaluation by Manticore. See a demo.

$ manticore ./path/to/contract.sol  # runs, and creates a mcore_* listing with evaluation outcomes
$ manticore --detect-reentrancy ./path/to/contract.sol  # Above, however with reentrancy detection enabled
$ manticore --detect-all ./path/to/contract.sol  # Above, however with all detectors enabled

The command line will also be used to easily discover a Linux binary:

$ manticore ./path/to/binary        # runs, and creates a mcore_* listing with evaluation outcomes
$ manticore ./path/to/binary ab cd  # use concrete strings "ab", "cd" as program arguments
$ manticore ./path/to/binary ++ ++  # use two symbolic strings of size two as program arguments

API
Manticore has a Python programming interface which can be utilized to implement customized analyses.
For Ethereum good contracts, it may be used for detailed verification of arbitrary contract properties. Set beginning circumstances, execute symbolic transactions, then evaluate found states to make sure invariants to your contract maintain.

from manticore.ethereum import ManticoreEVM
contract_src="https://www.moretip.com/""
contract Adder {
    perform incremented(uint worth) public returns (uint){
        if (worth == 1)
            revert();
        return worth + 1;
    }
}
"https://www.moretip.com/""
m = ManticoreEVM()

user_account = m.create_account(stability=1000)
contract_account = m.solidity_create_contract(contract_src,
                                              proprietor=user_account,
                                              stability=0)
worth = m.make_symbolic_value()

contract_account.incremented(worth)

for state in m.running_states:
    print("can value be 1? {}".format(state.can_be_true(worth == 1)))
    print("can value be 200? {}".format(state.can_be_true(worth == 200)))

It can be attainable to make use of the API to create customized evaluation instruments for Linux binaries.

# instance Manticore script
from manticore import Manticore

hook_pc = 0x400ca0

m = Manticore('./path/to/binary')

@m.hook(hook_pc)
def hook(state):
  cpu = state.cpu
  print('eax', cpu.EAX)
  print(cpu.read_int(cpu.ESP))

  m.terminate()  # inform Manticore to cease

m.run()

Requirements

  • Manticore is supported on Linux and requires Python 3.6+.
  • Ubuntu 18.04 is strongly really useful.
  • Ethereum good contract evaluation requires the solc program in your $PATH.

Quickstart
Install and take a look at Manticore in a couple of shell instructions:

# Install system dependencies
sudo apt-get replace && sudo apt-get set up python3 python3-pip -y

# Install Manticore and its dependencies
sudo pip3 set up manticore

# Download the examples
git clone https://github.com/trailofbits/manticore.git && cd manticore/examples/linux

# Build the examples
make

# Use the Manticore CLI
manticore fundamental
cat mcore_*/*0.stdin | ./fundamental
cat mcore_*/*1.stdin | ./fundamental

# Use the Manticore API
cd ../script
python3 count_instructions.py ../linux/helloworld

You may also use Docker to shortly set up and take a look at Manticore:

# Download the Manticore picture
docker pull trailofbits/manticore

# Download the examples
git clone https://github.com/trailofbits/manticore.git && cd manticore

# Run container with a shared examples/ listing
docker run -it -v $PWD/examples:/house/manticore/examples trailofbits/manticore

# Change to examples listing
[email protected]$ cd examples/linux

# Build the examples
[email protected]$ make

# Use the Manticore CLI
[email protected]$ manticore fundamental
[email protected]$ cat mcore_*/*0.stdin | ./fundamental
[email protected]$ cat mcore_*/*1.stdin | ./fundamental

# Use the Manticore API
[email protected]$ cd ../script
[email protected]$ python3 count_instructions.py ../linux/helloworld

Installation
Option 1: Perform a person set up (requires ~/.native/bin in your PATH).

echo "PATH=$PATH:~/.local/bin" >> ~/.profile
supply ~/.profile
pip3 set up --user manticore

Option 2: Use a digital surroundings (requires virtualenvwrapper or similar).

sudo pip3 set up virtualenvwrapper
echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.profile
supply ~/.profile
mkvirtualenv manticore
sudo ./manticore/bin/pip3 set up manticore

Option 3: Perform a system set up.

sudo pip3 set up manticore

Option 4: Install by way of Docker.

docker pull trailofbits/manticore

Once put in, the manticore CLI device and Python API will likely be out there.
For putting in a growth model of Manticore, see our wiki.

Getting Help
Feel free to cease by our Slack channel for assistance on utilizing or extending Manticore.
Documentation is out there in a number of locations:

  • The wiki incorporates some fundamental details about getting began with Manticore and contributing
  • The examples listing has some very minimal examples that showcase API options
  • The API reference has extra thorough and in-depth documentation on our API
  • The manticore-examples repository has some extra concerned examples, for example fixing actual CTF issues

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.