sudo apt-get install python-dev libffi-dev build-essential virtualenvwrapper
virtualenvwrapper is a python virtual environment, using this is the main reason for angr will for libz3 or libVEX produce the modified, in order to prevent the already-installed library changes and the impact to the TO THE after other program use, the use of a python virtual machine environment is a good choice.
Next is the formal installation, first create a new python virtual environment:
mkvirutalenv angr
Then using pip to install:
pip install angr
Some of the pit:
1. In the new virtual machine environment angr in python, import angr, appears ImportError: No module named decorator of this error, installed directly.
pip install decorator
There are some other pits in the angr of gitbook inside there, can be downloaded from here
After the installation is complete, go into the virtual python environment, you can load the angr database:
$ mkvirtualenv angr
(angr) $ python
>> import angr
Under Linux angr-dev script to install
There is a simple installation, just pull the github: https://github.com/angr/angr-dev
Directly in the root directory to run this shell script, you can automatically configure the virtualenv environment, install the angr library:
./ setup.sh -i-e angr
Then you can through the following way to start the angr
$workon angr
(angr)$ipython
>>import angr
MAC OS
The first step is also dependent on the library:
pip install-I --no-use-wheel angr-only-z3-custom
Over is install:
pip install angr
windows
windows the following is not tested, but there is a site someone has already collected the relevant information: https://github.com/Owlz/angr-Windows
3. angr simple example
This simple example illustrates angr usage. Sample program from: https://github.com/angr/angr-doc/tree/master/examples/fauxware
The following is a vulnerability of the sample program code:
#include
#include
#include
#include
#include
char *sneaky = “SOSNEAKY”;
int authenticate(char *username, char *password)
{
char stored_pw[9];
stored_pw[8] = 0;
int pwfile;
// evil back d00r
if (strcmp(password, sneaky) == 0) return 1;
pwfile = open(username, O_RDONLY);
read(pwfile, stored_pw, 8);
if (strcmp(password, stored_pw) == 0) return 1;
return 0;
}
int accepted()
{
printf(“Welcome to the admin console, trusted user!\ n”);
}
int rejected()
{
printf(“Go away!”);
exit(1);
}
int main(int argc, char **argv)
{
char username[9];
char password[9];
int authed;
username[8] = 0;
password[8] = 0;
printf(“Username: \n”);
read(0, username, 8);
read(0, &authed, 1);
printf(“Password: \n”);
read(0, password, 8);
read(0, &authed, 1);
authed = authenticate(username, password);