1. Advisor
  2. claripy
  3. functions
  4. claripy.Or
View all claripy analysis

How to use the claripy.Or function in claripy

To help you get started, we’ve selected a few claripy examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github angr / rex / rex / exploit / techniques / rop_leak_memory.py View on Github external
if register == "ecx":
                constraints.append(state.regs.ecx >= 0x4347c000)
                constraints.append(state.regs.ecx <= (0x4347d000 - 4))
            # if it's edx, we need to be able to set it to just above 4 bytes
            if register == "edx":
                constraints.append(state.regs.edx > 0x4)
            # if it's esi, we need to point to NULL or a writable page
            # TODO support setting to a writable page
            if register == "esi":
                or_cons = [ ]
                for page_start, page_end in self._get_writable_pages(state):
                    or_cons.append(claripy.And(state.regs.esi >= page_start, state.regs.esi <= (page_end - 4)))

                combine_cons = or_cons[0]
                for con in or_cons[1:]:
                    combine_cons = claripy.Or(combine_cons, con)

                constraints.append(combine_cons)

        return constraints
github angr / angr / angr / analyses / decompiler / structurer.py View on Github external
node = node.node

            if isinstance(node, SequenceNode):
                node = self._merge_conditional_breaks(node)
            elif isinstance(node, ConditionalBreakNode) and i > 0:
                prev_node = seq.nodes[i-1]
                if type(prev_node) is CodeNode:
                    prev_node = prev_node.node
                if isinstance(prev_node, ConditionalBreakNode):
                    # found them!

                    # pop the previously added node
                    if new_nodes:
                        new_nodes = new_nodes[:-1]

                    merged_condition = self._simplify_condition(claripy.Or(node.condition, prev_node.condition))
                    new_node = ConditionalBreakNode(node.addr,
                                                    merged_condition,
                                                    node.target
                                                    )
                    node = new_node

            new_nodes.append(node)
            i += 1

        return SequenceNode(new_nodes)
github angr / heaphopper / heaphopper / analysis / heap_plugins / glibc.py View on Github external
if max(self.config['overflow_sizes']) != 0:
            bvs_size = int(
                math.ceil(math.log(max(self.config['overflow_sizes']), 2))) + 1
        else:
            bvs_size = 8
        num_bytes = int(
            math.ceil(bvs_size / float(self.state.arch.byte_width)))
        bit_diff = num_bytes * self.state.arch.byte_width - bvs_size

        self.var_dict['overflow_sizes'] = []
        for overflow_size_addr in self.var_dict['overflow_sizes_addrs']:
            if len(self.config['overflow_sizes']) > 1:
                overflow_var = self.state.solver.BVS(
                    'overflow_size', bvs_size).zero_extend(bit_diff)
                constraint = claripy.Or(
                    overflow_var == self.config['overflow_sizes'][0])
                for bin_size in self.config['overflow_sizes'][1:]:
                    constraint = claripy.Or(
                        overflow_var == bin_size, constraint)
                self.state.add_constraints(constraint)
            else:
                overflow_var = self.state.solver.BVV(
                    self.config['overflow_sizes'][0], self.state.arch.bits)
            self.var_dict['overflow_sizes'].append(overflow_var)

            self.state.memory.store(
                overflow_size_addr, overflow_var, endness='Iend_LE')

        # Get arb_write_offsets
        self.var_dict['arb_offset_vars'] = []
        arb_write_var = self.proj.loader.main_object.get_symbol('arw_offsets')
github ChrisTheCoolHut / Firmware_Slap / firmware_slap / command_injection.py View on Github external
def constrain_control(self,
                          state,
                          symbolic_variable,
                          start_loc,
                          select_string="`ls`"):
        for i in range(len(select_string)):
            current_byte = state.memory.load(start_loc + i).get_byte(0)
            state.add_constraints(
                claripy.Or(claripy.And(select_string[i] == current_byte)))
github angr / angr / angr / analyses / decompiler / structurer.py View on Github external
            'LogicalOr': lambda expr, conv: claripy.Or(conv(expr.operands[0]), conv(expr.operands[1])),
            'CmpEQ': lambda expr, conv: conv(expr.operands[0]) == conv(expr.operands[1]),
github angr / angr / angr / procedures / libc / strtol.py View on Github external
if base <= 10:
            return is_digit, char - min_digit

        # handle alphabetic chars
        max_char_lower = claripy.BVV(ord("a") + base-10 - 1, 8)
        max_char_upper = claripy.BVV(ord("A") + base-10 - 1, 8)
        min_char_lower = claripy.BVV(ord("a"), 8)
        min_char_upper = claripy.BVV(ord("A"), 8)

        cases.append((is_digit, char - min_digit))
        is_alpha_lower = claripy.And(char >= min_char_lower, char <= max_char_lower)
        cases.append((is_alpha_lower, char - min_char_lower + 10))
        is_alpha_upper = claripy.And(char >= min_char_upper, char <= max_char_upper)
        cases.append((is_alpha_upper, char - min_char_upper + 10))

        expression = claripy.Or(is_digit, is_alpha_lower, is_alpha_upper)
        # use the last case as the default, the expression will encode whether or not it's satisfiable
        result = claripy.ite_cases(cases[:-1], cases[-1][1])

        return expression, result
github angr / heaphopper / heaphopper / analysis / heap_plugins / glibc.py View on Github external
bvs_size = int(
                math.ceil(math.log(max(self.config['malloc_sizes']), 2))) + 1
        else:
            bvs_size = 8
        num_bytes = int(
            math.ceil(bvs_size / float(self.state.arch.byte_width)))
        bit_diff = num_bytes * self.state.arch.byte_width - bvs_size

        for msize in self.var_dict['malloc_size_addrs']:
            if len(self.config['malloc_sizes']) > 1:
                malloc_var = self.state.solver.BVS(
                    'malloc_size', bvs_size).zero_extend(bit_diff)
                constraint = claripy.Or(
                    malloc_var == self.config['malloc_sizes'][0])
                for bin_size in self.config['malloc_sizes'][1:]:
                    constraint = claripy.Or(malloc_var == bin_size, constraint)
                self.state.add_constraints(constraint)
            else:
                malloc_var = self.state.solver.BVV(
                    self.config['malloc_sizes'][0], self.state.arch.bits)
            self.var_dict['malloc_size_bvs'].append(malloc_var)
            # zero-fill first just in case
            self.state.memory.store(
                msize, claripy.BVV(0, 8 * 8), endness='Iend_LE')
            self.state.memory.store(msize, malloc_var, endness='Iend_LE')

        # Set fill sizes
        fill_size_var = self.proj.loader.main_object.get_symbol('fill_sizes')
        self.var_dict['fill_size_addrs'] = [
            fill_size_var.rebased_addr + i for i in range(0, fill_size_var.size, 8)]
        self.var_dict['fill_size_vars'] = []
        if self.config['chunk_fill_size'] == 'zero':
github angr / heaphopper / heaphopper / analysis / tracer / tracer.py View on Github external
# Set malloc sizes
    malloc_size_var = proj.loader.main_object.get_symbol('malloc_sizes')
    var_dict['malloc_size_addrs'] = [malloc_size_var.rebased_addr + i for i in range(0, malloc_size_var.size, 8)]
    var_dict['malloc_size_bvs'] = []

    if max(config['malloc_sizes']) != 0:
        bvs_size = int(math.ceil(math.log(max(config['malloc_sizes']), 2))) + 1
    else:
        bvs_size = 8
    num_bytes = int(math.ceil(bvs_size / float(state.arch.byte_width)))
    bit_diff = num_bytes * state.arch.byte_width - bvs_size

    for msize in var_dict['malloc_size_addrs']:
        if len(config['malloc_sizes']) > 1:
            malloc_var = state.solver.BVS('malloc_size', bvs_size).zero_extend(bit_diff)
            constraint = claripy.Or(malloc_var == config['malloc_sizes'][0])
            for bin_size in config['malloc_sizes'][1:]:
                constraint = claripy.Or(malloc_var == bin_size, constraint)
            state.add_constraints(constraint)
        else:
            malloc_var = state.solver.BVV(config['malloc_sizes'][0], state.arch.bits)
        var_dict['malloc_size_bvs'].append(malloc_var)
        state.memory.store(msize, claripy.BVV(0, 8 * 8), endness='Iend_LE')  # zero-fill first just in case
        state.memory.store(msize, malloc_var, endness='Iend_LE')

    # Set fill sizes
    fill_size_var = proj.loader.main_object.get_symbol('fill_sizes')
    var_dict['fill_size_addrs'] = [fill_size_var.rebased_addr + i for i in range(0, fill_size_var.size, 8)]
    var_dict['fill_size_vars'] = []
    if config['chunk_fill_size'] == 'zero':
        var_dict['fill_size_vars'] = [state.solver.BVV(0, 8 * 8)] * len(var_dict['fill_size_addrs'])
    if config['chunk_fill_size'] == 'header_size':

claripy

An abstraction layer for constraint solvers

GitHub
BSD-2-Clause
Latest version published 4 days ago

Package Health Score

81 / 100
Full package analysis

Popular claripy functions

Similar packages