| from collections import defaultdict | |
| import angr | |
| import simuvex | |
| import claripy | |
| import analysis | |
| """ | |
| Memory metadata we keep for each address, like the addresses of the malloc |
| #!/usr/bin/env python | |
| import sys | |
| import angr | |
| p = angr.Project(sys.argv[1], load_options={'auto_load_libs': False}) | |
| s = p.factory.entry_state() | |
| def malloc_print(state): | |
| print("Called malloc!") |
| import angr | |
| import analysis | |
| class MemoryWrite(analysis.Analysis): | |
| def __init__(self, option): | |
| super(MemoryWrite, self).__init__(option) | |
| self.mem_write_check() | |
| def mem_write_check(self): | |
| print("[+] Initializing memory write analysis") |
Okay, so I decided to follow this binary exploitation course from RPI and do the challenges. It is interesting that it is run by students passionate about security and generally looks quite a promising introduction in binary exploitation, so you may want to check out the slides.
On to the challenges.
For crackme0x00a and crackme0x00b the slides pretty much give it away. I have decided to use radare2 so