To get the docker images:
docker pull klee/klee
docker pull angr/angr
Start docker:
Brendan Dolan-Gavitt moyix
moyix
/ gist:44f790ea3302680ab1c54651f24f6a10
Created
October 31, 2016 04:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -rw-rw---- 0 user user 150 Dec 31 1969 trickortreat/pitchimpair/uji.kyoyo-u.ac.jp___133.3.5.33/jackladder | |
| -rw-rw-rw- 0 user user 180 Dec 31 1969 trickortreat/pitchimpair/win.hallym.ac.kr___210.115.225.17/orangutan | |
| -rw-rw-rw- 0 user user 183 Dec 31 1969 trickortreat/intonation/mailhub.minaffet.gov.rw___62.56.174.152/orangutan | |
| -rw-rw-rw- 0 user user 174 Dec 31 1969 trickortreat/pitchimpair/nodep.sun-ip.or.jp___150.27.1.2/incision | |
| -rw-rw---- 0 user user 157 Dec 31 1969 trickortreat/pitchimpair/utc-web.utc21.co.kr___211.40.103.194/dewdrop | |
| drwxrwxr-x 0 user user 0 Dec 31 1969 trickortreat/pitchimpair/mail.btbu.edu.cn___211.82.112.23/ | |
| -rw-rw---- 0 user user 175 Dec 31 1969 trickortreat/pitchimpair/ns.hufs.ac.kr___203.253.64.1/orangutan | |
| drwxrwxr-x 0 user user 0 Dec 31 1969 trickortreat/intonation/nd11mx1-a-fixed.sancharnet.in___61.0.0.46/ | |
| -rw-rw-rw- 0 user user 181 Dec 31 1969 trickortreat/pitchimpair/ganeran.sarenet.es___194.30.32. |
moyix
/ symexec_tut.md
Last active
March 30, 2022 19:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/mman.h> | |
| #include <sys/stat.h> | |
| #include <fcntl.h> | |
| #include <sys/types.h> | |
| #include <sys/shm.h> | |
| int main (int argc, char **argv) { | |
| int shmid = shmget(IPC_PRIVATE, 0x1000*10, IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR); |
moyix
/ cb_multios_klee_notes.md
Last active
March 5, 2021 16:31
Some notes on the current state of KLEE and cb-multios
Using KLEE on the DARPA CGC challenge binaries (as ported to Linux/OS X by Trail of Bits) is currently not a fun time. Here are a few of the current obstacles.
I'm working off of KLEE master, built against LLVM 3.4, running on Linux (Ubuntu 16.04). Some of this may be easier or harder on other platforms supported by cb-multios (i.e. OS X and maybe someday Windows).
- KLEE wants a standard
int main(int argc, char *argv[]). Most of the challenges instead haveint main(void)instead, and some, perversely, use the first int argument to main to hold the address of the flag page. (Edit: this has been fixed in thewindows_supportbranch ofcb-multiosand should make its way into master soon) - The challenge binaries use lots of symbols that conflict with things in libc. For example, many of them define the symbol
stdinand then implement a FILE* struct themselves. So when trying to link inklee-uclibc.bcyou get symbol clashes. This already has an [
moyix
/ panda_taint.sh
Created
July 26, 2017 00:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We're going to do a simple demo of using PANDA to do a dynamic taint | |
| # analysis of a program that parses a file. The program we're using is | |
| # the "who" utility, which parses a binary log file (utmp). | |
| # This assumes that you've got a build of PANDA: | |
| ls ~/git/panda/build/i386-softmmu/qemu-system-i386 | |
| # To start off, we'll create a recording of running who. We can do this | |
| # using PANDA's run_debian.py script, which will automatically download a | |
| # 32-bit Linux image and run a command in it. It will even copy in any | |
| # files needed for you. | |
| ~/git/panda/panda/scripts/run_debian.py who /var/run/utmp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| all: quiz | |
| quiz.o: quiz.asm | |
| nasm -f elf64 $< -o $@ | |
| quiz: quiz.o | |
| ld -Tdata=0x8000000000 $< -o $@ |
moyix
/ dump_vvar.cpp
Created
January 11, 2018 00:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <unistd.h> | |
| #include <vector> | |
| #include <iostream> | |
| #include <sstream> | |
| #include <fstream> | |
| #include <iterator> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define __out __attribute__((SAL__out)) | |
| #define __bcount __attribute__((SAL__bcount)) | |
| #define __bcount_opt __attribute__((SAL__bcount_opt)) | |
| #define __deref_bcount __attribute__((SAL__deref_bcount)) | |
| #define __deref_bcount_opt __attribute__((SAL__deref_bcount_opt)) | |
| #define __deref_ecount __attribute__((SAL__deref_ecount)) | |
| #define __deref_ecount_opt __attribute__((SAL__deref_ecount_opt)) | |
| #define __deref_in __attribute__((SAL__deref_in)) | |
| #define __deref_in_bcount __attribute__((SAL__deref_in_bcount)) | |
| #define __deref_in_bcount_opt __attribute__((SAL__deref_in_bcount_opt)) |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A few months ago, I got a surprise call from Subra Suresh, director of the National Science Foundation, who told me I was going to share this year’s Alan T. Waterman Award with Robert Wood of Harvard. (At first I assumed it was a telemarketing call, since pretty much no one calls my office phone; I use my iPhone exclusively and have trouble even operating my desk phone.) Dr. Suresh explained that this was the first time the Waterman would ever be awarded to two people the same year, but that the committee was unanimous in supporting both me and Rob. Looking up my co-winner, I quickly learned that Rob was a leader in the field of robot bees (see here for video)—and that his work, despite having obvious military applications, had been singled out by Sean Hannity as the latter’s #1 example of government waste (!). That fact, alone, made me deeply honored to share the award with Rob, and eager to meet him in person. | |
| Happily, I finally got to do that this past Thursday, at the Waterman award ceremony in Washi |
moyix
/ readutmp.c
Created
March 15, 2018 14:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void lava_set(unsigned int bn, unsigned int val); | |
| extern unsigned int lava_get(unsigned int) ; | |
| /* GNU's read utmp module. | |
| Copyright (C) 1992-2001, 2003-2006, 2009-2015 Free Software Foundation, Inc. | |
| This program is free software: you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License as published by | |
| the Free Software Foundation; either version 3 of the License, or | |
| (at your option) any later version. |