Python r2pipe.open() Examples
The following are 30
code examples of r2pipe.open().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
r2pipe
, or try the search function
.
.
Example #1
| Source File: function_handler.py From Firmware_Slap with GNU General Public License v3.0 | 7 votes |
|
def get_function_information(file_name):
func_list = []
r2_ins = r2pipe.open(file_name, flags=["-2"])
'''
Commands = ['aa', 'afr', '& aap', '& aac', '& aar', '& aaE',
'& aaf', '& aas', '& aae', '& aav', '&&', 'afva', 'afta']
for command in tqdm(Commands, desc="Analysis Running"):
r2_ins.cmd(command)
'''
r2_ins.cmd('aaa')
try:
func_list = r2_ins.cmdj('aflj')
except:
func_list = []
r2_ins.quit()
return func_list
Example #2
| Source File: pimp.py From pimp with GNU General Public License v3.0 | 6 votes |
|
def __init__(self, name):
self.name = name
self.r2 = r2pipe.open()
bininfo = self.r2.cmdj("ij")["bin"]
self.arch = bininfo["arch"]
self.bits = bininfo["bits"]
self.regs = self.r2.cmdj("drlj")
self.switch_flagspace(self.name)
self.sections = self.get_sections()
imports = self.get_imports()
self.imports = {}
for imp in imports:
self.imports[imp["plt"]] = imp["name"]
exports = self.get_exports()
self.exports = {}
for exp in exports:
self.exports[exp["name"]] = exp["vaddr"]
Example #3
| Source File: solve_chicken.py From angr-doc with BSD 2-Clause "Simplified" License | 6 votes |
|
def main():
print(solve("df8737d9d5aee3cee6320e7313414458fdfb10552a8e6c8ea45753102ba4509a"))
return
import os
for i, filename in enumerate(os.listdir("bc9cd8ff91a55ecee73caf85c3d55e45")):
if i % 8 != int(sys.argv[1]):
continue
solution_file = "%s.solution" % filename
if os.path.exists(solution_file):
continue
print(i, filename)
try:
sol = solve(filename)
if not sol:
continue
except ValueError:
print("oops failed on %s" % filename)
continue
# data = sol.encode("base64")
with open(solution_file, "wb") as f:
f.write(sol)
#print("Send this:" + data)
#sock.send(data + "\n")
Example #4
| Source File: occult.py From angr-doc with BSD 2-Clause "Simplified" License | 6 votes |
|
def main():
import os
for i, filename in enumerate(os.listdir("occult_dist")):
if i % 8 != int(sys.argv[1]):
continue
solution_file = "%s.solution" % filename
if os.path.exists(solution_file):
continue
print(i, filename)
try:
sol = solve(filename)
except ValueError:
print("oops failed on %s" % filename)
continue
# data = sol.encode("base64")
with open(solution_file, "wb") as f:
f.write(sol)
#print("Send this:" + data)
#sock.send(data + "\n")
Example #5
| Source File: r2parser.py From metame with MIT License | 6 votes |
|
def __init__(self, filename, anal, debug=False, force_replace=False, write=False):
self.debug = debug
self.force = force_replace
flags = []
if write:
flags.append("-w")
print("[INFO] Opening file with r2")
self.r2 = r2pipe.open(filename, flags)
info = json.loads(self.r2.cmd("ij").replace("\\", "\\\\"))
if "bin" not in info.keys():
raise Exception("[ERROR] File type not supported")
if not info["bin"]["bits"] in constants.supported_bits or \
not info["bin"]["arch"] in constants.supported_archs:
raise Exception("[ERROR] Architecture not supported")
self.arch = info["bin"]["arch"]
self.bits = info["bin"]["bits"]
if anal:
print("[INFO] Analyzing functions with r2")
self.r2.cmd("aaa")
Example #6
| Source File: utils.py From flashre with GNU Lesser General Public License v3.0 | 6 votes |
|
def cache(filename):
"""
A simple decorator to cache results to disk.
"""
def decorator(func):
"""Note: it is the function that is finally returned"""
def cached_function(*args):
"""Note: needed to access the returned value"""
try:
return pickle.load(open(filename, "r"))
except IOError:
value = func(*args)
pickle.dump(value, open(filename, "w"))
return value
return cached_function
return decorator
Example #7
| Source File: r2_bin_carver.py From radare2-scripts with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def main():
parser = argparse.ArgumentParser(description='Carve binaries from MiniDumps.')
parser.add_argument('dmp', help='The MiniDump file to carve from')
parser.add_argument('offset', help='Offset to carve from')
parser.add_argument('size', help='Size of binary to carve')
parser.add_argument('-b', type=str, help='Magic bytes to check for, e.g. MZ')
parser.add_argument('-p', '--patch', action='store_true', help='Patch carved PE files')
args = parser.parse_args()
# FIXME: Won't redirect r2pipe, will have to 2>/dev/null for now!
f = open(os.devnull, 'w')
sys.stderr = f
output_file = carve(args.dmp, args.offset, args.size, args.b)
if args.patch:
patch(output_file)
Example #8
| Source File: r2_bin_carver.py From radare2-scripts with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def carve(file_path, offset, size, magic=None):
r2 = r2pipe.open(file_path, ['-z'])
if magic:
magic_bytes = hexlify(bytes(magic, 'ascii'))
print('[+] Checking for magic: %s - %x' % (magic, int(magic_bytes, 16)))
header = r2.cmd("p8 %x @ %s" % (len(magic), offset))
if bytes(header, 'ascii') != magic_bytes:
print("[+] No magic found, exiting...")
exit()
else:
print("[+] Magic found, carving...")
r2.cmd("s %s" % (offset))
r2.cmd('wtf %s.%s %s' % (file_path, offset, size))
print("[+] Carving to %s.%s" % (file_path, offset))
return '%s.%s' % (file_path, offset)
Example #9
| Source File: utils.py From flashre with GNU Lesser General Public License v3.0 | 6 votes |
|
def get_r2pipe(filename, offset, options=None):
"""
Get a r2pipe handle ready to analyse a flashair binary.
"""
# Set the miasm architecture
os.putenv("R2M2_ARCH", "mepl")
# Use the r2m2 architecture
default_options = ["-a", "r2m2"]
# Map the binary at a given location
default_options += ["-m", hex(offset)]
# Decrease r2 verbosity
default_options += ["-e", "bin.verbose=false"]
# Add user specified options
if isinstance(options, list):
default_options += options
return r2pipe.open(filename, default_options)
Example #10
| Source File: static_analysis.py From LiSa with Apache License 2.0 | 6 votes |
|
def run_analysis(self):
"""Main analysis method.
:returns: Dictionary containing analysis results.
"""
log.info('Static Analysis started.')
# start radare2
self._r2 = r2pipe.open(self._file.path, ['-2'])
self._r2.cmd('aaa')
# binary info
self._r2_info()
# strings
self._load_strings()
self._r2.quit()
log.info('Static Analysis finished.')
return self._output
Example #11
| Source File: main.py From sonare with MIT License | 5 votes |
|
def __init__(self):
# open empty, we'll open files later
self.r2 = r2pipe.open('--')
self.opcodeAddrs = []
Example #12
| Source File: r2_keeper.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def gets(f, cmd):
if f in files.keys():
handle = files[f]
else:
handle = r2pipe.open(f, ['-2'])
files[f] = handle
entry[f] = handle.cmd("s")
handle.cmd('e anal.bb.maxsize=10000')
handle.cmd('aac*')
out = handle.cmd(cmd)
return out
Example #13
| Source File: PRG_analysis.py From ICSREF with MIT License | 5 votes |
|
def __find_io(self):
"""
Find program INPUTS and OUTPUTS based on TRG information
Assumes I/O memory locations will appear as direct offsets in the program
and are kind of unique
"""
# Read data from TRG file
with open(trg_file, 'r') as f:
trg_data = f.readlines()
# Search for hex
hex_pattern = re.compile('([0-9a-fA-F])*')
# Find input_start, output_start, input_size, output_size
for line in trg_data:
if 'BaseAddressOfInputSegment' in line:
input_start = re.search(hex_pattern, line.split('=')[1].replace('16#','')).group(0)
input_start = int(input_start, 16)
if 'BaseAddressOfOutputSegment' in line:
output_start = re.search(hex_pattern, line.split('=')[1].replace('16#','')).group(0)
output_start = int(output_start, 16)
if 'SizeOfInputSegment' in line:
input_size = re.search(hex_pattern, line.split('=')[1].replace('16#','')).group(0)
input_size = int(input_size, 16)
if 'SizeOfOutputSegment' in line:
output_size = re.search(hex_pattern, line.split('=')[1].replace('16#','')).group(0)
output_size = int(output_size, 16)
# Find inputs/outputs offsets in the code
self.inputs = {}
self.outputs = {}
for i in range(input_start, input_start + input_size, 1):
match = self.__allindices(self.hexdump, struct.pack('<I', i))
if match:
self.inputs[hex(i)]=[hex(k) for k in match]
for i in range(output_start, output_start + output_size, 1):
match = self.__allindices(self.hexdump, struct.pack('<I', i))
if match:
self.outputs[hex(i)]=[hex(k) for k in match]
return 0
Example #14
| Source File: PRG_analysis.py From ICSREF with MIT License | 5 votes |
|
def __find_functions(self):
"""
Produces disassembly listings for all functions
"""
# Open an r2pipe to radare2 \m/
r2=r2pipe.open(self.path)
# Set r2 architecture configuration - Processor specific
r2.cmd('e asm.arch=arm; e asm.bits=32; e cfg.bigendian=false')
# Instantiate Functions
for i in range(len(self.FunctionBoundaries)):
# Code disassembly
# Start: MOV, STMFD, MOV
start_code = self.FunctionBoundaries[i][0]
# Stop: LDMDB
stop_code = self.FunctionBoundaries[i][1]
length_code = stop_code - start_code
disasm_code = r2.cmd('b {}; pD @{}'.format(length_code ,start_code))
# Add spaces for formating purposes and consistency in disassembly string
disasm_code = (12 * ' ' + disasm_code).split('\n')
# Add data
# Start at code stop
start_data = stop_code
# Stop at beginning of next (or special case for last function from header)
if i == len(self.FunctionBoundaries)-1:
stop_data = self.program_end
else:
stop_data = self.FunctionBoundaries[i+1][0]
length_data = stop_data - start_data
# Data disassembly
disasm_data = r2.cmd('pxr {} @{}'.format(length_data ,start_data))
disasm_data = disasm_data.split('\n')
# Disassembly formating
for i,line in enumerate(disasm_data):
disasm_data[i] = ' {} {} {}'.format(line[:11], line[14:23], line [14:])
disasm = disasm_code + disasm_data
self.Functions.append(Function(self.path, start_code, stop_data, self.hexdump[start_code:stop_data], disasm))
r2.quit()
return 0
Example #15
| Source File: PRG_analysis.py From ICSREF with MIT License | 5 votes |
|
def __find_statlibs(self):
entry_offset = self.Functions[-1].start
stop_offset = self.FunctionBoundaries[-1][1]-8
funs = [x for x, _ in self.FunctionBoundaries]
# Change 0x2000 location of writing address in OUTRO with 0x10000000 to not overwrite code
code_start = '\x00\x20\x00\x00'
with open('temphexdump.bin', 'w') as f:
hexdump_mod = self.hexdump.replace(code_start, '\x00\x00\x00\x10')
f.write(hexdump_mod)
proj = angr.Project('temphexdump.bin', load_options={'main_opts': {'backend': 'blob', 'custom_base_addr': 0, 'custom_arch':'ARMEL', 'custom_entry_point':0x50}, 'auto_load_libs':False})
state = proj.factory.entry_state()
state.regs.pc = entry_offset
simgr = proj.factory.simulation_manager(state)
# Initialize some (0xFF) mem locations so taht execution doesn't jump to end.
for i in range(0,0xFF,4):
simgr.active[0].mem[simgr.active[0].regs.r0 + i].long = 0xFFFFFFFF
# Run the code to create the static offsets in memory
simgr.explore(find=stop_offset)
statlibs = {}
i = 0
while len(statlibs) < len(funs) - 1:
mem_val = state.solver.eval(simgr.found[0].mem[simgr.found[0].regs.r1 + i].int.resolved)
if mem_val in funs:
statlibs[i + 8] = 'sub_{:x}'.format(mem_val)
i += 4
os.remove('temphexdump.bin')
return statlibs
Example #16
| Source File: PRG_analysis.py From ICSREF with MIT License | 5 votes |
|
def __read_file(self):
"""
Reads hexdump from file
"""
with open(self.path, 'rb') as f_in:
file_bytes = f_in.read()
return file_bytes
Example #17
| Source File: PRG_analysis.py From ICSREF with MIT License | 5 votes |
|
def __save_object(self):
"""
Serializes the object instance and saves it to a file using the dill module
"""
# Create directory for output results
path = os.path.join('results', self.name)
try:
os.makedirs(path)
except OSError:
if not os.path.isdir(path):
raise
dat_f = os.path.join(path, '{}_init_analysis.dat'.format(self.name))
with open(dat_f, 'w') as f:
dill.dump(self, f)
Example #18
| Source File: apk.py From fufluns with GNU General Public License v3.0 | 5 votes |
|
def _apk_analysis(apk):
pipes = []
try:
extract_apk(apk)
dexes = glob.glob(os.path.join(apk.unzip, "*.dex"))
for dex in dexes:
apk.logger.notify("opening {}.".format(os.path.basename(dex)))
r2 = r2pipe.open(dex)
if r2 is None:
apk.logger.error("cannot open file {}.".format(os.path.basename(dex)))
continue
r2.filename = dex
pipes.append(r2)
if len(pipes) < 1:
_cleanup(apk, pipes, False)
return
for file in os.listdir(os.path.join(os.path.dirname(__file__), "tests")):
if file == "__init__.py" or not file.endswith('.py'):
continue
modpath = 'android.tests.' + os.path.splitext(file)[0]
mod = importlib.import_module(modpath)
apk.logger.notify(mod.name_test())
mod.run_tests(apk, pipes, utils, r2help, au)
except Exception as ex:
_cleanup(apk, pipes, True)
raise ex
_cleanup(apk, pipes, False)
apk.done.set(True)
Example #19
| Source File: ipa.py From fufluns with GNU General Public License v3.0 | 5 votes |
|
def _ipa_analysis(ipa):
ipa.logger.notify("opening ipa.")
try:
with zipfile.ZipFile(ipa.filename, "r") as zip_ref:
zip_ref.extractall(ipa.directory)
except Exception:
ipa.logger.error("cannot unzip file.")
_cleanup(ipa, None, False)
return
r2 = r2pipe.open("ipa://" + ipa.filename)
if r2 is None:
ipa.logger.error("cannot open file.")
_cleanup(ipa, None, False)
return
for file in os.listdir(os.path.join(os.path.dirname(__file__), "tests")):
if file == "__init__.py" or not file.endswith('.py'):
continue
try:
modpath = 'ios.tests.' + os.path.splitext(file)[0]
mod = importlib.import_module(modpath)
ipa.logger.notify(mod.name_test())
mod.run_tests(ipa, r2, utils, r2help)
except Exception as e:
_cleanup(ipa, r2, True)
raise e
_cleanup(ipa, r2, False)
ipa.done.set(True)
Example #20
| Source File: Easy_Pickings.py From Easy-Pickings with GNU General Public License v3.0 | 5 votes |
|
def get_functions(binary):
print("[~] Using Radare2 to build function list...")
r2 = r2pipe.open(binary)
r2.cmd('aaaa')
return [func for func in json.loads(r2.cmd('aflj'))]
Example #21
| Source File: input_vectors_r2.py From FACT_core with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, path_to_elf: str, config: dict):
self.config = config
self.api = r2pipe.open(path_to_elf)
Example #22
| Source File: winFunctionDetector.py From Zeratool with GNU General Public License v3.0 | 5 votes |
|
def getWinFunctions(binary_name):
winFunctions = {}
#Initilizing r2 with with function call refs (aac)
r2 = r2pipe.open(binary_name)
r2.cmd('aaa')
functions = [func for func in json.loads(r2.cmd('aflj'))]
#Check for function that gives us system(/bin/sh)
for func in functions:
if 'system' in str(func['name']):
system_name = func['name']
#Get XREFs
refs = [func for func in json.loads(r2.cmd('axtj @ {}'.format(system_name)))]
for ref in refs:
if 'fcn_name' in ref:
winFunctions[ref['fcn_name']] = ref
#Check for function that reads flag.txt
#Then prints flag.txt to STDOUT
known_flag_names = ["flag","pass"]
strings = [string for string in json.loads(r2.cmd('izj'))]
for string in strings:
value = string['string']
if any([x in value for x in known_flag_names]):
address = string['vaddr']
#Get XREFs
refs = [func for func in json.loads(r2.cmd('axtj @ {}'.format(address)))]
for ref in refs:
if 'fcn_name' in ref:
winFunctions[ref['fcn_name']] = ref
for k,v in winFunctions.items():
print("[+] Found win function {}".format(k))
return winFunctions
Example #23
| Source File: overflowExploiter.py From Zeratool with GNU General Public License v3.0 | 5 votes |
|
def getRegValues(filename,endAddr):
r2 = r2pipe.open(filename)
r2.cmd('doo')
r2.cmd('dcu {}'.format(endAddr))
regs = json.loads(r2.cmd('drj'))
r2.quit()
return regs
Example #24
| Source File: overflowExploiter.py From Zeratool with GNU General Public License v3.0 | 5 votes |
|
def findShellcode(filename,endAddr,shellcode,commandInput):
hex_str = shellcode[:4].encode('hex')
abs_path = os.path.abspath(filename)
#If you know a better way to direct stdin please let me know
os.system('env > temp.env')
with open('command.input','w') as f:
f.write(commandInput)
with open('temp.rr2','w') as f:
f.write("program={}\nstdin=command.input\nenvfile={}\n".format(filename,"temp.env"))
# f.write("program={}\nstdin=command.input\nclearenv=true\nenvfile={}\n".format(abs_path,"temp.env"))
r2 = r2pipe.open(filename)
r2.cmd('e dbg.profile = temp.rr2')
r2.cmd('ood')
r2.cmd('dcu {}'.format(endAddr))
r2.cmd('s ebp')
r2.cmd('e search.maxhits =1')
r2.cmd('e search.in=dbg.map') #Need to specify this for r2pipe
loc = json.loads(r2.cmd('/xj {}'.format(hex_str)))
#Cleaning up
if os.path.exists('command.input'):
os.remove('command.input')
if os.path.exists('temp.rr2'):
os.remove('temp.rr2')
if os.path.exists('temp.env'):
os.remove('temp.env')
return loc
Example #25
| Source File: occult.py From angr-doc with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_symbol_addr(s, symbol_name):
r2 = r2pipe.open("occult_dist/%s" % s)
symbols = r2.cmdj("isj")
symbol = next(iter(symbol for symbol in symbols if symbol['name'] == symbol_name))
return symbol['vaddr'] + 0x400000
Example #26
| Source File: solve_chicken.py From angr-doc with BSD 2-Clause "Simplified" License | 5 votes |
|
def get_symbol_addr(s, symbol_name):
r2 = r2pipe.open("bc9cd8ff91a55ecee73caf85c3d55e45/%s" % s)
symbols = r2.cmdj("isj")
symbol = next(iter(symbol for symbol in symbols if symbol['name'] == symbol_name))
return symbol['vaddr']
Example #27
| Source File: syms2elf.py From syms2elf with GNU General Public License v3.0 | 5 votes |
|
def save(self, output):
with open(output, 'wb') as f:
f.write(self.binary)
Example #28
| Source File: main.py From sonare with MIT License | 5 votes |
|
def open(self, path):
# not using 'oc' command because it resets r2's -q flag, don't know what
# else.
# close all
self.cmd('o--')
# then open the new file
# TODO: escaping?
self.cmd('o {}', path)
self.analyze()
self.opcodeAddrs = self._getOpcodeAddrs()
self.symbolFlags = SortedListWithKey(self.getFlags('symbols'),
key=lambda f: f['offset'])
Example #29
| Source File: main.py From sonare with MIT License | 5 votes |
|
def __init__(self, path):
QMainWindow.__init__(self)
self.setMinimumSize(QSize(600, 400))
self.font = QFont(self.FONT_NAME, self.FONT_SIZE)
self.fontMetrics = QFontMetricsF(self.font)
palette = self.palette()
# palette.setColor(QPalette.Window, self.WINDOW_COLOR)
# palette.setColor(QPalette.WindowText, self.DEFAULT_TEXT_COLOR)
palette.setColor(QPalette.Base, self.BG_COLOR)
palette.setColor(QPalette.Text, self.DEFAULT_TEXT_COLOR)
self.setPalette(palette)
self._makeMenus()
self.core = Core()
self.open(path)
self._makeScene()
self._makeFlagList()
self.funcName = None
self._updateWindowTitle()
Example #30
| Source File: main.py From sonare with MIT License | 5 votes |
|
def open(self, path):
self.core.open(path)
self.filePath = path
arch = self.core.getR2Cfg('asm.arch')
if arch == 'x86':
self.asmFormatter = X86AsmFormatter(self)
elif arch == 'mips':
self.asmFormatter = MipsAsmFormatter(self)
else:
raise NotImplementedError("asm formatting for {}".format(arch))
