pwntools 1.1.0 → 1.2.0

data/lib/pwnlib/ui.rb

@@ -0,0 +1,21 @@
+# encoding: ASCII-8BIT
+# frozen_string_literal: true
+
+require 'pwnlib/logger'
+
+module Pwnlib
+  # This module collects utilities that need user interactions.
+  module UI
+    module_function
+
+    # Waits for user input.
+    #
+    # @return [void]
+    def pause
+      log.info('Paused (press enter to continue)')
+      $stdin.gets
+    end
+
+    include ::Pwnlib::Logger
+  end
+end

data/lib/pwnlib/util/cyclic.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 module Pwnlib
   module Util
@@ -42,6 +43,7 @@ module Pwnlib
       #     The result sequence.
       def de_bruijn(alphabet: ASCII_LOWERCASE, n: 4)
         return to_enum(__method__, alphabet: alphabet, n: n) { alphabet.size**n } unless block_given?
+
         k = alphabet.size
         a = [0] * (k * n)
 

data/lib/pwnlib/util/fiddling.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/context'
 
@@ -56,7 +57,7 @@ module Pwnlib
       #   hex(-10) #=> '-0xa'
       #   hex(0xfaceb00cdeadbeef) #=> '0xfaceb00cdeadbeef'
       def hex(n)
-        (n < 0 ? '-' : '') + format('0x%x', n.abs)
+        (n.negative? ? '-' : '') + format('0x%x', n.abs)
       end
 
       # URL-encodes a string.
@@ -92,7 +93,7 @@ module Pwnlib
       #   urldecode('%qw%er%ty') #=> raise ArgumentError
       #   urldecode('%qw%er%ty', true) #=> '%qw%er%ty'
       def urldecode(s, ignore_invalid = false)
-        res = ''
+        res = +''
         n = 0
         while n < s.size
           if s[n] != '%'
@@ -139,12 +140,13 @@ module Pwnlib
           is_little = context.endian == 'little'
           case s
           when String
-            v = 'B*'
+            v = +'B*'
             v.downcase! if is_little
             s.unpack(v)[0].chars.map { |ch| ch == '1' ? one : zero }
           when Integer
             # TODO(Darkpi): What should we do to negative number?
             raise ArgumentError, 's must be non-negative' unless s >= 0
+
             r = s.to_s(2).chars.map { |ch| ch == '1' ? one : zero }
             r.unshift(zero) until (r.size % 8).zero?
             is_little ? r.reverse : r
@@ -265,6 +267,35 @@ module Pwnlib
         s.unpack('m0')[0]
       end
 
+      # Xor two strings.
+      # If two strings have different length, the shorter one will be repeated until has the same length as another
+      # one.
+      #
+      # @param [String] s1
+      #   First string.
+      # @param [String] s2
+      #   Second string.
+      #
+      # @return [String]
+      #   The xor-ed result.
+      #
+      # @example
+      #   xor("\xE8\xE1\xF0\xF0\xF9", "\x80")
+      #   => 'happy'
+      #
+      #   xor("\x80", "\xE8\xE1\xF0\xF0\xF9")
+      #   => 'happy'
+      #
+      #   xor('plaintext', 'thekey')
+      #   => "\x04\x04\x04\x02\v\r\x11\x10\x11"
+      #
+      #   xor('217', "\x00" * 10)
+      #   => '2172172172'
+      def xor(s1, s2)
+        s1, s2 = s2, s1 if s1.size < s2.size
+        s1.bytes.zip(''.ljust(s1.size, s2).bytes).map { |a, b| a ^ b }.pack('C*')
+      end
+
       # Find two strings that will xor into a given string, while only using a given alphabet.
       #
       # @param [String, Integer] data
@@ -280,12 +311,13 @@ module Pwnlib
       def xor_pair(data, avoid: "\x00\n")
         data = pack(data) if data.is_a?(Integer)
         alphabet = 256.times.reject { |c| avoid.include?(c.chr) }
-        res1 = ''
-        res2 = ''
+        res1 = +''
+        res2 = +''
         data.bytes.each do |c1|
           # alphabet.shuffle! if context.randomize
           c2 = alphabet.find { |c| alphabet.include?(c1 ^ c) }
           return nil if c2.nil?
+
           res1 << c2.chr
           res2 << (c1 ^ c2).chr
         end

data/lib/pwnlib/util/getdents.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'bindata'
 

data/lib/pwnlib/util/hexdump.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'rainbow'
 
@@ -18,7 +19,7 @@ module Pwnlib
     #   hexdump('217')
     #   #=> "00000000  32 31 37                  │217│\n00000003"
     module HexDump
-      MARKER = "\u2502".freeze
+      MARKER = "\u2502"
       HIGHLIGHT_STYLE = ->(s) { Rainbow(s).bg(:red) }
       DEFAULT_STYLE = {
         0x00 => ->(s) { Rainbow(s).red },
@@ -67,7 +68,8 @@ module Pwnlib
           style = DEFAULT_STYLE.merge(style)
           highlight.bytes.each { |b| style[b] = HIGHLIGHT_STYLE }
           (0..255).each do |b|
-            next if style.include?(b)
+            next if style.key?(b)
+
             style[b] = (b.chr =~ /[[:print:]]/ ? style[:printable] : style[:unprintable])
           end
 
@@ -83,12 +85,13 @@ module Pwnlib
 
           byte_index = offset
           skipping = false
-          last_chunk = ''
+          last_chunk = +''
 
           loop do
             # We assume that chunk is in ASCII-8BIT encoding.
             chunk = io.read(width)
             break unless chunk
+
             chunk_bytes = chunk.bytes
             start_byte_index = byte_index
             byte_index += chunk_bytes.size
@@ -102,8 +105,8 @@ module Pwnlib
             skipping = false
             last_chunk = chunk
 
-            hex_bytes = ''
-            printable = ''
+            hex_bytes = +''
+            printable = +''
             chunk_bytes.each_with_index do |b, i|
               left_hex, right_char = styled_bytes[b]
               hex_bytes << left_hex

data/lib/pwnlib/util/lists.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/context'
 
@@ -37,6 +38,7 @@ module Pwnlib
         unless %i(ignore drop fill).include?(underfull_action)
           raise ArgumentError, 'underfull_action expect to be one of :ignore, :drop, and :fill'
         end
+
         sliced = str.chars.each_slice(n).map(&:join)
         case underfull_action
         when :drop
@@ -45,6 +47,7 @@ module Pwnlib
           remain = n - sliced.last.size
           fill_value = fill_value.to_s
           raise ArgumentError, 'fill_value must be a character' unless fill_value.size == 1
+
           sliced.last.concat(fill_value * remain)
         end
         sliced

data/lib/pwnlib/util/packing.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'pwnlib/context'
 
@@ -71,7 +72,8 @@ module Pwnlib
             end
           else
             if is_all
-              raise ArgumentError, "Can't pack negative number with bits='all' and signed=false" if number < 0
+              raise ArgumentError, "Can't pack negative number with bits='all' and signed=false" if number.negative?
+
               bits = number.zero? ? 8 : ((number.bit_length - 1) | 7) + 1
             end
 
@@ -197,6 +199,7 @@ module Pwnlib
           bytes = bits / 8
 
           raise ArgumentError, "data.size=#{data.size} must be a multiple of bytes=#{bytes}" if data.size % bytes != 0
+
           ret = []
           (data.size / bytes).times do |idx|
             x1 = idx * bytes
@@ -259,7 +262,7 @@ module Pwnlib
           v = case it
               when Array then flat(*it, **kwargs, &preprocessor)
               when Integer then p[it]
-              when String then it.force_encoding('ASCII-8BIT')
+              when String then it.dup.force_encoding('ASCII-8BIT') # dup in case 'it' is frozen
               else
                 raise ArgumentError, "flat does not support values of type #{it.class}"
               end

data/lib/pwnlib/util/ruby.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 module Pwnlib
   module Util

data/lib/pwnlib/version.rb

@@ -1,6 +1,7 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 module Pwnlib
   # version of pwntools-ruby
-  VERSION = '1.1.0'.freeze
+  VERSION = '1.2.0'
 end

data/test/abi_test.rb

@@ -1,4 +1,5 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'test_helper'
 

data/test/asm_test.rb

@@ -1,9 +1,11 @@
 # encoding: ASCII-8BIT
+# frozen_string_literal: true
 
 require 'test_helper'
 
 require 'pwnlib/asm'
 require 'pwnlib/shellcraft/shellcraft'
+require 'pwnlib/tubes/process'
 
 class AsmTest < MiniTest::Test
   include ::Pwnlib::Context
@@ -13,98 +15,88 @@ class AsmTest < MiniTest::Test
     @shellcraft = ::Pwnlib::Shellcraft::Shellcraft.instance
   end
 
-  def skip_windows
-    skip 'Not test asm/disasm on Windows' if TTY::Platform.new.windows?
-  end
+  def parse_sfile(filename)
+    File.read(filename).split("\n\n").each do |it|
+      lines = it.lines
+      metadata = {}
+      # First line of +lines+ might be the extra context setting
+      if lines.first.start_with?('# context: ')
+        # "# context: arch: a, endian: big"
+        # => { arch: 'a', endian: 'big' }
+        metadata = lines.shift.slice(11..-1)
+                        .split(',').map { |c| c.split(':', 2).map(&:strip) }
+                        .map { |k, v| [k.to_sym, v] }.to_h
+      end
+      comment, output = lines.partition { |l| l =~ /^\s*[;#]/ }.map(&:join)
+      next if output.empty?
+
+      output << "\n" unless output.end_with?("\n")
+      tests = output.lines.map do |l|
+        vma, hex_code, _dummy, inst = l.scan(/^\s*(\w+):\s{3}(([\da-f]{2}\s)+)\s+(.*)$/).first
+        [vma.to_i(16), hex_code.split.join, inst.strip]
+      end
 
-  def linux_only
-    skip 'ELF can only be executed on Linux' unless TTY::Platform.new.linux?
+      vma = tests.first.first
+      bytes = [tests.map { |l| l[1] }.join].pack('H*')
+      insts = tests.map(&:last)
+      yield(bytes, vma, insts, output, comment, **metadata)
+    end
   end
 
-  def test_i386_asm
-    skip_windows
-    context.local(arch: 'i386') do
-      assert_equal("\x90", Asm.asm('nop'))
-      assert_equal("\xeb\xfe", Asm.asm(@shellcraft.infloop))
-      assert_equal("jhh///sh/binj\x0bX\x89\xe31\xc9\x99\xcd\x80", Asm.asm(@shellcraft.sh))
-      # issue #51
-      assert_equal("j\x01\xfe\x0c$h\x01\x01\x01\x01\x814$\xf2\xf3\x0b\xfe",
-                   Asm.asm(@shellcraft.pushstr("\xf3\xf2\x0a\xff")))
+  # All tests of asm can be found under test/data/assembly/<arch>.s.
+  %w[aarch64 amd64 arm i386 mips mips64 powerpc powerpc64 sparc sparc64 thumb].each do |arch|
+    file = File.join(__dir__, 'data', 'assembly', arch + '.s')
+    # Defining methods dynamically makes proper error message shown when tests failed.
+    __send__(:define_method, "test_asm_#{arch}") do
+      skip_windows
+
+      context.local(arch: arch) do
+        parse_sfile(file) do |bytes, vma, insts, _output, comment, **ctx|
+          next if comment.include?('!skip asm')
+
+          context.local(**ctx) do
+            assert_equal(bytes, Asm.asm(insts.join("\n"), vma: vma))
+          end
+        end
+      end
     end
   end
 
-  def test_amd64_asm
+  def test_asm_unsupported
     skip_windows
-    context.local(arch: 'amd64') do
-      assert_equal("\x90", Asm.asm('nop'))
-      assert_equal("\xeb\xfe", Asm.asm(@shellcraft.infloop))
-      assert_equal("jhH\xb8/bin///sPj;XH\x89\xe71\xf6\x99\x0f\x05", Asm.asm(@shellcraft.sh))
-      assert_equal("j\x01\xfe\x0c$H\xb8\x01\x01\x01\x01\x01\x01\x01\x01PH\xb8\xfe\xfe\xfe\xfe\xfe\xfe\x0b\xfeH1\x04$",
-                   Asm.asm(@shellcraft.pushstr("\xff\xff\xff\xff\xff\xff\x0a\xff")))
+
+    err = context.local(arch: :vax) do
+      assert_raises(::Pwnlib::Errors::UnsupportedArchError) { Asm.asm('') }
     end
+    assert_equal('Asm on architecture "vax" is not supported yet.', err.message)
   end
 
-  def test_i386_disasm
-    skip_windows
-    context.local(arch: 'i386') do
-      str = Asm.disasm("h\x01\x01\x01\x01\x814$ri\x01\x011\xd2"\
-                       "Rj\x04Z\x01\xe2R\x89\xe2jhh///sh/binj\x0bX\x89\xe3\x89\xd1\x99\xcd\x80")
-      assert_equal(<<-EOS, str)
-   0:   68 01 01 01 01       push    0x1010101
-   5:   81 34 24 72 69 01 01 xor     dword ptr [esp], 0x1016972
-   c:   31 d2                xor     edx, edx
-   e:   52                   push    edx
-   f:   6a 04                push    4
-  11:   5a                   pop     edx
-  12:   01 e2                add     edx, esp
-  14:   52                   push    edx
-  15:   89 e2                mov     edx, esp
-  17:   6a 68                push    0x68
-  19:   68 2f 2f 2f 73       push    0x732f2f2f
-  1e:   68 2f 62 69 6e       push    0x6e69622f
-  23:   6a 0b                push    0xb
-  25:   58                   pop     eax
-  26:   89 e3                mov     ebx, esp
-  28:   89 d1                mov     ecx, edx
-  2a:   99                   cdq
-  2b:   cd 80                int     0x80
-      EOS
-      assert_equal(<<-EOS, Asm.disasm("\xb8\x5d\x00\x00\x00"))
-  0:   b8 5d 00 00 00 mov     eax, 0x5d
-      EOS
+  # All tests of disasm can be found under test/data/assembly/<arch>.s.
+  %w[aarch64 amd64 arm i386 mips mips64 powerpc64 sparc sparc64 thumb].each do |arch|
+    file = File.join(__dir__, 'data', 'assembly', arch + '.s')
+    # Defining methods dynamically makes proper error message shown when tests failed.
+    __send__(:define_method, "test_disasm_#{arch}") do
+      skip_windows
+
+      context.local(arch: arch) do
+        parse_sfile(file) do |bytes, vma, _insts, output, comment, **ctx|
+          next if comment.include?('!skip disasm')
+
+          context.local(**ctx) do
+            assert_equal(output, Asm.disasm(bytes, vma: vma))
+          end
+        end
+      end
     end
   end
 
-  def test_amd64_disasm
+  def test_disasm_unsupported
     skip_windows
-    context.local(arch: 'amd64') do
-      str = Asm.disasm("hri\x01\x01\x814$\x01\x01\x01\x011\xd2" \
-                       "Rj\x08ZH\x01\xe2RH\x89\xe2jhH\xb8/bin///sPj;XH\x89\xe7H\x89\xd6\x99\x0f\x05", vma: 0xfff)
-
-      assert_equal(<<-EOS, str)
-   fff:   68 72 69 01 01                push    0x1016972
-  1004:   81 34 24 01 01 01 01          xor     dword ptr [rsp], 0x1010101
-  100b:   31 d2                         xor     edx, edx
-  100d:   52                            push    rdx
-  100e:   6a 08                         push    8
-  1010:   5a                            pop     rdx
-  1011:   48 01 e2                      add     rdx, rsp
-  1014:   52                            push    rdx
-  1015:   48 89 e2                      mov     rdx, rsp
-  1018:   6a 68                         push    0x68
-  101a:   48 b8 2f 62 69 6e 2f 2f 2f 73 movabs  rax, 0x732f2f2f6e69622f
-  1024:   50                            push    rax
-  1025:   6a 3b                         push    0x3b
-  1027:   58                            pop     rax
-  1028:   48 89 e7                      mov     rdi, rsp
-  102b:   48 89 d6                      mov     rsi, rdx
-  102e:   99                            cdq
-  102f:   0f 05                         syscall
-      EOS
-      assert_equal(<<-EOS, Asm.disasm("\xb8\x17\x00\x00\x00"))
-  0:   b8 17 00 00 00 mov     eax, 0x17
-      EOS
+
+    err = context.local(arch: :vax) do
+      assert_raises(::Pwnlib::Errors::UnsupportedArchError) { Asm.disasm('') }
     end
+    assert_equal('Disasm on architecture "vax" is not supported yet.', err.message)
   end
 
   # To ensure coverage
@@ -115,8 +107,8 @@ class AsmTest < MiniTest::Test
     assert_match(/meow/, err.message)
   end
 
-  def make_elf_file(*args)
-    elf = Asm.make_elf(*args)
+  def make_elf_file(data, **kwargs)
+    elf = Asm.make_elf(data, **kwargs)
     stream = StringIO.new(elf)
     [elf, ::ELFTools::ELFFile.new(stream)]
   end
@@ -167,19 +159,17 @@ class AsmTest < MiniTest::Test
   # this test can be removed after method +run_shellcode+ being implemented
   def test_make_elf_and_run
     # run the ELF we created to make sure it works.
-    linux_only
+    linux_only 'ELF can only be executed on Linux'
 
     # test supported architecture
     {
-      i386: /08048000-08049000 r-xp/,
-      amd64: /00400000-00401000 r-xp/
+      i386: /08048000-08049000 rwxp/,
+      amd64: /00400000-00401000 rwxp/
     }.each do |arch, regexp|
       context.local(arch: arch) do
         data = Asm.asm(@shellcraft.cat('/proc/self/maps') + @shellcraft.syscall('SYS_exit', 0))
         Asm.make_elf(data) do |path|
-          Open3.popen2(path) do |_i, o, _t|
-            assert_match(regexp, o.gets)
-          end
+          assert_match(regexp, ::Pwnlib::Tubes::Process.new(path).gets)
         end
       end
     end