-
Notifications
You must be signed in to change notification settings - Fork 743
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update pyproject.toml to update deps and replace MANIFEST.in
- Loading branch information
Showing
310 changed files
with
13,012 additions
and
6,190 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
#!/usr/bin/env python3 | ||
# | ||
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework | ||
# | ||
|
||
import sys | ||
sys.path.append('..') | ||
|
||
from qiling import Qiling | ||
from qiling.const import QL_VERBOSE | ||
from qiling.extensions.r2 import R2 | ||
|
||
|
||
def func(ql: Qiling, *args, **kwargs): | ||
ql.os.stdout.write(b"=====hooked main=====!\n") | ||
return | ||
|
||
def my_sandbox(path, rootfs): | ||
ql = Qiling(path, rootfs, verbose=QL_VERBOSE.DISASM) | ||
# QL_VERBOSE.DISASM will be monkey-patched when r2 is available | ||
r2 = R2(ql) | ||
|
||
# search bytes sequence using ql.mem.search | ||
addrs = ql.mem.search(b'llo worl') # return all matching results | ||
print(r2.at(addrs[0])) # find corresponding flag at the address and the offset to the flag | ||
# search string using r2 | ||
addr = r2.strings['Hello world!'].vaddr # key must be exactly same | ||
print(addrs[0], addr) | ||
# print xref to string "Hello world!" | ||
print(r2.refto(addr)) | ||
# write to string using ql.mem.write | ||
ql.mem.write(addr, b"No hello, Bye!\x00") | ||
|
||
# get function address and hook it | ||
ql.hook_address(func, r2.functions['main'].offset) | ||
# enable trace powered by r2 symsmap | ||
# r2.enable_trace() | ||
ql.run() | ||
|
||
if __name__ == "__main__": | ||
my_sandbox(["rootfs/x86_windows/bin/x86_hello.exe"], "rootfs/x86_windows") | ||
|
||
# test shellcode mode | ||
ARM64_LIN = bytes.fromhex('420002ca210080d2400080d2c81880d2010000d4e60300aa01020010020280d2681980d2010000d4410080d2420002cae00306aa080380d2010000d4210400f165ffff54e0000010420002ca210001caa81b80d2010000d4020004d27f0000012f62696e2f736800') | ||
print("\nLinux ARM 64bit Shellcode") | ||
ql = Qiling(code=ARM64_LIN, archtype="arm64", ostype="linux", verbose=QL_VERBOSE.DEBUG) | ||
r2 = R2(ql) | ||
# disassemble 32 instructions | ||
print(r2._cmd('pd 32')) | ||
ql.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
hackme | ||
aaaaaaaaaaaa |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/usr/bin/env python3 | ||
# | ||
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework | ||
# | ||
|
||
import os | ||
import sys | ||
|
||
from typing import Any, Optional | ||
|
||
sys.path.append("../../..") | ||
from qiling.core import Qiling | ||
from qiling.const import QL_VERBOSE | ||
|
||
from qiling.extensions.afl import ql_afl_fuzz_custom | ||
from qiling.extensions.mcu.stm32f4 import stm32f429 | ||
|
||
from unicorn import UC_ERR_OK, UcError | ||
|
||
def main(input_file: str): | ||
ql = Qiling(["../../rootfs/mcu/stm32f429/bof.elf"], | ||
archtype="cortex_m", | ||
env=stm32f429, | ||
ostype='mcu', | ||
verbose=QL_VERBOSE.DISABLED) | ||
|
||
ql.hw.create('rcc') | ||
ql.hw.create('usart2') | ||
ql.hw.create('usart3') | ||
|
||
ql.fast_mode = True | ||
|
||
def place_input_callback(ql: Qiling, input_bytes: bytes, persistent_round: int) -> Optional[bool]: | ||
"""Called with every newly generated input.""" | ||
|
||
ql.hw.usart3.send(input_bytes) | ||
|
||
return True | ||
|
||
def fuzzing_callback(ql: Qiling): | ||
ql.run(end=0x80006d9) | ||
|
||
return UC_ERR_OK | ||
|
||
ql.uc.ctl_exits_enabled(True) | ||
ql.uc.ctl_set_exits([0x80006d9]) | ||
|
||
ql_afl_fuzz_custom(ql, input_file, place_input_callback, fuzzing_callback=fuzzing_callback) | ||
|
||
os.exit(0) | ||
|
||
if __name__ == "__main__": | ||
if len(sys.argv) == 1: | ||
raise ValueError("No input file provided.") | ||
|
||
main(sys.argv[1]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
AFL_AUTORESUME=1 afl-fuzz -i afl_inputs -o afl_outputs -U -- python3 ./fuzz.py @@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.