Take a look at this Integrated Framework in binary code analysis of the CTF, to solve what the problem it, here is the git are listed in the solution to the CTF game:
Wherein, HackCon 2016 - angry-reverser takes 31 min, SecurityFest 2016 – it takes 20s, Defcamp CTF Qualification 2015 - Reversing 100 and Reversing 200, almost all do not manual intervention can be automated to complete the analysis. So the guards of the function, is not to be cardiac? Is simply CTF binary weapon. Below I will introduce this magical tool angr in. Note: this article only as an example of the effect, the deeper the tool usage and source code analysis will be in subsequent updates.）
In the binary code to find and exploit vulnerabilities is a very challenging job, it's challenging mainly in that the manual is difficult to directly see the binary code of the data structure, control flow information, etc. angr is a python-based binary vulnerability analysis framework, it will previous a variety of analytical techniques integrated in, facilitate follow-up of security researchers. It is possible to perform dynamic symbolic execution analysis, such as KLEE and Mayhem, but also can be a variety of static analysis.
Recently in many of the safety top will the S&P, USENIX Security, CCS are seen with the use of symbolic execution in this framework, The after the intend to organize into a topic to introduce their use and advantages and disadvantages.
The project Github: https://github.com/angr/angr
1. angr brief process
1 will the binary program is loaded angr analysis system
2 the binaries into a middleware language, intermediate representation, IR
3 the IR language into the idiom meaning a strong form of expression, for example, this app did what, rather than what it is.
4, to perform further analysis, for example, complete or partial, static analysis, dependency analysis, program block, the program space of the symbolic execution to explore the mining overflow vulnerability, some for the above way of binding.
2. angr installation
Theoretically angr currently supports linux, windows, MAC multiple platforms. However support the best or linux platform. Under the Windows platform due to the associated reliance on the library file more difficult to install, and therefore not recommended on windows installation.
The recommended is 14. 04 ubuntu, 16 and 12 version will appear different problems.
The first is in accordance with the dependent libraries, this is generally nothing issue:
sudo apt-get install python-dev libffi-dev build-essential virtualenvwrapper
virtualenvwrapper is a python virtual environment, using this is the main reason for angr will for libz3 or libVEX produce the modified, in order to prevent the already-installed library changes and the impact to the TO THE after other program use, the use of a python virtual machine environment is a good choice.
Next is the formal installation, first create a new python virtual environment:
Then using pip to install:
pip install angr
Some of the pit:
1. In the new virtual machine environment angr in python, import angr, appears ImportError: No module named decorator of this error, installed directly.
pip install decorator
There are some other pits in the angr of gitbook inside there, can be downloaded from here
After the installation is complete, go into the virtual python environment, you can load the angr database:
$ mkvirtualenv angr
(angr) $ python
>> import angr
Under Linux angr-dev script to install
There is a simple installation, just pull the github: https://github.com/angr/angr-dev
Directly in the root directory to run this shell script, you can automatically configure the virtualenv environment, install the angr library:
./ setup.sh -i-e angr
Then you can through the following way to start the angr
The first step is also dependent on the library:
pip install-I --no-use-wheel angr-only-z3-custom
Over is install:
pip install angr
windows the following is not tested, but there is a site someone has already collected the relevant information: https://github.com/Owlz/angr-Windows
3. angr simple example
This simple example illustrates angr usage. Sample program from: https://github.com/angr/angr-doc/tree/master/examples/fauxware
The following is a vulnerability of the sample program code:
char sneaky = "SOSNEAKY";
int authenticate(char username, char password)
stored_pw = 0;
// evil back d00r
if (strcmp(password, sneaky) == 0) return 1;
pwfile = open(username, O_RDONLY);
read(pwfile, stored_pw, 8);
if (strcmp(password, stored_pw) == 0) return 1;
printf("Welcome to the admin console, trusted user!\ n");
int main(int argc, char *argv)
username = 0;
password = 0;
read(0, username, 8);
read(0, &authed, 1);
read(0, password, 8);
read(0, &authed, 1);
authed = authenticate(username, password);
  next