angr 9.2.146__py3-none-macosx_11_0_arm64.whl → 9.2.147__py3-none-macosx_11_0_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of angr might be problematic. Click here for more details.

Files changed (26) hide show
  1. angr/__init__.py +1 -1
  2. angr/analyses/bindiff.py +343 -68
  3. angr/analyses/cfg/cfg_arch_options.py +10 -0
  4. angr/analyses/cfg/cfg_base.py +39 -15
  5. angr/analyses/cfg/cfg_fast.py +19 -3
  6. angr/analyses/flirt/__init__.py +47 -0
  7. angr/analyses/flirt/consts.py +160 -0
  8. angr/analyses/{flirt.py → flirt/flirt.py} +99 -38
  9. angr/analyses/flirt/flirt_function.py +20 -0
  10. angr/analyses/flirt/flirt_matcher.py +351 -0
  11. angr/analyses/flirt/flirt_module.py +32 -0
  12. angr/analyses/flirt/flirt_node.py +23 -0
  13. angr/analyses/flirt/flirt_sig.py +356 -0
  14. angr/analyses/flirt/flirt_utils.py +31 -0
  15. angr/analyses/stack_pointer_tracker.py +34 -0
  16. angr/block.py +6 -6
  17. angr/engines/vex/heavy/concretizers.py +10 -0
  18. angr/flirt/__init__.py +15 -44
  19. angr/knowledge_plugins/functions/function.py +2 -2
  20. angr/lib/angr_native.dylib +0 -0
  21. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/METADATA +6 -7
  22. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/RECORD +26 -18
  23. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/WHEEL +1 -1
  24. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/LICENSE +0 -0
  25. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/entry_points.txt +0 -0
  26. {angr-9.2.146.dist-info → angr-9.2.147.dist-info}/top_level.txt +0 -0
angr/analyses/flirt/flirt_matcher.py ADDED
@@ -0,0 +1,351 @@
1
+ from __future__ import annotations
2
+ from typing import TYPE_CHECKING
3
+ from collections.abc import Callable
4
+
5
+ from .flirt_sig import FlirtSignatureParsed
6
+ from .flirt_node import FlirtNode
7
+ from .flirt_module import FlirtModule
8
+
9
+ if TYPE_CHECKING:
10
+ from angr.knowledge_plugins.functions import Function
11
+ from .flirt_function import FlirtFunction
12
+
13
+
14
+ # crc 16 with pre-computed table
15
+ crc16_table = [
16
+ 0x0000,
17
+ 0x1189,
18
+ 0x2312,
19
+ 0x329B,
20
+ 0x4624,
21
+ 0x57AD,
22
+ 0x6536,
23
+ 0x74BF,
24
+ 0x8C48,
25
+ 0x9DC1,
26
+ 0xAF5A,
27
+ 0xBED3,
28
+ 0xCA6C,
29
+ 0xDBE5,
30
+ 0xE97E,
31
+ 0xF8F7,
32
+ 0x1081,
33
+ 0x0108,
34
+ 0x3393,
35
+ 0x221A,
36
+ 0x56A5,
37
+ 0x472C,
38
+ 0x75B7,
39
+ 0x643E,
40
+ 0x9CC9,
41
+ 0x8D40,
42
+ 0xBFDB,
43
+ 0xAE52,
44
+ 0xDAED,
45
+ 0xCB64,
46
+ 0xF9FF,
47
+ 0xE876,
48
+ 0x2102,
49
+ 0x308B,
50
+ 0x0210,
51
+ 0x1399,
52
+ 0x6726,
53
+ 0x76AF,
54
+ 0x4434,
55
+ 0x55BD,
56
+ 0xAD4A,
57
+ 0xBCC3,
58
+ 0x8E58,
59
+ 0x9FD1,
60
+ 0xEB6E,
61
+ 0xFAE7,
62
+ 0xC87C,
63
+ 0xD9F5,
64
+ 0x3183,
65
+ 0x200A,
66
+ 0x1291,
67
+ 0x0318,
68
+ 0x77A7,
69
+ 0x662E,
70
+ 0x54B5,
71
+ 0x453C,
72
+ 0xBDCB,
73
+ 0xAC42,
74
+ 0x9ED9,
75
+ 0x8F50,
76
+ 0xFBEF,
77
+ 0xEA66,
78
+ 0xD8FD,
79
+ 0xC974,
80
+ 0x4204,
81
+ 0x538D,
82
+ 0x6116,
83
+ 0x709F,
84
+ 0x0420,
85
+ 0x15A9,
86
+ 0x2732,
87
+ 0x36BB,
88
+ 0xCE4C,
89
+ 0xDFC5,
90
+ 0xED5E,
91
+ 0xFCD7,
92
+ 0x8868,
93
+ 0x99E1,
94
+ 0xAB7A,
95
+ 0xBAF3,
96
+ 0x5285,
97
+ 0x430C,
98
+ 0x7197,
99
+ 0x601E,
100
+ 0x14A1,
101
+ 0x0528,
102
+ 0x37B3,
103
+ 0x263A,
104
+ 0xDECD,
105
+ 0xCF44,
106
+ 0xFDDF,
107
+ 0xEC56,
108
+ 0x98E9,
109
+ 0x8960,
110
+ 0xBBFB,
111
+ 0xAA72,
112
+ 0x6306,
113
+ 0x728F,
114
+ 0x4014,
115
+ 0x519D,
116
+ 0x2522,
117
+ 0x34AB,
118
+ 0x0630,
119
+ 0x17B9,
120
+ 0xEF4E,
121
+ 0xFEC7,
122
+ 0xCC5C,
123
+ 0xDDD5,
124
+ 0xA96A,
125
+ 0xB8E3,
126
+ 0x8A78,
127
+ 0x9BF1,
128
+ 0x7387,
129
+ 0x620E,
130
+ 0x5095,
131
+ 0x411C,
132
+ 0x35A3,
133
+ 0x242A,
134
+ 0x16B1,
135
+ 0x0738,
136
+ 0xFFCF,
137
+ 0xEE46,
138
+ 0xDCDD,
139
+ 0xCD54,
140
+ 0xB9EB,
141
+ 0xA862,
142
+ 0x9AF9,
143
+ 0x8B70,
144
+ 0x8408,
145
+ 0x9581,
146
+ 0xA71A,
147
+ 0xB693,
148
+ 0xC22C,
149
+ 0xD3A5,
150
+ 0xE13E,
151
+ 0xF0B7,
152
+ 0x0840,
153
+ 0x19C9,
154
+ 0x2B52,
155
+ 0x3ADB,
156
+ 0x4E64,
157
+ 0x5FED,
158
+ 0x6D76,
159
+ 0x7CFF,
160
+ 0x9489,
161
+ 0x8500,
162
+ 0xB79B,
163
+ 0xA612,
164
+ 0xD2AD,
165
+ 0xC324,
166
+ 0xF1BF,
167
+ 0xE036,
168
+ 0x18C1,
169
+ 0x0948,
170
+ 0x3BD3,
171
+ 0x2A5A,
172
+ 0x5EE5,
173
+ 0x4F6C,
174
+ 0x7DF7,
175
+ 0x6C7E,
176
+ 0xA50A,
177
+ 0xB483,
178
+ 0x8618,
179
+ 0x9791,
180
+ 0xE32E,
181
+ 0xF2A7,
182
+ 0xC03C,
183
+ 0xD1B5,
184
+ 0x2942,
185
+ 0x38CB,
186
+ 0x0A50,
187
+ 0x1BD9,
188
+ 0x6F66,
189
+ 0x7EEF,
190
+ 0x4C74,
191
+ 0x5DFD,
192
+ 0xB58B,
193
+ 0xA402,
194
+ 0x9699,
195
+ 0x8710,
196
+ 0xF3AF,
197
+ 0xE226,
198
+ 0xD0BD,
199
+ 0xC134,
200
+ 0x39C3,
201
+ 0x284A,
202
+ 0x1AD1,
203
+ 0x0B58,
204
+ 0x7FE7,
205
+ 0x6E6E,
206
+ 0x5CF5,
207
+ 0x4D7C,
208
+ 0xC60C,
209
+ 0xD785,
210
+ 0xE51E,
211
+ 0xF497,
212
+ 0x8028,
213
+ 0x91A1,
214
+ 0xA33A,
215
+ 0xB2B3,
216
+ 0x4A44,
217
+ 0x5BCD,
218
+ 0x6956,
219
+ 0x78DF,
220
+ 0x0C60,
221
+ 0x1DE9,
222
+ 0x2F72,
223
+ 0x3EFB,
224
+ 0xD68D,
225
+ 0xC704,
226
+ 0xF59F,
227
+ 0xE416,
228
+ 0x90A9,
229
+ 0x8120,
230
+ 0xB3BB,
231
+ 0xA232,
232
+ 0x5AC5,
233
+ 0x4B4C,
234
+ 0x79D7,
235
+ 0x685E,
236
+ 0x1CE1,
237
+ 0x0D68,
238
+ 0x3FF3,
239
+ 0x2E7A,
240
+ 0xE70E,
241
+ 0xF687,
242
+ 0xC41C,
243
+ 0xD595,
244
+ 0xA12A,
245
+ 0xB0A3,
246
+ 0x8238,
247
+ 0x93B1,
248
+ 0x6B46,
249
+ 0x7ACF,
250
+ 0x4854,
251
+ 0x59DD,
252
+ 0x2D62,
253
+ 0x3CEB,
254
+ 0x0E70,
255
+ 0x1FF9,
256
+ 0xF78F,
257
+ 0xE606,
258
+ 0xD49D,
259
+ 0xC514,
260
+ 0xB1AB,
261
+ 0xA022,
262
+ 0x92B9,
263
+ 0x8330,
264
+ 0x7BC7,
265
+ 0x6A4E,
266
+ 0x58D5,
267
+ 0x495C,
268
+ 0x3DE3,
269
+ 0x2C6A,
270
+ 0x1EF1,
271
+ 0x0F78,
272
+ ]
273
+
274
+
275
+ def crc16(data: bytes) -> int:
276
+ crc = 0xFFFF
277
+ for byte in data:
278
+ crc = (crc >> 8) ^ crc16_table[(crc ^ byte) & 0xFF]
279
+ crc ^= 0xFFFF
280
+ # swap endianness
281
+ return ((crc & 0xFF) << 8) | ((crc & 0xFF00) >> 8)
282
+
283
+
284
+ class FlirtMatcher:
285
+ """
286
+ A class that matches functions in a binary using FLIRT signatures.
287
+ """
288
+
289
+ def __init__(
290
+ self,
291
+ sig: FlirtSignatureParsed,
292
+ func: Function,
293
+ get_callee_name: Callable[
294
+ [Function, int, int, str],
295
+ str | None,
296
+ ],
297
+ func_matched: Callable[[Function, int, FlirtFunction], None],
298
+ mismatch_bytes_tolerance: int = 0,
299
+ ):
300
+ self.sig = sig
301
+ self.func = func
302
+ self.get_callee_name = get_callee_name
303
+ self.func_matched = func_matched
304
+ self.mismatch_bytes_tolerance: int = mismatch_bytes_tolerance
305
+
306
+ def match_function(self, buff: bytes, addr: int) -> bool:
307
+ assert self.sig.root is not None
308
+ return any(self._match_node(node, buff, addr, 0, 0) for node in self.sig.root.children)
309
+
310
+ def _match_node(self, node: FlirtNode, buff: bytes, addr: int, offset: int, mismatches: int) -> bool:
311
+ if len(buff) < offset + len(node.pattern):
312
+ return False
313
+ for i in range(len(node.pattern)): # pylint:disable=consider-using-enumerate
314
+ if node.pattern[i] != -1 and node.pattern[i] != buff[offset + i]:
315
+ mismatches += 1
316
+ if mismatches > self.mismatch_bytes_tolerance:
317
+ return False
318
+ if mismatches <= self.mismatch_bytes_tolerance:
319
+ # a matching node is found
320
+ for child in node.children:
321
+ if self._match_node(child, buff, addr, offset + node.length, mismatches):
322
+ return True
323
+ for module in node.modules:
324
+ if self._match_module(module, buff, addr, offset + node.length):
325
+ return True
326
+ return False
327
+
328
+ def _match_module(self, module: FlirtModule, buff: bytes, addr: int, offset: int) -> bool:
329
+ offset = max(offset, 32)
330
+ if module.crc_len > len(buff) - offset:
331
+ return False
332
+ crc = crc16(buff[offset : offset + module.crc_len]) if module.crc_len > 0 else 0
333
+ if crc != module.crc:
334
+ return False
335
+
336
+ # tail bytes
337
+ for off, b in module.tail_bytes:
338
+ if len(buff) <= offset + off or buff[offset + off] != b:
339
+ return False
340
+
341
+ # referenced functions
342
+ for ref_func in module.ref_funcs:
343
+ call_addr = addr + offset + ref_func.offset
344
+ callee_name = self.get_callee_name(self.func, addr, call_addr, ref_func.name)
345
+ if callee_name != ref_func.name:
346
+ return False
347
+
348
+ for func in module.pub_funcs:
349
+ self.func_matched(self.func, addr, func)
350
+
351
+ return True
angr/analyses/flirt/flirt_module.py ADDED
@@ -0,0 +1,32 @@
1
+ from __future__ import annotations
2
+ from .flirt_function import FlirtFunction
3
+
4
+
5
+ class FlirtModule:
6
+ """
7
+ Describes a module in a FLIRT signature.
8
+ """
9
+
10
+ __slots__ = ("crc", "crc_len", "length", "pub_funcs", "ref_funcs", "tail_bytes")
11
+
12
+ def __init__(
13
+ self,
14
+ length: int,
15
+ crc_len: int,
16
+ crc: int,
17
+ pub_funcs: list[FlirtFunction],
18
+ ref_funcs: list[FlirtFunction],
19
+ tail_bytes: list[tuple[int, int]],
20
+ ):
21
+ self.length = length
22
+ self.crc_len = crc_len
23
+ self.crc = crc # CRC16
24
+ self.pub_funcs = pub_funcs
25
+ self.ref_funcs = ref_funcs
26
+ self.tail_bytes = tail_bytes
27
+
28
+ def __repr__(self) -> str:
29
+ return (
30
+ f"<FlirtModule: length={self.length}, crc_len={self.crc_len}, crc={self.crc}, "
31
+ f"pub_funcs={self.pub_funcs}, ref_funcs={self.ref_funcs}, tail_bytes={self.tail_bytes}>"
32
+ )
angr/analyses/flirt/flirt_node.py ADDED
@@ -0,0 +1,23 @@
1
+ from __future__ import annotations
2
+ from .flirt_module import FlirtModule
3
+
4
+
5
+ class FlirtNode:
6
+ """
7
+ Describes a tree node in the FLIRT signature tree.
8
+ """
9
+
10
+ __slots__ = ("children", "length", "modules", "pattern")
11
+
12
+ def __init__(self, children: list[FlirtNode], modules: list[FlirtModule], length: int, pattern: list[int]):
13
+ self.children = children
14
+ self.modules = modules
15
+ self.length = length
16
+ self.pattern = pattern
17
+
18
+ @property
19
+ def leaf(self) -> bool:
20
+ return not self.children
21
+
22
+ def __repr__(self) -> str:
23
+ return f"<FlirtNode length={self.length} leaf={self.leaf}>"