├── doc ├── manual │ ├── apidoc │ │ └── .gitignore │ ├── source │ │ ├── tutorial │ │ │ └── images │ │ │ │ └── constraint3_cfg.png │ │ ├── introduction │ │ │ └── index.rst │ │ └── installation │ │ │ └── index.rst │ └── index.rst ├── papers │ └── barf.pdf └── presentations │ └── barfing-gadgets.ekoparty2014.es.pdf ├── MANIFEST.in ├── examples ├── misc │ ├── samples │ │ ├── bin │ │ │ ├── loop2.arm │ │ │ ├── loop2.x86 │ │ │ ├── branch4.arm │ │ │ ├── branch4.x86 │ │ │ ├── branch4.arm_thumb │ │ │ ├── constraint1.arm │ │ │ ├── constraint1.x86 │ │ │ ├── constraint3.x86 │ │ │ ├── example1.x86_64 │ │ │ ├── loop-simple1.arm │ │ │ ├── loop-simple1.x86 │ │ │ ├── loop-simple1.x86_64 │ │ │ └── loop-simple1.arm_thumb │ │ ├── src │ │ │ ├── constraint1.c │ │ │ ├── loop2.c │ │ │ ├── branch4.c │ │ │ ├── example1.c │ │ │ ├── constraint3.c │ │ │ └── loop-simple1.c │ │ └── Makefile │ ├── recover_cfg.py │ ├── translate_code.py │ ├── check_constraints.x86.py │ ├── check_constraints.arm.py │ ├── emulate_code.py │ └── find_and_emulate.x86.py ├── flareon-2015 │ └── 2 │ │ ├── bin │ │ └── very_success │ │ ├── cfg │ │ ├── sub_401000.png │ │ └── sub_401084.png │ │ ├── solve.py │ │ └── README.md └── kaos-toy-project │ ├── bin │ └── toyproject.exe │ └── README.md ├── tests ├── arch │ ├── samples │ │ ├── bin │ │ │ ├── loop-simple.arm │ │ │ ├── loop-simple.x86 │ │ │ ├── loop-simple.x86_64 │ │ │ └── loop-simple.arm_thumb │ │ ├── src │ │ │ └── loop-simple.c │ │ └── Makefile │ ├── __init__.py │ ├── arm │ │ ├── __init__.py │ │ ├── translators │ │ │ ├── __init__.py │ │ │ ├── test_branch.py │ │ │ ├── test_loadstore.py │ │ │ └── test_data.py │ │ └── test_armparser.py │ ├── x86 │ │ ├── __init__.py │ │ ├── translators │ │ │ ├── __init__.py │ │ │ ├── test_misc.py │ │ │ ├── test_string.py │ │ │ ├── test_logical.py │ │ │ └── test_control.py │ │ └── test_x86parser.py │ └── test_emulator.py ├── analysis │ ├── graphs │ │ ├── data │ │ │ ├── bin │ │ │ │ ├── x86_sample_1 │ │ │ │ └── x86_sample_2 │ │ │ ├── src │ │ │ │ ├── x86_sample_1.c │ │ │ │ └── x86_sample_2.c │ │ │ └── Makefile │ │ └── __init__.py │ ├── symbolic │ │ ├── data │ │ │ ├── bin │ │ │ │ ├── check_serial_1 │ │ │ │ ├── check_serial_2 │ │ │ │ ├── check_serial_3 │ │ │ │ ├── check_serial_4 │ │ │ │ ├── check_serial_5 │ │ │ │ └── check_serial_6 │ │ │ ├── src │ │ │ │ ├── check_serial_1.c │ │ │ │ ├── check_serial_2.c │ │ │ │ ├── check_serial_3.c │ │ │ │ ├── check_serial_6.c │ │ │ │ ├── check_serial_4.c │ │ │ │ └── check_serial_5.c │ │ │ └── Makefile │ │ └── __init__.py │ ├── __init__.py │ ├── gadgets │ │ └── __init__.py │ └── codeanalyzer │ │ └── __init__.py ├── __init__.py └── core │ ├── __init__.py │ ├── reil │ ├── __init__.py │ ├── emulator │ │ ├── __init__.py │ │ └── test_memory.py │ └── test_parser.py │ └── smt │ ├── __init__.py │ └── test_smtfunction.py ├── .gitignore ├── Dockerfile ├── .travis.yml ├── LICENSE ├── barf ├── core │ ├── __init__.py │ ├── smt │ │ ├── __init__.py │ │ └── smtfunction.py │ ├── reil │ │ ├── __init__.py │ │ ├── emulator │ │ │ └── __init__.py │ │ ├── helpers.py │ │ └── container.py │ └── symbols.py ├── tools │ ├── __init__.py │ ├── cfg │ │ └── __init__.py │ ├── cg │ │ ├── __init__.py │ │ └── cg.py │ ├── gadgets │ │ └── __init__.py │ ├── replay │ │ └── __init__.py │ └── common.py ├── utils │ ├── __init__.py │ └── utils.py ├── analysis │ ├── __init__.py │ ├── symbolic │ │ └── __init__.py │ ├── codeanalyzer │ │ └── __init__.py │ ├── graphs │ │ └── __init__.py │ └── gadgets │ │ └── __init__.py ├── arch │ ├── __init__.py │ ├── arm │ │ ├── __init__.py │ │ └── translators │ │ │ ├── __init__.py │ │ │ └── branch.py │ ├── x86 │ │ ├── __init__.py │ │ ├── translators │ │ │ ├── __init__.py │ │ │ ├── misc.py │ │ │ └── logical.py │ │ ├── disassembler.py │ │ └── helpers.py │ ├── disassembler.py │ └── arch.py └── __init__.py └── setup.py /doc/manual/apidoc/.gitignore: -------------------------------------------------------------------------------- 1 | *.rst 2 | -------------------------------------------------------------------------------- /doc/papers/barf.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/doc/papers/barf.pdf -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include CHANGELOG.md 2 | include LICENSE 3 | include README.md 4 | include barf/tools/gadgets/README.md 5 | -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop2.arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop2.arm -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop2.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop2.x86 -------------------------------------------------------------------------------- /examples/misc/samples/bin/branch4.arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/branch4.arm -------------------------------------------------------------------------------- /examples/misc/samples/bin/branch4.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/branch4.x86 -------------------------------------------------------------------------------- /tests/arch/samples/bin/loop-simple.arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/arch/samples/bin/loop-simple.arm -------------------------------------------------------------------------------- /tests/arch/samples/bin/loop-simple.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/arch/samples/bin/loop-simple.x86 -------------------------------------------------------------------------------- /examples/flareon-2015/2/bin/very_success: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/flareon-2015/2/bin/very_success -------------------------------------------------------------------------------- /examples/flareon-2015/2/cfg/sub_401000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/flareon-2015/2/cfg/sub_401000.png -------------------------------------------------------------------------------- /examples/flareon-2015/2/cfg/sub_401084.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/flareon-2015/2/cfg/sub_401084.png -------------------------------------------------------------------------------- /examples/misc/samples/bin/branch4.arm_thumb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/branch4.arm_thumb -------------------------------------------------------------------------------- /examples/misc/samples/bin/constraint1.arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/constraint1.arm -------------------------------------------------------------------------------- /examples/misc/samples/bin/constraint1.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/constraint1.x86 -------------------------------------------------------------------------------- /examples/misc/samples/bin/constraint3.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/constraint3.x86 -------------------------------------------------------------------------------- /examples/misc/samples/bin/example1.x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/example1.x86_64 -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop-simple1.arm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop-simple1.arm -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop-simple1.x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop-simple1.x86 -------------------------------------------------------------------------------- /tests/analysis/graphs/data/bin/x86_sample_1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/graphs/data/bin/x86_sample_1 -------------------------------------------------------------------------------- /tests/analysis/graphs/data/bin/x86_sample_2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/graphs/data/bin/x86_sample_2 -------------------------------------------------------------------------------- /tests/arch/samples/bin/loop-simple.x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/arch/samples/bin/loop-simple.x86_64 -------------------------------------------------------------------------------- /examples/kaos-toy-project/bin/toyproject.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/kaos-toy-project/bin/toyproject.exe -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop-simple1.x86_64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop-simple1.x86_64 -------------------------------------------------------------------------------- /tests/arch/samples/bin/loop-simple.arm_thumb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/arch/samples/bin/loop-simple.arm_thumb -------------------------------------------------------------------------------- /examples/misc/samples/bin/loop-simple1.arm_thumb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/examples/misc/samples/bin/loop-simple1.arm_thumb -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_1 -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_2 -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_3 -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_4 -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_5 -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/bin/check_serial_6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/tests/analysis/symbolic/data/bin/check_serial_6 -------------------------------------------------------------------------------- /doc/manual/source/tutorial/images/constraint3_cfg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/doc/manual/source/tutorial/images/constraint3_cfg.png -------------------------------------------------------------------------------- /doc/presentations/barfing-gadgets.ekoparty2014.es.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/programa-stic/barf-project/HEAD/doc/presentations/barfing-gadgets.ekoparty2014.es.pdf -------------------------------------------------------------------------------- /examples/kaos-toy-project/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | Command to recover CFG of the function of interest: 4 | 5 | ```shell 6 | BARFcfg -r 0x004010ec bin/toyproject.exe 7 | ``` 8 | -------------------------------------------------------------------------------- /examples/misc/samples/src/constraint1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int a; 5 | int b; 6 | int c; 7 | 8 | c = a + b + 5; 9 | 10 | return c; 11 | } 12 | -------------------------------------------------------------------------------- /tests/analysis/graphs/data/src/x86_sample_1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | /* 4 | * Basic sample, just one function. 5 | * 6 | */ 7 | 8 | int main(int argc, char *argv[]) { 9 | printf("Hello, World!\n"); 10 | 11 | return 0; 12 | } 13 | -------------------------------------------------------------------------------- /examples/misc/samples/src/loop2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | unsigned int a = 0; 5 | unsigned int counter = 10; 6 | 7 | while (counter > 0) { 8 | a++; 9 | counter--; 10 | } 11 | 12 | return a; 13 | } -------------------------------------------------------------------------------- /examples/misc/samples/src/branch4.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int cookie1; 5 | int cookie2; 6 | 7 | if (cookie1 == 0x41424344) { 8 | if (cookie2 == 0x45464748) { 9 | printf("you win!\n"); 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Python files. 2 | *.pyc 3 | 4 | # Python egg metadata, regenerated from source files by setuptools. 5 | *.egg-info 6 | 7 | # Distribution files. 8 | dist/* 9 | 10 | # Build folder from Docs. 11 | doc/manual/_build/* 12 | 13 | # Log files 14 | *.log 15 | 16 | # PyCharm files. 17 | .idea/* 18 | -------------------------------------------------------------------------------- /tests/arch/samples/src/loop-simple.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char * argv[]) { 5 | unsigned int i; 6 | unsigned int a; 7 | unsigned int l; 8 | 9 | l = 10; 10 | 11 | for (i = 0; i < l; i++) { 12 | a++; 13 | } 14 | 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /examples/misc/samples/src/example1.c: -------------------------------------------------------------------------------- 1 | 2 | int function_of_interest(int arg) { 3 | return arg % 2; 4 | } 5 | 6 | int some_function(char *input) { 7 | int len = 0; 8 | for(; *input++; len++) {} 9 | return function_of_interest(len); 10 | } 11 | 12 | int main(int argc, char *argv[]) { 13 | return some_function(argv[1]); 14 | } 15 | -------------------------------------------------------------------------------- /tests/analysis/graphs/data/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: all clean 2 | 3 | src := src 4 | dst := bin 5 | 6 | all: x86_sample_1 x86_sample_2 7 | 8 | x86_sample_1: $(src)/x86_sample_1.c 9 | gcc -m32 -o $(dst)/$@ $< 10 | 11 | x86_sample_2: $(src)/x86_sample_2.c 12 | gcc -m32 -o $(dst)/$@ $< 13 | 14 | clean: 15 | rm -f $(dst)/x86_sample_1 $(dst)/x86_sample_2 16 | -------------------------------------------------------------------------------- /examples/misc/samples/src/constraint3.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main() { 4 | int cookie1; 5 | int cookie2; 6 | int cookie3; 7 | int rv = 1; 8 | 9 | if (cookie1 == 0x41424344) { 10 | if (cookie2 == 0x45464748) { 11 | if (cookie3 == 0x00ABCDEF) { 12 | rv = 0; 13 | } 14 | } 15 | } 16 | 17 | return rv; 18 | } -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | MAINTAINER Christian Heitman 3 | 4 | RUN apt-get -y update && \ 5 | apt-get install -y graphviz z3 python-pip git 6 | 7 | RUN useradd -m barf 8 | USER barf 9 | WORKDIR /home/barf 10 | ENV HOME /home/barf 11 | 12 | RUN git clone https://github.com/programa-stic/barf-project.git && \ 13 | cd barf-project && \ 14 | pip install . 15 | 16 | CMD ["/bin/bash"] 17 | -------------------------------------------------------------------------------- /doc/manual/source/introduction/index.rst: -------------------------------------------------------------------------------- 1 | Introducción 2 | ============ 3 | 4 | *BARF* es un *framework* de análisis de binario. Está pensado para ser 5 | multiplataforma y facilmente extensible. 6 | 7 | La idea es permitir *cargar* cualquier binario, *traducirlo* a un lenguage 8 | intermedio y *aplicar* algoritmos de análisis sobre este último. 9 | 10 | *BARF* trabaja sobre un lenguaje intermedio llamado **REIL**. 11 | -------------------------------------------------------------------------------- /tests/arch/samples/Makefile: -------------------------------------------------------------------------------- 1 | X86_CC = gcc 2 | ARM_CC = arm-linux-gnueabi-gcc 3 | 4 | .PHONY: all clean 5 | 6 | all: loop-simple 7 | 8 | loop-simple: src/loop-simple.c 9 | $(X86_CC) -m32 -o bin/loop-simple.x86 src/loop-simple.c 10 | $(X86_CC) -m64 -o bin/loop-simple.x86_64 src/loop-simple.c 11 | $(ARM_CC) -marm -o bin/loop-simple.arm src/loop-simple.c 12 | $(ARM_CC) -mthumb -o bin/loop-simple.arm_thumb src/loop-simple.c 13 | 14 | clean: 15 | rm -f bin/loop-simple.* 16 | -------------------------------------------------------------------------------- /examples/misc/samples/src/loop-simple1.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char * argv[]) { 5 | unsigned int i; 6 | unsigned int a; 7 | unsigned int l; 8 | 9 | if (argc != 2) { 10 | printf("Usage: %s \n", argv[0]); 11 | exit(-1); 12 | } 13 | 14 | l = (unsigned int) atoi(argv[1]); 15 | 16 | for (i = 0; i < l; i++) { 17 | a++; 18 | } 19 | 20 | printf("Finished!\n"); 21 | 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /tests/analysis/graphs/data/src/x86_sample_2.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | /* 6 | * Basic sample, one function calling two other functions. 7 | * 8 | */ 9 | 10 | void func_1(void) { 11 | printf("func_1\n"); 12 | } 13 | 14 | void func_2(void) { 15 | printf("func_2\n"); 16 | } 17 | 18 | int main(int argc, char *argv[]) { 19 | if (getpid() & 0x1) { 20 | func_1(); 21 | } else { 22 | func_2(); 23 | } 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /doc/manual/source/installation/index.rst: -------------------------------------------------------------------------------- 1 | Instalación 2 | =========== 3 | 4 | Sistemas Debian 5 | --------------- 6 | 7 | Se cuenta con un *script* de instalación que realiza todo el proceso. 8 | 9 | .. code-block:: bash 10 | 11 | $ ./install.sh 12 | 13 | Este script primero instala las dependencias, **z3** y **capstone**, y, luego, 14 | el framework. 15 | 16 | Otros sistemas 17 | -------------- 18 | 19 | Para otros sistemas, la instalación de las dependencias es manual. La 20 | instalación del framework es: 21 | 22 | .. code-block:: bash 23 | 24 | $ sudo python setup.py install 25 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int check_serial(char *password) { 4 | int i = 0; 5 | 6 | while(i < 6) { 7 | if (password[i] != 'A') { 8 | return 0; 9 | } 10 | 11 | i++; 12 | } 13 | 14 | return 1; 15 | } 16 | 17 | int main(int argc, char *argv[]) { 18 | int rv; 19 | char *password = argv[1]; 20 | 21 | rv = check_serial(password); 22 | 23 | if (rv == 0x1) { 24 | printf("Success!\n"); 25 | } else { 26 | printf("Fail!\n"); 27 | } 28 | 29 | return 0; 30 | } 31 | -------------------------------------------------------------------------------- /doc/manual/index.rst: -------------------------------------------------------------------------------- 1 | .. BARF documentation master file, created by 2 | sphinx-quickstart on Fri May 9 17:00:40 2014. 3 | You can adapt this file completely to your liking, but it should at least 4 | contain the root `toctree` directive. 5 | 6 | Welcome to BARF's documentation! 7 | =============================== 8 | 9 | Contents: 10 | 11 | .. toctree:: 12 | :maxdepth: 2 13 | 14 | source/introduction/index 15 | source/installation/index 16 | source/tutorial/index 17 | source/overview/index 18 | 19 | Indices and tables 20 | ================== 21 | 22 | * :ref:`genindex` 23 | * :ref:`modindex` 24 | * :ref:`search` 25 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char *serial = "\x31\x27\x30\x2b\x23\x2e"; 4 | 5 | int check_serial(char *password, int length) { 6 | int i = 0; 7 | 8 | while(i < length) { 9 | if ((password[i] ^ 0x42) != serial[i]) { 10 | return 0; 11 | } 12 | 13 | i++; 14 | } 15 | 16 | return 1; 17 | } 18 | 19 | int main(int argc, char *argv[]) { 20 | int rv; 21 | char *password = argv[1]; 22 | 23 | rv = check_serial(password, 6); 24 | 25 | if (rv == 0x1) { 26 | printf("Success!\n"); 27 | } else { 28 | printf("Fail!\n"); 29 | } 30 | 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_3.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char *serial = "\x31\x27\x30\x2b\x23\x2e"; 4 | 5 | int compare_byte(char *a, char *b) { 6 | return ((a[0] ^ 0x42) != b[0]); 7 | } 8 | 9 | int check_serial(char *password, int length) { 10 | int i = 0; 11 | 12 | while(i < length) { 13 | if (compare_byte(&password[i], &serial[i])) { 14 | return 0; 15 | } 16 | 17 | i++; 18 | } 19 | 20 | return 1; 21 | } 22 | 23 | int main(int argc, char *argv[]) { 24 | int rv; 25 | char *password = argv[1]; 26 | 27 | rv = check_serial(password, 6); 28 | 29 | if (rv == 0x1) { 30 | printf("Success!\n"); 31 | } else { 32 | printf("Fail!\n"); 33 | } 34 | 35 | return 0; 36 | } 37 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_6.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void expand(unsigned char *out, unsigned char *in, unsigned int x, unsigned int y) { 5 | for (int i = 0; i < 4; i++) { 6 | out[i] = (in[i] - x) ^ y; 7 | x = x << 1; 8 | y = y << 1; 9 | } 10 | } 11 | 12 | int main(int argc, char *argv[]) { 13 | unsigned char out[4]; 14 | unsigned char in[4] = {0x2, 0x3, 0x5, 0x7}; 15 | unsigned int x = atoi(argv[1]); 16 | unsigned int y = atoi(argv[2]); 17 | 18 | expand(out, in, x, y); 19 | 20 | printf("%02hhx\n", (unsigned int) out[0]); 21 | printf("%02hhx\n", (unsigned int) out[1]); 22 | printf("%02hhx\n", (unsigned int) out[2]); 23 | printf("%02hhx\n", (unsigned int) out[3]); 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_4.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char *serial = "\x31\x27\x30\x2b\x23\x2e"; 4 | 5 | int compare_byte(char *a, char *b) { 6 | return ((a[0] ^ 0x42) != b[0]); 7 | } 8 | 9 | int check_serial(char *password, int length, int (*compare_fn)(char *, char *)) { 10 | int i = 0; 11 | 12 | while(i < length) { 13 | if (compare_fn(&password[i], &serial[i])) { 14 | return 0; 15 | } 16 | 17 | i++; 18 | } 19 | 20 | return 1; 21 | } 22 | 23 | int main(int argc, char *argv[]) { 24 | int rv; 25 | char *password = argv[1]; 26 | 27 | rv = check_serial(password, 6, compare_byte); 28 | 29 | if (rv == 0x1) { 30 | printf("Success!\n"); 31 | } else { 32 | printf("Fail!\n"); 33 | } 34 | 35 | return 0; 36 | } 37 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: all clean 2 | 3 | src := src 4 | dst := bin 5 | 6 | all: check_serial_1 check_serial_2 check_serial_3 check_serial_4 \ 7 | check_serial_5 check_serial_6 8 | 9 | check_serial_1: $(src)/check_serial_1.c 10 | gcc -m32 -o $(dst)/$@ $< 11 | 12 | check_serial_2: $(src)/check_serial_2.c 13 | gcc -m32 -o $(dst)/$@ $< 14 | 15 | check_serial_3: $(src)/check_serial_3.c 16 | gcc -m32 -o $(dst)/$@ $< 17 | 18 | check_serial_4: $(src)/check_serial_4.c 19 | gcc -m32 -o $(dst)/$@ $< 20 | 21 | check_serial_5: $(src)/check_serial_5.c 22 | gcc -m32 -o $(dst)/$@ $< 23 | 24 | check_serial_6: $(src)/check_serial_6.c 25 | gcc -ggdb -m32 -o $(dst)/$@ $< 26 | 27 | clean: 28 | rm -f $(dst)/check_serial_1 $(dst)/check_serial_2 $(dst)/check_serial_3 $(dst)/check_serial_4 $(dst)/check_serial_5 $(dst)/check_serial_6 29 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | env: 2 | global: 3 | - CC_TEST_REPORTER_ID=acfad14368f768950c73db21da3f21c4cb0f7056ab017a014c2ee636a11627e9 4 | 5 | os: linux 6 | 7 | language: python 8 | 9 | python: 10 | - 2.7 11 | - 3.6 12 | 13 | branches: 14 | only: 15 | - master 16 | 17 | sudo: required 18 | 19 | install: 20 | - sudo apt-get install nasm 21 | - pip install pyasmjit 22 | - pip install z3-solver 23 | - pip install nose 24 | - pip install coverage 25 | - pip install . 26 | 27 | before_script: 28 | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter 29 | - chmod +x ./cc-test-reporter 30 | - ./cc-test-reporter before-build 31 | 32 | script: 33 | - nosetests --cover-erase --with-coverage --cover-package=barf --cover-tests 34 | 35 | after_script: 36 | - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT 37 | 38 | after_success: 39 | - coverage xml 40 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2014, Fundación Dr. Manuel Sadosky 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | 1. Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /examples/misc/samples/Makefile: -------------------------------------------------------------------------------- 1 | X86_CC = gcc 2 | ARM_CC = arm-linux-gnueabi-gcc 3 | 4 | .PHONY: all clean 5 | 6 | all: \ 7 | example1 \ 8 | branch4 \ 9 | constraint1 constraint3 \ 10 | loop-simple1 loop2 11 | 12 | example1: src/example1.c 13 | $(X86_CC) -m64 -o bin/example1.x86_64 src/example1.c 14 | 15 | branch4: src/branch4.c 16 | $(X86_CC) -m32 -o bin/branch4.x86 src/branch4.c 17 | $(ARM_CC) -marm -o bin/branch4.arm src/branch4.c 18 | $(ARM_CC) -mthumb -o bin/branch4.arm_thumb src/branch4.c 19 | 20 | constraint1: src/constraint1.c 21 | $(X86_CC) -m32 -O0 -o bin/constraint1.x86 src/constraint1.c 22 | $(ARM_CC) -marm -O0 -o bin/constraint1.arm src/constraint1.c 23 | 24 | constraint3: src/constraint3.c 25 | $(X86_CC) -m32 -O0 -o bin/constraint3.x86 src/constraint3.c 26 | 27 | loop-simple1: src/loop-simple1.c 28 | $(X86_CC) -m32 -o bin/loop-simple1.x86 src/loop-simple1.c 29 | $(X86_CC) -m64 -o bin/loop-simple1.x86_64 src/loop-simple1.c 30 | $(ARM_CC) -marm -o bin/loop-simple1.arm src/loop-simple1.c 31 | $(ARM_CC) -mthumb -o bin/loop-simple1.arm_thumb src/loop-simple1.c 32 | 33 | loop2: src/loop2.c 34 | $(X86_CC) -m32 -o bin/loop2.x86 src/loop2.c 35 | $(ARM_CC) -marm -o bin/loop2.arm src/loop2.c 36 | 37 | clean: 38 | rm -f bin/example1.* 39 | rm -f bin/branch4.* 40 | rm -f bin/constraint1.* bin/constraint3.* 41 | rm -f bin/loop-simple1.* bin/loop2.* 42 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/tools/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/arch/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/core/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/analysis/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/core/smt/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/tools/cfg/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/tools/cg/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/analysis/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/arch/arm/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/arch/x86/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/core/reil/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/core/smt/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/tools/gadgets/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/tools/replay/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/analysis/symbolic/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2016, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/analysis/gadgets/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/analysis/graphs/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/core/reil/emulator/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/analysis/codeanalyzer/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/arch/arm/translators/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /tests/arch/x86/translators/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /barf/arch/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .arch import * 28 | -------------------------------------------------------------------------------- /barf/arch/arm/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .arm import * 28 | -------------------------------------------------------------------------------- /barf/arch/x86/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .x86 import * 28 | -------------------------------------------------------------------------------- /barf/core/reil/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .reil import * 28 | -------------------------------------------------------------------------------- /barf/analysis/codeanalyzer/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .codeanalyzer import CodeAnalyzer 28 | -------------------------------------------------------------------------------- /tests/analysis/symbolic/data/src/check_serial_5.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | char *serial = "\x31\x27\x30\x2b\x23\x2e"; 4 | 5 | typedef int (*compare_fn)(char *); 6 | 7 | int compare_byte_0(char *password) { 8 | return ((password[0] ^ 0x42) != serial[0]); 9 | } 10 | 11 | int compare_byte_1(char *password) { 12 | return ((password[1] ^ 0x42) != serial[1]); 13 | } 14 | 15 | int compare_byte_2(char *password) { 16 | return ((password[2] ^ 0x42) != serial[2]); 17 | } 18 | 19 | int compare_byte_3(char *password) { 20 | return ((password[3] ^ 0x42) != serial[3]); 21 | } 22 | 23 | int compare_byte_4(char *password) { 24 | return ((password[4] ^ 0x42) != serial[4]); 25 | } 26 | 27 | int compare_byte_5(char *password) { 28 | return ((password[5] ^ 0x42) != serial[5]); 29 | } 30 | 31 | int check_serial(char *password, int length) { 32 | int i = 0; 33 | 34 | compare_fn compare_table[6] = { 35 | compare_byte_0, 36 | compare_byte_1, 37 | compare_byte_2, 38 | compare_byte_3, 39 | compare_byte_4, 40 | compare_byte_5, 41 | }; 42 | 43 | while(i < length) { 44 | if (compare_table[i](password)) { 45 | return 0; 46 | } 47 | 48 | i++; 49 | } 50 | 51 | return 1; 52 | } 53 | 54 | int main(int argc, char *argv[]) { 55 | int rv; 56 | char *password = argv[1]; 57 | 58 | rv = check_serial(password, 6); 59 | 60 | if (rv == 0x1) { 61 | printf("Success!\n"); 62 | } else { 63 | printf("Fail!\n"); 64 | } 65 | 66 | return 0; 67 | } 68 | -------------------------------------------------------------------------------- /barf/core/reil/emulator/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .cpu import * 28 | from .tainter import * 29 | from .memory import * 30 | from .emulator import * 31 | -------------------------------------------------------------------------------- /barf/analysis/graphs/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .basicblock import BasicBlock 28 | from .controlflowgraph import CFGRecoverer 29 | from .controlflowgraph import ControlFlowGraph 30 | from .controlflowgraph import RecursiveDescent 31 | -------------------------------------------------------------------------------- /examples/misc/recover_cfg.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf.arch import ARCH_ARM_MODE_ARM 7 | from barf.arch import ARCH_ARM_MODE_THUMB 8 | from barf.barf import BARF 9 | 10 | if __name__ == "__main__": 11 | # x86 12 | # ======================================================================= # 13 | # 14 | # Open file 15 | # 16 | filename = "./samples/bin/branch4.x86" 17 | barf = BARF(filename) 18 | 19 | # 20 | # Recover CFG 21 | # 22 | print("[+] Recovering program CFG...") 23 | 24 | cfg = barf.recover_cfg(start=0x40052d, end=0x400560) 25 | 26 | cfg.save(filename + "_cfg", print_ir=True) 27 | 28 | # ARM 29 | # ======================================================================= # 30 | # 31 | # Open file 32 | # 33 | filename = "./samples/bin/branch4.arm" 34 | barf = BARF(filename) 35 | 36 | # 37 | # Recover CFG 38 | # 39 | print("[+] Recovering program CFG...") 40 | 41 | cfg = barf.recover_cfg(start=0x000083c8, end=0x00008404 + 0x4, arch_mode=ARCH_ARM_MODE_ARM) 42 | 43 | cfg.save(filename + "_cfg", print_ir=True) 44 | 45 | # ARM Thumb 46 | # ======================================================================= # 47 | # 48 | # Open file 49 | # 50 | filename = "./samples/bin/branch4.arm_thumb" 51 | barf = BARF(filename) 52 | 53 | # 54 | # Recover CFG 55 | # 56 | print("[+] Recovering program CFG...") 57 | 58 | cfg = barf.recover_cfg(start=0x00010434, end=0x0001046a + 0x2, arch_mode=ARCH_ARM_MODE_THUMB) 59 | 60 | cfg.save(filename + "_cfg", print_ir=True) 61 | -------------------------------------------------------------------------------- /barf/arch/arm/translators/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .branch import * 28 | from .data import * 29 | from .loadstore import * 30 | 31 | dispatcher = {} 32 | dispatcher.update(branch.dispatcher) 33 | dispatcher.update(data.dispatcher) 34 | dispatcher.update(loadstore.dispatcher) 35 | -------------------------------------------------------------------------------- /barf/core/reil/helpers.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | 26 | def split_address(reil_address): 27 | return reil_address >> 0x08, reil_address & 0xff 28 | 29 | 30 | def to_reil_address(asm_address, offset=0x0): 31 | return (asm_address << 0x08) | (offset & 0xff) 32 | 33 | 34 | def to_asm_address(reil_address): 35 | return reil_address >> 0x08 36 | -------------------------------------------------------------------------------- /barf/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import logging 28 | 29 | from .barf import BARF 30 | 31 | # Setup logging module. 32 | logging.basicConfig( 33 | filename="barf.log", 34 | format="%(asctime)s: %(name)s:%(levelname)s: %(message)s", 35 | filemode='w', 36 | level=logging.DEBUG 37 | ) 38 | -------------------------------------------------------------------------------- /barf/analysis/gadgets/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | # NOTE: Keep this import order, there a dependency issue. 28 | from .gadget import GadgetType 29 | from .gadget import RawGadget 30 | from .gadget import TypedGadget 31 | 32 | from .classifier import GadgetClassifier 33 | from .finder import GadgetFinder 34 | from .verifier import GadgetVerifier 35 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | 5 | from setuptools import setup 6 | from setuptools import find_packages 7 | 8 | __version__ = '0.6.0' 9 | 10 | setup( 11 | author = 'Christian Heitman', 12 | author_email = 'barfframework@gmail.com', 13 | description = 'A multiplatform open source Binary Analysis and Reverse engineering Framework', 14 | download_url = 'https://github.com/programa-stic/barf-project/tarball/v' + __version__, 15 | install_requires = [ 16 | 'capstone>=3.0.5rc2', 17 | 'future', 18 | 'networkx', 19 | 'pefile', 20 | 'pydot', 21 | 'pyelftools', 22 | 'pygments', 23 | 'pyparsing', 24 | ], 25 | license = 'BSD 2-Clause', 26 | name = 'barf', 27 | classifiers = [ 28 | 'Development Status :: 3 - Alpha', 29 | 'License :: OSI Approved :: BSD License', 30 | 'Natural Language :: English', 31 | 'Programming Language :: Python :: 2.7', 32 | 'Programming Language :: Python :: 3.6', 33 | 'Topic :: Scientific/Engineering :: Information Analysis', 34 | 'Topic :: Security', 35 | 'Topic :: Software Development :: Disassemblers', 36 | 'Topic :: Software Development :: Interpreters', 37 | 'Topic :: Software Development :: Libraries :: Python Modules', 38 | ], 39 | packages = find_packages(exclude=['tests', 'tests.*']), 40 | url = 'http://github.com/programa-stic/barf-project', 41 | entry_points = { 42 | "console_scripts": [ 43 | "BARFcfg = barf.tools.cfg.cfg:main", 44 | "BARFcg = barf.tools.cg.cg:main", 45 | "BARFgadgets = barf.tools.gadgets.gadgets:main", 46 | "BARFreplay = barf.tools.replay.replay:main", 47 | ] 48 | } , 49 | version = __version__, 50 | zip_safe = False 51 | ) 52 | -------------------------------------------------------------------------------- /barf/arch/disassembler.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | """Generic Disassembler Interface. 26 | """ 27 | 28 | 29 | class DisassemblerError(Exception): 30 | pass 31 | 32 | 33 | class InvalidDisassemblerData(Exception): 34 | pass 35 | 36 | 37 | class Disassembler(object): 38 | 39 | """Generic Disassembler Interface. 40 | """ 41 | 42 | def disassemble(self, data, address): 43 | """Disassemble raw bytes into an instruction. 44 | """ 45 | raise NotImplementedError() 46 | 47 | def disassemble_all(self, data, address): 48 | """Disassemble raw bytes into multiple instructions. 49 | """ 50 | raise NotImplementedError() 51 | -------------------------------------------------------------------------------- /examples/misc/translate_code.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf.barf import BARF 7 | 8 | if __name__ == "__main__": 9 | # x86 10 | # ======================================================================= # 11 | # 12 | # Open file 13 | # 14 | barf = BARF("./samples/bin/branch4.x86") 15 | 16 | # 17 | # Translate to REIL 18 | # 19 | print("[+] Translating: x86 -> REIL -> SMT") 20 | 21 | for addr, asm_instr, reil_instrs in barf.translate(): 22 | print("0x{0:08x} : {1}".format(addr, asm_instr)) 23 | 24 | for reil_instr in reil_instrs: 25 | print("{0:14}{1}".format("", reil_instr)) 26 | 27 | try: 28 | # Some instructions cannot be translate to SMT, i.e, 29 | # UNKN, UNDEF, JCC. In those cases, an exception is 30 | # raised. 31 | smt_exprs = barf.smt_translator.translate(reil_instr) 32 | 33 | for smt_expr in smt_exprs: 34 | print("{0:16}{1}".format("", smt_expr)) 35 | except: 36 | pass 37 | 38 | # ARM 39 | # ======================================================================= # 40 | # 41 | # Open file 42 | # 43 | barf = BARF("./samples/bin/branch4.arm") 44 | 45 | # 46 | # Translate to REIL 47 | # 48 | print("[+] Translating: x86 -> REIL -> SMT") 49 | 50 | for addr, asm_instr, reil_instrs in barf.translate(start=0x000083c8, end=0x00008404): 51 | print("0x{0:08x} : {1}".format(addr, asm_instr)) 52 | 53 | for reil_instr in reil_instrs: 54 | print("{0:14}{1}".format("", reil_instr)) 55 | 56 | try: 57 | # Some instructions cannot be translate to SMT, i.e, 58 | # UNKN, UNDEF, JCC. In those cases, an exception is 59 | # raised. 60 | smt_exprs = barf.smt_translator.translate(reil_instr) 61 | 62 | for smt_expr in smt_exprs: 63 | print("{0:16}{1}".format("", smt_expr)) 64 | except: 65 | pass 66 | -------------------------------------------------------------------------------- /barf/arch/x86/translators/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from .helpers import * 28 | 29 | from .arithmetic import dispatcher as arithmetic_dispatcher 30 | from .bitwise import dispatcher as bitwise_dispatcher 31 | from .control import dispatcher as control_dispatcher 32 | from .flag import dispatcher as flag_dispatcher 33 | from .logical import dispatcher as logical_dispatcher 34 | from .misc import dispatcher as misc_dispatcher 35 | from .sse import dispatcher as sse_dispatcher 36 | from .string import dispatcher as string_dispatcher 37 | from .transfer import dispatcher as transfer_dispatcher 38 | 39 | dispatcher = {} 40 | dispatcher.update(arithmetic_dispatcher) 41 | dispatcher.update(bitwise_dispatcher) 42 | dispatcher.update(control_dispatcher) 43 | dispatcher.update(flag_dispatcher) 44 | dispatcher.update(logical_dispatcher) 45 | dispatcher.update(misc_dispatcher) 46 | dispatcher.update(sse_dispatcher) 47 | dispatcher.update(string_dispatcher) 48 | dispatcher.update(transfer_dispatcher) 49 | -------------------------------------------------------------------------------- /barf/core/smt/smtfunction.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from barf.core.smt.smtsymbol import BitVec 28 | from barf.core.smt.smtsymbol import Bool 29 | from barf.core.smt.smtsymbol import Constant 30 | 31 | 32 | def zero_extend(s, size): 33 | assert type(s) in (Constant, BitVec) and size - s.size >= 0 34 | 35 | if size == s.size: 36 | return s 37 | 38 | return BitVec(size, "(_ zero_extend {})".format(size - s.size), s) 39 | 40 | 41 | def sign_extend(s, size): 42 | assert type(s) in (Constant, BitVec) and size - s.size >= 0 43 | 44 | if size == s.size: 45 | return s 46 | 47 | return BitVec(size, "(_ sign_extend {})".format(size - s.size), s) 48 | 49 | 50 | def extract(s, offset, size): 51 | assert type(s) in (Constant, BitVec) 52 | 53 | if offset == 0 and size == s.size: 54 | return s 55 | 56 | return BitVec(size, "(_ extract {} {})".format(offset + size - 1, offset), s) 57 | 58 | 59 | def ite(size, cond, true, false): 60 | assert type(cond) is Bool 61 | 62 | return BitVec(size, "ite", cond, true, false) 63 | 64 | 65 | def concat(size, *args): 66 | if len(args) == 1: 67 | return args[0] 68 | 69 | return BitVec(size * len(args), "concat", *args) 70 | -------------------------------------------------------------------------------- /examples/misc/check_constraints.x86.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf import BARF 7 | 8 | if __name__ == "__main__": 9 | # 10 | # Open file 11 | # 12 | barf = BARF("./samples/bin/constraint1.x86") 13 | 14 | # 15 | # Check constraint 16 | # 17 | 18 | # 80483ed: 55 push ebp 19 | # 80483ee: 89 e5 mov ebp,esp 20 | # 80483f0: 83 ec 10 sub esp,0x10 21 | # 80483f3: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 22 | # 80483f6: 8b 55 f4 mov edx,DWORD PTR [ebp-0xc] 23 | # 80483f9: 01 d0 add eax,edx 24 | # 80483fb: 83 c0 05 add eax,0x5 25 | # 80483fe: 89 45 fc mov DWORD PTR [ebp-0x4],eax 26 | # 8048401: 8b 45 fc mov eax,DWORD PTR [ebp-0x4] 27 | # 8048404: c9 leave 28 | # 8048405: c3 ret 29 | 30 | print("[+] Adding instructions to the analyzer...") 31 | 32 | for addr, asm_instr, reil_instrs in barf.translate(start=0x80483ed, end=0x8048401): 33 | print("0x{0:08x} : {1}".format(addr, asm_instr)) 34 | 35 | for reil_instr in reil_instrs: 36 | barf.code_analyzer.add_instruction(reil_instr) 37 | 38 | print("[+] Adding pre and post conditions to the analyzer...") 39 | 40 | ebp = barf.code_analyzer.get_register_expr("ebp", mode="post") 41 | 42 | # Preconditions: set range for variable a and b 43 | a = barf.code_analyzer.get_memory_expr(ebp-0x8, 4, mode="pre") 44 | b = barf.code_analyzer.get_memory_expr(ebp-0xc, 4, mode="pre") 45 | 46 | for constr in [a >= 2, a <= 100, b >= 2, b <= 100]: 47 | barf.code_analyzer.add_constraint(constr) 48 | 49 | # Postconditions: set desired value for the result 50 | c = barf.code_analyzer.get_memory_expr(ebp-0x4, 4, mode="post") 51 | 52 | for constr in [c >= 26, c <= 28]: 53 | barf.code_analyzer.add_constraint(constr) 54 | 55 | print("[+] Check for satisfiability...") 56 | 57 | if barf.code_analyzer.check() == 'sat': 58 | print("[+] Satisfiable! Possible assignments:") 59 | 60 | # Get concrete value for expressions 61 | a_val = barf.code_analyzer.get_expr_value(a) 62 | b_val = barf.code_analyzer.get_expr_value(b) 63 | c_val = barf.code_analyzer.get_expr_value(c) 64 | 65 | # Print values 66 | print("- a: {0:#010x} ({0})".format(a_val)) 67 | print("- b: {0:#010x} ({0})".format(b_val)) 68 | print("- c: {0:#010x} ({0})".format(c_val)) 69 | 70 | assert a_val + b_val + 5 == c_val 71 | else: 72 | print("[-] Unsatisfiable!") 73 | -------------------------------------------------------------------------------- /examples/misc/check_constraints.arm.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf import BARF 7 | 8 | if __name__ == "__main__": 9 | # 10 | # Open file 11 | # 12 | barf = BARF("./samples/bin/constraint1.arm") 13 | 14 | # 15 | # Check constraint 16 | # 17 | 18 | # 00008390
: 19 | # 8390: e52db004 push {fp} ; (str fp, [sp, #-4]!) 20 | # 8394: e28db000 add fp, sp, #0 21 | # 8398: e24dd014 sub sp, sp, #20 22 | # 839c: e51b2008 ldr r2, [fp, #-8] 23 | # 83a0: e51b300c ldr r3, [fp, #-12] 24 | # 83a4: e0823003 add r3, r2, r3 25 | # 83a8: e2833005 add r3, r3, #5 26 | # 83ac: e50b3010 str r3, [fp, #-16] 27 | # 83b0: e51b3010 ldr r3, [fp, #-16] 28 | # 83b4: e1a00003 mov r0, r3 29 | # 83b8: e28bd000 add sp, fp, #0 30 | # 83bc: e8bd0800 ldmfd sp!, {fp} 31 | # 83c0: e12fff1e bx lr 32 | 33 | print("[+] Adding instructions to the analyzer...") 34 | 35 | for addr, asm_instr, reil_instrs in barf.translate(start=0x8390, end=0x83bc): 36 | print("0x{0:08x} : {1}".format(addr, asm_instr)) 37 | 38 | for reil_instr in reil_instrs: 39 | barf.code_analyzer.add_instruction(reil_instr) 40 | 41 | print("[+] Adding pre and post conditions to the analyzer...") 42 | 43 | fp = barf.code_analyzer.get_register_expr("fp", mode="post") 44 | 45 | # Preconditions: set range for variable a and b 46 | a = barf.code_analyzer.get_memory_expr(fp - 0x08, 4, mode="pre") 47 | b = barf.code_analyzer.get_memory_expr(fp - 0x0c, 4, mode="pre") 48 | 49 | for constr in [a >= 2, a <= 100, b >= 2, b <= 100]: 50 | barf.code_analyzer.add_constraint(constr) 51 | 52 | # Postconditions: set desired value for the result 53 | c = barf.code_analyzer.get_memory_expr(fp - 0x10, 4, mode="post") 54 | 55 | for constr in [c >= 26, c <= 28]: 56 | barf.code_analyzer.add_constraint(constr) 57 | 58 | print("[+] Check for satisfiability...") 59 | 60 | if barf.code_analyzer.check() == 'sat': 61 | print("[+] Satisfiable! Possible assignments:") 62 | 63 | # Get concrete value for expressions 64 | a_val = barf.code_analyzer.get_expr_value(a) 65 | b_val = barf.code_analyzer.get_expr_value(b) 66 | c_val = barf.code_analyzer.get_expr_value(c) 67 | 68 | # Print values 69 | print("- a: {0:#010x} ({0})".format(a_val)) 70 | print("- b: {0:#010x} ({0})".format(b_val)) 71 | print("- c: {0:#010x} ({0})".format(c_val)) 72 | 73 | assert a_val + b_val + 5 == c_val 74 | else: 75 | print("[-] Unsatisfiable!") 76 | -------------------------------------------------------------------------------- /barf/arch/x86/translators/misc.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | 26 | # "Enter and Leave Instructions" 27 | # ============================================================================ # 28 | def _translate_leave(self, tb, instruction): 29 | # Flags Affected 30 | # None. 31 | 32 | tmp0 = tb.temporal(self._sp.size) 33 | 34 | tb.add(self._builder.gen_str(self._bp, self._sp)) 35 | tb.add(self._builder.gen_ldm(self._sp, self._bp)) 36 | tb.add(self._builder.gen_add(self._sp, self._ws, tmp0)) 37 | tb.add(self._builder.gen_str(tmp0, self._sp)) 38 | 39 | 40 | # "Miscellaneous Instructions" 41 | # ============================================================================ # 42 | def _translate_hlt(self, tb, instruction): 43 | # Flags Affected 44 | # None. 45 | 46 | tb.add(self._builder.gen_unkn()) 47 | 48 | 49 | def _translate_lea(self, tb, instruction): 50 | # Flags Affected 51 | # None. 52 | 53 | oprnd1 = self._reg_acc_translator.resolve_memory_access(tb, instruction.operands[1]) 54 | 55 | self._reg_acc_translator.write(tb, instruction.operands[0], oprnd1) 56 | 57 | 58 | def _translate_nop(self, tb, instruction): 59 | # Flags Affected 60 | # None. 61 | 62 | tb.add(self._builder.gen_nop()) 63 | 64 | 65 | dispatcher = { 66 | # "Enter and Leave Instructions" 67 | 'leave': _translate_leave, 68 | 69 | # "Miscellaneous Instructions" 70 | 'hlt': _translate_hlt, 71 | 'lea': _translate_lea, 72 | 'nop': _translate_nop, 73 | } 74 | -------------------------------------------------------------------------------- /tests/arch/x86/translators/test_misc.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .x86translator import X86TranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() == 'x86_64', 34 | 'Not running on an x86_64 system') 35 | class X86TranslationMiscTests(X86TranslationTestCase): 36 | 37 | # "Enter and Leave Instructions" 38 | # ============================================================================ # 39 | def test_leave(self): 40 | # TODO: Implement. 41 | pass 42 | 43 | # "Miscellaneous Instructions" 44 | # ============================================================================ # 45 | def test_hlt(self): 46 | # TODO: Implement. 47 | pass 48 | 49 | def test_lea(self): 50 | asm = ["lea eax, [ebx + 0x100]"] 51 | 52 | ctx_init = self._init_context() 53 | 54 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 55 | 56 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 57 | 58 | if not cmp_result: 59 | self._save_failing_context(ctx_init) 60 | 61 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 62 | 63 | def test_nop(self): 64 | asm = ["nop"] 65 | 66 | ctx_init = self._init_context() 67 | 68 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 69 | 70 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 71 | 72 | if not cmp_result: 73 | self._save_failing_context(ctx_init) 74 | 75 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 76 | -------------------------------------------------------------------------------- /tests/core/reil/test_parser.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import unittest 28 | 29 | from barf.core.reil.parser import ReilParser 30 | 31 | 32 | class ReilParserTests(unittest.TestCase): 33 | 34 | def setUp(self): 35 | self._parser = ReilParser() 36 | 37 | def test_add(self): 38 | instrs = ["str [eax, EMPTY, t0]"] 39 | instrs += ["str [ebx, EMPTY, t1]"] 40 | instrs += ["add [t0, t1, t2]"] 41 | instrs += ["str [t2, EMPTY, eax]"] 42 | 43 | instrs_parse = self._parser.parse(instrs) 44 | 45 | self.assertEqual(str(instrs_parse[0]), "str [UNK eax, EMPTY, UNK t0]") 46 | self.assertEqual(str(instrs_parse[1]), "str [UNK ebx, EMPTY, UNK t1]") 47 | self.assertEqual(str(instrs_parse[2]), "add [UNK t0, UNK t1, UNK t2]") 48 | self.assertEqual(str(instrs_parse[3]), "str [UNK t2, EMPTY, UNK eax]") 49 | 50 | def test_parse_operand_size(self): 51 | instrs = ["str [DWORD eax, EMPTY, DWORD t0]"] 52 | instrs += ["str [eax, EMPTY, DWORD t0]"] 53 | instrs += ["str [eax, EMPTY, t0]"] 54 | 55 | instrs_parse = self._parser.parse(instrs) 56 | 57 | self.assertEqual(instrs_parse[0].operands[0].size, 32) 58 | self.assertEqual(instrs_parse[0].operands[1].size, 0) 59 | self.assertEqual(instrs_parse[0].operands[2].size, 32) 60 | 61 | self.assertEqual(instrs_parse[1].operands[0].size, None) 62 | self.assertEqual(instrs_parse[1].operands[1].size, 0) 63 | self.assertEqual(instrs_parse[1].operands[2].size, 32) 64 | 65 | self.assertEqual(instrs_parse[2].operands[0].size, None) 66 | self.assertEqual(instrs_parse[2].operands[1].size, 0) 67 | self.assertEqual(instrs_parse[2].operands[2].size, None) 68 | 69 | 70 | def main(): 71 | unittest.main() 72 | 73 | 74 | if __name__ == '__main__': 75 | main() 76 | -------------------------------------------------------------------------------- /examples/misc/emulate_code.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf.barf import BARF 7 | 8 | if __name__ == "__main__": 9 | # x86 10 | # ======================================================================= # 11 | # 12 | # Open file 13 | # 14 | barf = BARF("./samples/bin/loop2.x86") 15 | 16 | # 080483ec
: 17 | # 80483ec: 55 push ebp 18 | # 80483ed: 89 e5 mov ebp,esp 19 | # 80483ef: 83 ec 10 sub esp,0x10 20 | # 80483f2: c7 45 f8 00 00 00 00 mov DWORD PTR [ebp-0x8],0x0 21 | # 80483f9: c7 45 fc 0a 00 00 00 mov DWORD PTR [ebp-0x4],0xa 22 | # 8048400: eb 08 jmp 804840a 23 | # 8048402: 83 45 f8 01 add DWORD PTR [ebp-0x8],0x1 24 | # 8048406: 83 6d fc 01 sub DWORD PTR [ebp-0x4],0x1 25 | # 804840a: 83 7d fc 00 cmp DWORD PTR [ebp-0x4],0x0 26 | # 804840e: 75 f2 jne 8048402 27 | # 8048410: 8b 45 f8 mov eax,DWORD PTR [ebp-0x8] 28 | # 8048413: c9 leave 29 | # 8048414: c3 ret 30 | 31 | # 32 | # Code emulation 33 | # 34 | context_out = barf.emulate(start=0x080483ec, end=0x08048414) 35 | 36 | print("{}: {}".format("eax", hex(context_out['registers']["eax"]))) 37 | 38 | assert context_out['registers']["eax"] == 0xa 39 | 40 | # ARM 41 | # ======================================================================= # 42 | # 43 | # Open file 44 | # 45 | barf = BARF("./samples/bin/loop2.arm") 46 | 47 | # 00008390
: 48 | # 8390: e52db004 push {fp} ; (str fp, [sp, #-4]!) 49 | # 8394: e28db000 add fp, sp, #0 50 | # 8398: e24dd00c sub sp, sp, #12 51 | # 839c: e3a03000 mov r3, #0 52 | # 83a0: e50b3008 str r3, [fp, #-8] 53 | # 83a4: e3a0300a mov r3, #10 54 | # 83a8: e50b300c str r3, [fp, #-12] 55 | # 83ac: ea000005 b 83c8 56 | # 83b0: e51b3008 ldr r3, [fp, #-8] 57 | # 83b4: e2833001 add r3, r3, #1 58 | # 83b8: e50b3008 str r3, [fp, #-8] 59 | # 83bc: e51b300c ldr r3, [fp, #-12] 60 | # 83c0: e2433001 sub r3, r3, #1 61 | # 83c4: e50b300c str r3, [fp, #-12] 62 | # 83c8: e51b300c ldr r3, [fp, #-12] 63 | # 83cc: e3530000 cmp r3, #0 64 | # 83d0: 1afffff6 bne 83b0 65 | # 83d4: e51b3008 ldr r3, [fp, #-8] 66 | # 83d8: e1a00003 mov r0, r3 67 | # 83dc: e28bd000 add sp, fp, #0 68 | # 83e0: e8bd0800 ldmfd sp!, {fp} 69 | # 83e4: e12fff1e bx lr 70 | 71 | # 72 | # Code emulation 73 | # 74 | context_out = barf.emulate(start=0x8390, end=0x83e0) # ARM mode 75 | 76 | print("{}: {}".format("r3", hex(context_out['registers']["r3"]))) 77 | 78 | assert context_out['registers']["r3"] == 0xa 79 | -------------------------------------------------------------------------------- /barf/tools/common.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | from __future__ import print_function 27 | 28 | import os 29 | 30 | def print_recovery_status(address, name, size): 31 | size = size if size != 0 else "?" 32 | 33 | print(" Processing {} @ {:#x} ({})".format(name, address, size)) 34 | 35 | 36 | def load_symbols_from_file(filename): 37 | symbols_by_addr = {} 38 | 39 | with open(filename, "r") as f: 40 | for line in f.readlines(): 41 | # Remove trailing '\n'. 42 | line = line[:-1] 43 | 44 | # Skip blank lines and comments. 45 | if line == "" or line[0] == "#": 46 | continue 47 | 48 | # Process line. 49 | parts = line.split(' ') 50 | 51 | try: 52 | addr, name, size, returns = parts[0], " ".join(parts[1:-2]), parts[-2], parts[-1] 53 | except: 54 | raise Exception("Error processing symbol file.") 55 | 56 | symbols_by_addr[int(addr, 16)] = (name, int(size), returns == "True") 57 | 58 | return symbols_by_addr 59 | 60 | 61 | def recover_cfg_some(barf, addresses, symbols_by_addr): 62 | cfgs = [] 63 | 64 | for addr in sorted(addresses): 65 | cfg = barf.recover_cfg(start=addr, symbols=symbols_by_addr, callback=print_recovery_status) 66 | 67 | cfgs.append(cfg) 68 | 69 | return cfgs 70 | 71 | 72 | def recover_cfg_all(barf, symbols_by_addr): 73 | if len(symbols_by_addr) > 0: 74 | print("[+] Recovering from symbols") 75 | 76 | entries = [addr for addr in sorted(symbols_by_addr.keys())] 77 | else: 78 | print("[+] Recovering from entry point") 79 | 80 | entries = [barf.binary.entry_point] 81 | 82 | cfgs = barf.recover_cfg_all(entries, symbols=symbols_by_addr, callback=print_recovery_status) 83 | 84 | return cfgs 85 | 86 | 87 | def create_output_dir(name): 88 | if not os.path.exists(name): 89 | os.makedirs(name) 90 | 91 | return name 92 | -------------------------------------------------------------------------------- /tests/core/smt/test_smtfunction.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import unittest 28 | 29 | from barf.core.smt.smtsymbol import BitVec 30 | from barf.core.smt.smtsymbol import Bool 31 | 32 | from barf.core.smt.smtfunction import concat 33 | from barf.core.smt.smtfunction import extract 34 | from barf.core.smt.smtfunction import ite 35 | from barf.core.smt.smtfunction import sign_extend 36 | from barf.core.smt.smtfunction import zero_extend 37 | 38 | 39 | class SmtFunctionTests(unittest.TestCase): 40 | 41 | def test_zero_extend(self): 42 | x = BitVec(32, "x") 43 | y = zero_extend(x, 64) 44 | 45 | self.assertEqual(y.value, "((_ zero_extend 32) x)") 46 | 47 | def test_sign_extend(self): 48 | x = BitVec(32, "x") 49 | y = sign_extend(x, 64) 50 | 51 | self.assertEqual(y.value, "((_ sign_extend 32) x)") 52 | 53 | def test_extract(self): 54 | x = BitVec(32, "x") 55 | x0 = extract(x, 0, 8) 56 | x1 = extract(x, 8, 8) 57 | x2 = extract(x, 16, 8) 58 | x3 = extract(x, 24, 8) 59 | 60 | self.assertEqual(x0.value, "((_ extract 7 0) x)") 61 | self.assertEqual(x1.value, "((_ extract 15 8) x)") 62 | self.assertEqual(x2.value, "((_ extract 23 16) x)") 63 | self.assertEqual(x3.value, "((_ extract 31 24) x)") 64 | 65 | def test_ite(self): 66 | b = Bool("b") 67 | x = BitVec(32, "x") 68 | y = BitVec(32, "y") 69 | z = BitVec(32, "z") 70 | v = ite(32, x == 0, y, z) 71 | w = ite(32, b, y, z) 72 | 73 | self.assertEqual(v.value, "(ite (= x #x00000000) y z)") 74 | self.assertEqual(w.value, "(ite b y z)") 75 | 76 | def test_concat(self): 77 | x = BitVec(32, "x") 78 | y = BitVec(32, "y") 79 | z = concat(32, x, y) 80 | v = concat(32, x) 81 | 82 | self.assertEqual(z.value, "(concat x y)") 83 | self.assertEqual(v.value, "x") 84 | 85 | 86 | def main(): 87 | unittest.main() 88 | 89 | 90 | if __name__ == '__main__': 91 | main() 92 | -------------------------------------------------------------------------------- /barf/arch/arch.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | # Supported architectures 26 | 27 | # Intel x86 architecture definition 28 | ARCH_X86 = 0 29 | ARCH_X86_MODE_32 = 0 30 | ARCH_X86_MODE_64 = 1 31 | 32 | # ARM architecture definition 33 | ARCH_ARM = 1 34 | ARCH_ARM_MODE_ARM = 0 35 | ARCH_ARM_MODE_THUMB = 1 36 | 37 | 38 | class ArchitectureInformation(object): 39 | 40 | def __init__(self): 41 | pass 42 | 43 | @property 44 | def architecture_mode(self): 45 | raise NotImplementedError() 46 | 47 | @property 48 | def architecture_size(self): 49 | raise NotImplementedError() 50 | 51 | @property 52 | def operand_size(self): 53 | raise NotImplementedError() 54 | 55 | @property 56 | def address_size(self): 57 | raise NotImplementedError() 58 | 59 | @property 60 | def registers(self): 61 | raise NotImplementedError() 62 | 63 | @property 64 | def max_instruction_size(self): 65 | raise NotImplementedError() 66 | 67 | def instr_is_ret(self, instruction): 68 | raise NotImplementedError() 69 | 70 | def instr_is_call(self, instruction): 71 | raise NotImplementedError() 72 | 73 | def instr_is_halt(self, instruction): 74 | raise NotImplementedError() 75 | 76 | def instr_is_branch(self, instruction): 77 | raise NotImplementedError() 78 | 79 | def instr_is_branch_cond(self, instruction): 80 | raise NotImplementedError() 81 | 82 | def instr_is_syscall(self, instruction): 83 | raise NotImplementedError() 84 | 85 | def stack_pointer_register(self): 86 | raise NotImplementedError() 87 | 88 | def instr_pointer_register(self): 89 | raise NotImplementedError() 90 | 91 | def flags_register(self): 92 | raise NotImplementedError() 93 | 94 | def flags_default_value(self): 95 | raise NotImplementedError() 96 | 97 | 98 | class AssemblyInstruction(object): 99 | 100 | def __init__(self): 101 | self._ir_instrs = [] 102 | 103 | @property 104 | def ir_instrs(self): 105 | return self._ir_instrs 106 | 107 | @ir_instrs.setter 108 | def ir_instrs(self, value): 109 | self._ir_instrs = value 110 | -------------------------------------------------------------------------------- /barf/core/symbols.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import logging 28 | import pefile 29 | 30 | from elftools.elf.elffile import ELFFile 31 | 32 | from elftools.elf.sections import SymbolTableSection 33 | from elftools.elf.descriptions import ( 34 | describe_symbol_type, 35 | describe_symbol_shndx) 36 | 37 | 38 | logger = logging.getLogger(__name__) 39 | 40 | 41 | def load_symbols_pe(filename): 42 | # TODO: Implement this 43 | pe = pefile.PE(filename) 44 | 45 | pe.parse_data_directories() 46 | 47 | pe.close() 48 | 49 | return {} 50 | 51 | 52 | def load_symbols_elf(filename): 53 | """ Load the symbol tables contained in the file 54 | """ 55 | f = open(filename, 'rb') 56 | 57 | elffile = ELFFile(f) 58 | 59 | symbols = [] 60 | 61 | for section in elffile.iter_sections(): 62 | if not isinstance(section, SymbolTableSection): 63 | continue 64 | 65 | if section['sh_entsize'] == 0: 66 | logger.warn("Symbol table {} has a sh_entsize of zero.".format(section.name)) 67 | 68 | continue 69 | 70 | logger.info("Symbol table {} contains {} entries.".format(section.name, section.num_symbols())) 71 | 72 | for _, symbol in enumerate(section.iter_symbols()): 73 | if describe_symbol_shndx(symbol['st_shndx']) != "UND" and \ 74 | describe_symbol_type(symbol['st_info']['type']) == "FUNC": 75 | symbols.append((symbol['st_value'], symbol['st_size'], symbol.name)) 76 | 77 | f.close() 78 | 79 | symbols_by_addr = { 80 | addr: (name, size, True) for addr, size, name in symbols 81 | } 82 | 83 | return symbols_by_addr 84 | 85 | 86 | def load_symbols(filename): 87 | try: 88 | fd = open(filename, 'rb') 89 | signature = fd.read(4) 90 | fd.close() 91 | except: 92 | raise Exception("Error loading file.") 93 | 94 | if signature[:4] == b"\x7f\x45\x4c\x46": 95 | symbols = load_symbols_elf(filename) 96 | elif signature[:2] == b'\x4d\x5a': 97 | symbols = load_symbols_pe(filename) 98 | else: 99 | raise Exception("Unknown file format.") 100 | 101 | return symbols 102 | -------------------------------------------------------------------------------- /tests/arch/arm/translators/test_branch.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .armtranslator import ArmTranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() in ['armv6l', 'armv7l'], 34 | 'Not running on an ARMv6 system') 35 | class ArmTranslationBranchTests(ArmTranslationTestCase): 36 | 37 | def test_branch_instructions(self): 38 | untouched_value = 0x45454545 39 | touched_value = 0x31313131 40 | 41 | # R11 is used as a dirty register to check if the branch was 42 | # taken or not. 43 | instr_samples = [ 44 | ["mov r11, #0x{:x}".format(untouched_value), 45 | "b #0x800c", 46 | "mov r11, #0x{:x}".format(touched_value), 47 | "mov r0, r0", 48 | ], 49 | ["mov r11, #0x{:x}".format(untouched_value), 50 | "bx #0x800c", 51 | "mov r11, #0x{:x}".format(touched_value), 52 | "mov r0, r0", 53 | ], 54 | ["mov r11, #0x{:x}".format(untouched_value), 55 | "bl #0x800c", 56 | "mov r11, #0x{:x}".format(touched_value), 57 | "mov r0, r0", 58 | ], 59 | ["mov r11, #0x{:x}".format(untouched_value), 60 | "blx #0x800c", 61 | "mov r11, #0x{:x}".format(touched_value), 62 | "mov r0, r0", 63 | ], 64 | ["movs r11, #0x{:x}".format(untouched_value), 65 | "bne #0x800c", 66 | "mov r11, #0x{:x}".format(touched_value), 67 | "mov r0, r0", 68 | ], 69 | ["mov r11, #0x{:x}".format(untouched_value), 70 | "mov r1, #0x8010", 71 | "bx r1", 72 | "mov r11, #0x{:x}".format(touched_value), 73 | "mov r0, r0", 74 | ], 75 | ["mov r11, #0x{:x}".format(untouched_value), 76 | "mov r1, #0x8010", 77 | "blx r1", 78 | "mov r11, #0x{:x}".format(touched_value), 79 | "mov r0, r0", 80 | ], 81 | ] 82 | 83 | for instr in instr_samples: 84 | reil_ctx_out = self._execute_asm(instr, 0x8000) 85 | 86 | self.assertTrue(reil_ctx_out['r11'] == untouched_value) 87 | -------------------------------------------------------------------------------- /examples/misc/find_and_emulate.x86.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | from __future__ import absolute_import 4 | from __future__ import print_function 5 | 6 | from barf.analysis.graphs.callgraph import CallGraph 7 | from barf.barf import BARF 8 | from barf.core.symbols import load_symbols 9 | 10 | 11 | if __name__ == "__main__": 12 | # 13 | # Open file 14 | # 15 | filename = "./samples/bin/example1.x86_64" 16 | arg = "hello!" 17 | 18 | barf = BARF(filename) 19 | 20 | # 21 | # Recover CFGs. 22 | # 23 | print("[+] Recovering control flow graphs...") 24 | symbols_by_addr = load_symbols(filename) 25 | entries = [addr for addr in sorted(symbols_by_addr.keys())] 26 | cfgs = barf.recover_cfg_all(entries, symbols=symbols_by_addr) 27 | 28 | # 29 | # Build CG. 30 | # 31 | print("[+] Building call graph...") 32 | cfgs_filtered = [] 33 | for cfg in cfgs: 34 | if len(cfg.basic_blocks) == 0: 35 | continue 36 | cfgs_filtered.append(cfg) 37 | cg = CallGraph(cfgs_filtered) 38 | 39 | # 40 | # Find the desired functions. 41 | # 42 | cfg_start = cg.find_function_by_name("main") 43 | cfg_end = cg.find_function_by_name("function_of_interest") 44 | assert cfg_start and cfg_end 45 | 46 | # 47 | # Check if there is a path between the main function and the function of interest. 48 | # 49 | path_ok = False 50 | for path in cg.simple_paths_by_address(cfg_start.start_address, cfg_end.start_address): 51 | path_str = " -> ".join(["{} ({:#x})".format(cfg.name, cfg.start_address) for cfg in path]) 52 | print("[+] There is a path between '{}' and '{}': {}".format(cfg_start.name, cfg_end.name, path_str)) 53 | path_ok = True 54 | 55 | # 56 | # Execute. 57 | # 58 | if path_ok: 59 | print("[+] Path satisfiable!") 60 | 61 | reil_emulator = barf.ir_emulator 62 | 63 | # Set stack pointer. 64 | esp = 0x00001500 65 | 66 | # Set argv. 67 | argv_0_addr = 0x00001900 68 | argv_0_data = bytearray(filename + "\x00", encoding='ascii') 69 | for i, b in enumerate(argv_0_data): 70 | reil_emulator.write_memory(argv_0_addr + i, 1, b) 71 | 72 | argv_1_addr = argv_0_addr + len(argv_0_data) 73 | argv_1_data = bytearray(arg + "\x00", encoding='ascii') 74 | for i, b in enumerate(argv_1_data): 75 | reil_emulator.write_memory(argv_1_addr + i, 1, b) 76 | 77 | argv_base_addr = 0x00001800 78 | reil_emulator.write_memory(argv_base_addr + 0x00, 4, argv_0_addr) 79 | reil_emulator.write_memory(argv_base_addr + 0x04, 4, argv_1_addr) 80 | reil_emulator.write_memory(argv_base_addr + 0x08, 4, 0x00000000) 81 | 82 | # Set main parameters. 83 | argc = 0x2 84 | argv = argv_base_addr 85 | 86 | # Push parameters into the stack. 87 | reil_emulator.write_memory(esp + 0x00, 4, 0x41414141) # return address 88 | 89 | reil_emulator.write_memory(esp + 0x04, 4, argc) # argc 90 | reil_emulator.write_memory(esp + 0x08, 4, argv) # argv 91 | 92 | # Set registers. 93 | ctx_init = { 94 | 'registers': { 95 | # Set eflags and stack pointer. 96 | 'eflags': 0x202, 97 | 'esp': esp, 98 | } 99 | } 100 | 101 | # Emulate code. 102 | print("[+] Executing from {:#x} to {:#x}".format(cfg_start.start_address, cfg_end.start_address)) 103 | 104 | ctx_fini = barf.emulate(context=ctx_init, start=cfg_start.start_address, end=cfg_end.start_address) 105 | else: 106 | print("[-] Path unsatisfiable!") 107 | -------------------------------------------------------------------------------- /tests/arch/arm/translators/test_loadstore.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .armtranslator import ArmTranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() in ['armv6l', 'armv7l'], 34 | 'Not running on an ARMv6 system') 35 | class ArmTranslationLoadStoreTests(ArmTranslationTestCase): 36 | 37 | def test_memory_instructions(self): 38 | # R12 is loaded with the memory address. 39 | 40 | instr_samples = [ 41 | ["str r0, [r12]", 42 | "ldr r1, [r12]"], 43 | ["strb r0, [r12]", 44 | "ldrb r1, [r12]"], 45 | ["strh r0, [r12]", 46 | "ldrh r1, [r12]"], 47 | ["strd r6, [r12]", 48 | "ldrd r2, [r12]"], 49 | ["strd r6, r7, [r12]", 50 | "ldrd r8, r9, [r12]"], 51 | ["stm r12!, {r0 - r4}", 52 | "ldmdb r12, {r5 - r9}"], 53 | ["stmia r12, {r8 - r9}", 54 | "ldmia r12, {r1 - r2}"], 55 | ["stmib r12!, {r11}", 56 | "ldmda r12!, {r3}"], 57 | ["add r12, r12, #0x100", 58 | "stmda r12, {r9 - r11}", 59 | "ldmda r12, {r1 - r3}"], 60 | ["add r12, r12, #0x100", 61 | "stmdb r12!, {r3}", 62 | "ldmia r12!, {r9}"], 63 | ["add r12, r12, #0x100", 64 | "stmfd r12, {r2 - r4}"], 65 | ["stmfa r12!, {r1 - r4}"], 66 | ["add r12, r12, #0x100", 67 | "stmed r12, {r6 - r9}"], 68 | ["stmea r12!, {r5 - r7}"], 69 | # NOTE: The last instr. is needed because the emulator has 70 | # no access to the real value of native r13 (SP) which is 71 | # not passed in the context. 72 | ["mov r0, r13", 73 | "mov r13, r12", 74 | "push {r1 - r10}", 75 | "pop {r2 - r11}", 76 | "mov r13, r0", 77 | "mov r0, #0"], 78 | 79 | # TODO: Investigate sporadic seg fault in RPi 80 | # ["mov r0, r13", 81 | # "add r13, r12", 82 | # "push {r2 - r11}", 83 | # "pop {r1 - r10}", 84 | # "mov r13, r0", 85 | # "mov r0, #0"], 86 | ] 87 | 88 | for instr in instr_samples: 89 | self._test_asm_instruction_with_mem(instr, 'r12') 90 | -------------------------------------------------------------------------------- /barf/arch/x86/disassembler.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | """ 26 | This modules contains a x86 disassembler based on the Capstone 27 | disassembly framework. 28 | 29 | """ 30 | from __future__ import absolute_import 31 | 32 | from capstone import * 33 | 34 | from barf.arch import ARCH_X86_MODE_32 35 | from barf.arch import ARCH_X86_MODE_64 36 | from barf.arch.disassembler import Disassembler 37 | from barf.arch.disassembler import DisassemblerError 38 | from barf.arch.x86 import X86ArchitectureInformation 39 | from barf.arch.x86.parser import X86Parser 40 | 41 | 42 | class X86Disassembler(Disassembler): 43 | """X86 Disassembler. 44 | """ 45 | 46 | def __init__(self, architecture_mode): 47 | super(X86Disassembler, self).__init__() 48 | 49 | arch_mode_map = { 50 | ARCH_X86_MODE_32: CS_MODE_32, 51 | ARCH_X86_MODE_64: CS_MODE_64 52 | } 53 | 54 | self._arch_mode = architecture_mode 55 | self._arch_info = X86ArchitectureInformation(architecture_mode) 56 | 57 | self._parser = X86Parser(architecture_mode) 58 | self._disassembler = Cs(CS_ARCH_X86, arch_mode_map[architecture_mode]) 59 | 60 | def disassemble(self, data, address, architecture_mode=ARCH_X86_MODE_32): 61 | """Disassemble the data into an instruction. 62 | """ 63 | asm, size = self._cs_disassemble_one(data, address) 64 | 65 | instr = self._parser.parse(asm) if asm else None 66 | 67 | if instr: 68 | instr.address = address 69 | instr.size = size 70 | instr.bytes = data[0:size] 71 | else: 72 | raise DisassemblerError() 73 | 74 | return instr 75 | 76 | def disassemble_all(self, data, address): 77 | """Disassemble the data into multiple instructions. 78 | """ 79 | raise NotImplementedError() 80 | 81 | def _cs_disassemble_one(self, data, address): 82 | """Disassemble the data into an instruction in string form. 83 | """ 84 | asm, size = "", 0 85 | 86 | disasm = list(self._disassembler.disasm_lite(bytes(data), address)) 87 | 88 | if len(disasm) > 0: 89 | address, size, mnemonic, op_str = disasm[0] 90 | 91 | asm = str(mnemonic + " " + op_str).strip() 92 | 93 | # Quick fix for Capstone 'bug'. 94 | if asm in ["repne", "rep", "lock", "data16"]: 95 | asm, size = "", 0 96 | 97 | return asm, size 98 | -------------------------------------------------------------------------------- /tests/arch/x86/translators/test_string.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .x86translator import X86TranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() == 'x86_64', 34 | 'Not running on an x86_64 system') 35 | class X86TranslationStringTests(X86TranslationTestCase): 36 | 37 | def test_cmpsb(self): 38 | # TODO: Implement. 39 | pass 40 | 41 | def test_cmpsd(self): 42 | # TODO: Implement. 43 | pass 44 | 45 | def test_cmpsw(self): 46 | # TODO: Implement. 47 | pass 48 | 49 | def test_cmpsq(self): 50 | # TODO: Implement. 51 | pass 52 | 53 | def test_lods(self): 54 | # TODO: Implement. 55 | pass 56 | 57 | def test_lodsb(self): 58 | # TODO: Implement. 59 | pass 60 | 61 | def test_lodsw(self): 62 | # TODO: Implement. 63 | pass 64 | 65 | def test_lodsd(self): 66 | # TODO: Implement. 67 | pass 68 | 69 | def test_lodsq(self): 70 | # TODO: Implement. 71 | pass 72 | 73 | def test_movs(self): 74 | # TODO: Implement. 75 | pass 76 | 77 | def test_movsb(self): 78 | # TODO: Implement. 79 | pass 80 | 81 | def test_movsw(self): 82 | # TODO: Implement. 83 | pass 84 | 85 | def test_movsd(self): 86 | # TODO: Implement. 87 | pass 88 | 89 | def test_movsq(self): 90 | # TODO: Implement. 91 | pass 92 | 93 | def test_scas(self): 94 | # TODO: Implement. 95 | pass 96 | 97 | def test_scasb(self): 98 | # TODO: Implement. 99 | pass 100 | 101 | def test_scasw(self): 102 | # TODO: Implement. 103 | pass 104 | 105 | def test_scasd(self): 106 | # TODO: Implement. 107 | pass 108 | 109 | def test_scasq(self): 110 | # TODO: Implement. 111 | pass 112 | 113 | def test_stos(self): 114 | # TODO: Implement. 115 | pass 116 | 117 | def test_stosb(self): 118 | # TODO: Implement. 119 | pass 120 | 121 | def test_stosw(self): 122 | # TODO: Implement. 123 | pass 124 | 125 | def test_stosd(self): 126 | # TODO: Implement. 127 | pass 128 | 129 | def test_stosq(self): 130 | # TODO: Implement. 131 | pass 132 | -------------------------------------------------------------------------------- /tests/core/reil/emulator/test_memory.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import unittest 28 | 29 | from barf.core.reil.emulator import ReilMemory 30 | from barf.core.reil.emulator import ReilMemoryEx 31 | 32 | 33 | class ReilMemoryTests(unittest.TestCase): 34 | 35 | def test_write_read_byte_1(self): 36 | address_size = 32 37 | memory = ReilMemory(address_size) 38 | 39 | addr = 0x00001000 40 | write_val = 0xdeadbeef 41 | 42 | memory.write(addr, 32 // 8, write_val) 43 | read_val = memory.read(addr, 32 // 8) 44 | 45 | self.assertEqual(write_val, read_val) 46 | 47 | def test_write_read_byte_2(self): 48 | address_size = 32 49 | memory = ReilMemory(address_size) 50 | 51 | addr = 0x00001000 52 | write_val = 0xdeadbeef 53 | 54 | memory.write(addr, 32 // 8, write_val) 55 | read_val = memory.read(addr, 32 // 8) 56 | 57 | self.assertEqual(write_val, read_val) 58 | 59 | addr = 0x00001001 60 | write_val = 0x1234 61 | 62 | memory.write(addr, 16 // 8, write_val) 63 | read_val = memory.read(addr, 16 // 8) 64 | 65 | self.assertEqual(write_val, read_val) 66 | 67 | def test_write_read_byte_3(self): 68 | address_size = 32 69 | memory = ReilMemory(address_size) 70 | 71 | addr = 0x00001000 72 | write_val = 0xdeadbeefcafecafe 73 | 74 | memory.write(addr, 64 // 8, write_val) 75 | read_val = memory.read(addr, 64 // 8) 76 | 77 | self.assertEqual(write_val, read_val) 78 | 79 | def test_write_read_byte_4(self): 80 | address_size = 32 81 | memory = ReilMemoryEx(address_size) 82 | 83 | addr0 = 0x00001000 84 | write_val = 0xdeadbeef 85 | 86 | memory.write(addr0, 32 // 8, write_val) 87 | read_val = memory.read(addr0, 32 // 8) 88 | 89 | self.assertEqual(write_val, read_val) 90 | 91 | addr1 = 0x00004000 92 | write_val = 0xdeadbeef 93 | 94 | memory.write(addr1, 32 // 8, write_val) 95 | read_val = memory.read(addr1, 32 // 8) 96 | 97 | self.assertEqual(write_val, read_val) 98 | 99 | addrs = memory.read_inverse(0xdeadbeef, 32 // 8) 100 | 101 | self.assertEqual(addr0, addrs[0]) 102 | self.assertEqual(addr1, addrs[1]) 103 | 104 | 105 | def main(): 106 | unittest.main() 107 | 108 | 109 | if __name__ == '__main__': 110 | main() 111 | -------------------------------------------------------------------------------- /tests/arch/x86/translators/test_logical.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .x86translator import X86TranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() == 'x86_64', 34 | 'Not running on an x86_64 system') 35 | class X86TranslationLogicalTests(X86TranslationTestCase): 36 | 37 | def test_and(self): 38 | asm = ["and eax, ebx"] 39 | 40 | ctx_init = self._init_context() 41 | 42 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 43 | 44 | # Undefined flags... 45 | reil_ctx_out = self._fix_reil_flag(reil_ctx_out, x86_ctx_out, "af") 46 | 47 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 48 | 49 | if not cmp_result: 50 | self._save_failing_context(ctx_init) 51 | 52 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 53 | 54 | def test_not(self): 55 | asm = ["not eax"] 56 | 57 | ctx_init = self._init_context() 58 | 59 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 60 | 61 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 62 | 63 | if not cmp_result: 64 | self._save_failing_context(ctx_init) 65 | 66 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 67 | 68 | def test_or(self): 69 | asm = ["or eax, ebx"] 70 | 71 | ctx_init = self._init_context() 72 | 73 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 74 | 75 | # Undefined flags... 76 | reil_ctx_out = self._fix_reil_flag(reil_ctx_out, x86_ctx_out, "af") 77 | 78 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 79 | 80 | if not cmp_result: 81 | self._save_failing_context(ctx_init) 82 | 83 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 84 | 85 | def test_xor(self): 86 | asm = ["xor eax, ebx"] 87 | 88 | ctx_init = self._init_context() 89 | 90 | x86_ctx_out, reil_ctx_out = self._run_code(asm, 0xdeadbeef, ctx_init) 91 | 92 | # Undefined flags... 93 | reil_ctx_out = self._fix_reil_flag(reil_ctx_out, x86_ctx_out, "af") 94 | 95 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 96 | 97 | if not cmp_result: 98 | self._save_failing_context(ctx_init) 99 | 100 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 101 | -------------------------------------------------------------------------------- /examples/flareon-2015/2/solve.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | 3 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 4 | # All rights reserved. 5 | 6 | # Redistribution and use in source and binary forms, with or without 7 | # modification, are permitted provided that the following conditions are met: 8 | 9 | # 1. Redistributions of source code must retain the above copyright notice, this 10 | # list of conditions and the following disclaimer. 11 | 12 | # 2. Redistributions in binary form must reproduce the above copyright notice, 13 | # this list of conditions and the following disclaimer in the documentation 14 | # and/or other materials provided with the distribution. 15 | 16 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 23 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 25 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 | 27 | from __future__ import absolute_import 28 | from __future__ import print_function 29 | 30 | from barf.analysis.symbolic.emulator import ReilSymbolicEmulator 31 | from barf.analysis.symbolic.emulator import State 32 | from barf.analysis.symbolic.emulator import SymExecResult 33 | from barf.arch.x86 import X86ArchitectureInformation 34 | from barf.core.binary import BinaryFile 35 | from barf.utils.reil import ReilContainerBuilder 36 | 37 | 38 | def solve(): 39 | # 40 | # Load binary 41 | # 42 | binary = BinaryFile("bin/very_success") 43 | 44 | arch_info = X86ArchitectureInformation(binary.architecture_mode) 45 | 46 | # Create a REIL container for the function of interest 47 | functions = [ 48 | ("sub_401084", 0x00401084, 0x004010de) 49 | ] 50 | 51 | reil_container = ReilContainerBuilder(binary).build(functions) 52 | 53 | # 54 | # Set up initial state 55 | # 56 | initial_state = State(arch_info, mode="initial") 57 | 58 | # Set up stack 59 | esp = 0xffffceec 60 | 61 | initial_state.write_register("esp", esp) 62 | 63 | # Set up parameters 64 | user_password_addr = 0x00402159 65 | user_password_len = 0x25 66 | ref_key_addr = 0x004010e4 67 | 68 | initial_state.write_memory(esp + 0xc, 4, user_password_len) 69 | initial_state.write_memory(esp + 0x8, 4, user_password_addr) 70 | initial_state.write_memory(esp + 0x4, 4, ref_key_addr) 71 | initial_state.write_memory(esp + 0x0, 4, 0x41414141) # return address 72 | 73 | # Set memory 74 | for i in range(user_password_len): 75 | initial_state.write_memory(ref_key_addr + i, 1, 76 | binary.text_section[ref_key_addr + i]) 77 | 78 | # 79 | # Run concolic execution 80 | # 81 | sym_exec = ReilSymbolicEmulator(arch_info) 82 | 83 | paths = sym_exec.find_address( 84 | reil_container, start=0x00401084, end=0x004010de, 85 | find=0x004010d5, avoid=[0x004010d7], initial_state=initial_state) 86 | 87 | # There's only one way to reach 'find' address. 88 | assert len(paths) == 1 89 | 90 | # 91 | # Query input buffer and print content 92 | # 93 | final_state = State(arch_info, mode="final") 94 | 95 | se_res = SymExecResult(arch_info, initial_state, paths[0], final_state) 96 | 97 | user_password = bytearray() 98 | 99 | for i in range(user_password_len): 100 | user_password.append(se_res.query_memory(user_password_addr + i, 1)) 101 | 102 | print("User password: {}".format(user_password)) 103 | 104 | assert user_password == bytearray("a_Little_b1t_harder_plez@flare-on.com") 105 | 106 | 107 | if __name__ == "__main__": 108 | solve() 109 | -------------------------------------------------------------------------------- /tests/arch/x86/translators/test_control.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import pyasmjit 29 | import unittest 30 | 31 | from .x86translator import X86TranslationTestCase 32 | 33 | 34 | @unittest.skipUnless(platform.machine().lower() == 'x86_64', 35 | 'Not running on an x86_64 system') 36 | class X86TranslationControlTests(X86TranslationTestCase): 37 | 38 | def test_call(self): 39 | # TODO: Implement. 40 | pass 41 | 42 | def test_jcc(self): 43 | conds = [ 44 | 'a', 'ae', 'b', 'be', 'c', 'e', 'g', 'ge', 'l', 'le', 'na', 'nae', 45 | 'nb', 'nbe', 'nc', 'ne', 'ng', 'nge', 'nl', 'nle', 'no', 'np', 'ns', 46 | 'nz', 'o', 'p', 'pe', 'po', 's', 'z' 47 | ] 48 | 49 | for c in conds: 50 | self.__test_jcc(c) 51 | 52 | def test_jecxz(self): 53 | # TODO: Implement. 54 | pass 55 | 56 | def test_loop(self): 57 | # TODO: Implement. 58 | pass 59 | 60 | def test_loope(self): 61 | # TODO: Implement. 62 | pass 63 | 64 | def test_loopne(self): 65 | # TODO: Implement. 66 | pass 67 | 68 | def test_loopnz(self): 69 | # TODO: Implement. 70 | pass 71 | 72 | def test_loopz(self): 73 | # TODO: Implement. 74 | pass 75 | 76 | def test_ret(self): 77 | # TODO: Implement. 78 | pass 79 | 80 | # Auxiliary functions 81 | # ============================================================================ # 82 | def __test_jcc(self, jmp_cond): 83 | untouched_value = 0x45454545 84 | touched_value = 0x31313131 85 | 86 | asm = [ 87 | "mov rax, 0x{:x}".format(untouched_value), 88 | "j" + jmp_cond + " {:s}", 89 | "mov rax, 0x{:x}".format(touched_value), 90 | "xchg rax, rax", 91 | ] 92 | 93 | asm_reil = list(asm) 94 | asm_reil[1] = asm_reil[1].format(str(0xdeadbeef + 0x3)) 95 | 96 | asm_pyasmjit = list(asm) 97 | asm_pyasmjit[1] = asm_pyasmjit[1].format("$+0x07") 98 | 99 | reil_instrs = self._asm_to_reil(asm_reil, 0xdeadbeef) 100 | 101 | ctx_init = self._init_context() 102 | 103 | _, x86_ctx_out = pyasmjit.x86_64_execute("\n".join(asm_pyasmjit), ctx_init) 104 | reil_ctx_out, _ = self.reil_emulator.execute( 105 | reil_instrs, 106 | start=0xdeadbeef << 8, 107 | registers=ctx_init 108 | ) 109 | 110 | cmp_result = self._compare_contexts(ctx_init, x86_ctx_out, reil_ctx_out) 111 | 112 | if not cmp_result: 113 | self._save_failing_context(ctx_init) 114 | 115 | self.assertTrue(cmp_result, self._print_contexts(ctx_init, x86_ctx_out, reil_ctx_out)) 116 | -------------------------------------------------------------------------------- /barf/utils/utils.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | 26 | def extract_sign_bit(value, size): 27 | return value >> (size-1) 28 | 29 | 30 | def twos_complement(value, size): 31 | return 2**size - value 32 | 33 | 34 | def extract_value(main_value, offset, size): 35 | return (main_value >> offset) & 2**size-1 36 | 37 | 38 | def insert_value(main_value, value_to_insert, offset, size): 39 | main_value &= ~((2**size-1) << offset) 40 | main_value |= (value_to_insert & 2**size-1) << offset 41 | 42 | return main_value 43 | 44 | 45 | def read_c_string(emulator, address, max_length=1024): 46 | i = 0 47 | data = bytearray() 48 | while i < max_length: 49 | b = emulator.read_memory(address + i, 1) 50 | if b == 0: 51 | break 52 | data.append(b) 53 | i += 1 54 | return data.decode() 55 | 56 | 57 | def write_c_string(emulator, address, string): 58 | for i, b in enumerate(bytearray(string + "\x00", encoding='ascii')): 59 | emulator.write_memory(address + i, 1, b) 60 | 61 | 62 | class VariableNamer(object): 63 | """Variable Name Generator.""" 64 | 65 | def __init__(self, base_name, separator="_", counter=0): 66 | self._base_name = base_name 67 | self._counter_init = counter 68 | self._counter_curr = counter 69 | self._separator = separator 70 | 71 | def get_init(self): 72 | """Return initial name. 73 | """ 74 | suffix = self._separator + "%s" % str(self._counter_init) 75 | 76 | return self._base_name + suffix 77 | 78 | def get_current(self): 79 | """Return current name. 80 | """ 81 | suffix = self._separator + "%s" % str(self._counter_curr) 82 | 83 | return self._base_name + suffix 84 | 85 | def get_next(self): 86 | """Return next name. 87 | """ 88 | self._counter_curr += 1 89 | 90 | suffix = self._separator + "%s" % str(self._counter_curr) 91 | 92 | return self._base_name + suffix 93 | 94 | def reset(self): 95 | """Restart name counter. 96 | """ 97 | self._counter_curr = self._counter_init 98 | 99 | 100 | class InvalidAddressError(Exception): 101 | pass 102 | 103 | 104 | class ExecutionCache(object): 105 | 106 | def __init__(self): 107 | self.__container = {} 108 | 109 | def add(self, address, instruction, container): 110 | # NOTE Does not take into account self modifying code. 111 | if address in self.__container: 112 | raise Exception("Invalid instruction") 113 | 114 | self.__container[address] = (instruction, container) 115 | 116 | def retrieve(self, address): 117 | if address not in self.__container: 118 | # print("cache miss!") 119 | raise InvalidAddressError() 120 | 121 | # print("cache hit!") 122 | 123 | return self.__container[address] 124 | -------------------------------------------------------------------------------- /tests/arch/x86/test_x86parser.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import unittest 28 | 29 | from barf.arch import ARCH_X86_MODE_32 30 | from barf.arch import ARCH_X86_MODE_64 31 | from barf.arch.x86.parser import X86Parser 32 | 33 | 34 | class X86Parser32BitsTests(unittest.TestCase): 35 | 36 | def setUp(self): 37 | self._parser = X86Parser(ARCH_X86_MODE_32) 38 | 39 | def test_two_oprnd_reg_reg(self): 40 | asm = self._parser.parse("add eax, ebx") 41 | 42 | self.assertEqual(str(asm), "add eax, ebx") 43 | 44 | def test_two_oprnd_reg_imm(self): 45 | asm = self._parser.parse("add eax, 0x12345678") 46 | 47 | self.assertEqual(str(asm), "add eax, 0x12345678") 48 | 49 | def test_two_oprnd_reg_mem(self): 50 | asm = self._parser.parse("add eax, [ebx + edx * 4 + 0x10]") 51 | 52 | self.assertEqual(str(asm), "add eax, [ebx+edx*4+0x10]") 53 | 54 | def test_two_oprnd_mem_reg(self): 55 | asm = self._parser.parse("add [ebx + edx * 4 + 0x10], eax") 56 | 57 | self.assertEqual(str(asm), "add [ebx+edx*4+0x10], eax") 58 | 59 | def test_one_oprnd_reg(self): 60 | asm = self._parser.parse("inc eax") 61 | 62 | self.assertEqual(str(asm), "inc eax") 63 | 64 | def test_one_oprnd_imm(self): 65 | asm = self._parser.parse("jmp 0x12345678") 66 | 67 | self.assertEqual(str(asm), "jmp 0x12345678") 68 | 69 | def test_one_oprnd_mem(self): 70 | asm = self._parser.parse("inc dword ptr [ebx+edx*4+0x10]") 71 | 72 | self.assertEqual(str(asm), "inc dword ptr [ebx+edx*4+0x10]") 73 | 74 | def test_zero_oprnd(self): 75 | asm = self._parser.parse("nop") 76 | 77 | self.assertEqual(str(asm), "nop") 78 | 79 | # Misc 80 | # ======================================================================== # 81 | def test_misc_1(self): 82 | asm = self._parser.parse("mov dword ptr [-0x21524111], ecx") 83 | 84 | self.assertEqual(str(asm), "mov dword ptr [-0x21524111], ecx") 85 | self.assertNotEqual(str(asm), "mov dword ptr [0xdeadbeef], ecx") 86 | 87 | def test_misc_2(self): 88 | asm = self._parser.parse("fucompi st(1)") 89 | 90 | self.assertEqual(str(asm), "fucompi st1") 91 | 92 | 93 | class X86Parser64BitsTests(unittest.TestCase): 94 | 95 | def setUp(self): 96 | self._parser = X86Parser(ARCH_X86_MODE_64) 97 | 98 | def test_64_two_oprnd_reg_reg(self): 99 | asm = self._parser.parse("add rax, rbx") 100 | 101 | self.assertEqual(str(asm), "add rax, rbx") 102 | 103 | def test_64_two_oprnd_reg_reg_2(self): 104 | asm = self._parser.parse("add rax, r8") 105 | 106 | self.assertEqual(str(asm), "add rax, r8") 107 | 108 | def test_64_two_oprnd_reg_mem(self): 109 | asm = self._parser.parse("add rax, [rbx + r15 * 4 + 0x10]") 110 | 111 | self.assertEqual(str(asm), "add rax, [rbx+r15*4+0x10]") 112 | 113 | # Misc 114 | # ======================================================================== # 115 | def test_misc_offset_1(self): 116 | asm = self._parser.parse("add byte ptr [rax+0xffffff89], cl") 117 | 118 | self.assertEqual(str(asm), "add byte ptr [rax+0xffffff89], cl") 119 | 120 | 121 | def main(): 122 | unittest.main() 123 | 124 | 125 | if __name__ == '__main__': 126 | main() 127 | -------------------------------------------------------------------------------- /tests/arch/test_emulator.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import os 28 | import unittest 29 | 30 | from barf.arch import ARCH_ARM_MODE_ARM 31 | from barf.arch import ARCH_ARM_MODE_THUMB 32 | from barf.arch import ARCH_X86_MODE_32 33 | from barf.arch import ARCH_X86_MODE_64 34 | from barf.arch.arm import ArmArchitectureInformation 35 | from barf.arch.arm.disassembler import ArmDisassembler 36 | from barf.arch.arm.translator import ArmTranslator 37 | from barf.arch.emulator import Emulator 38 | from barf.arch.x86 import X86ArchitectureInformation 39 | from barf.arch.x86.disassembler import X86Disassembler 40 | from barf.arch.x86.translator import X86Translator 41 | from barf.core.binary import BinaryFile 42 | from barf.core.reil.emulator.emulator import ReilEmulator 43 | 44 | 45 | def get_full_path(filename): 46 | return os.path.join(os.path.dirname(os.path.abspath(__file__)), filename) 47 | 48 | 49 | class EmulatorTests(unittest.TestCase): 50 | 51 | def setUp(self): 52 | pass 53 | 54 | def test_emulate_x86(self): 55 | binary = BinaryFile(get_full_path("./samples/bin/loop-simple.x86")) 56 | arch_mode = ARCH_X86_MODE_32 57 | arch_info = X86ArchitectureInformation(arch_mode) 58 | ir_emulator = ReilEmulator(arch_info) 59 | disassembler = X86Disassembler(ARCH_X86_MODE_32) 60 | ir_translator = X86Translator(ARCH_X86_MODE_32) 61 | 62 | emu = Emulator(arch_info, ir_emulator, ir_translator, disassembler) 63 | 64 | emu.load_binary(binary) 65 | 66 | emu.emulate(0x080483db, 0x8048407, {}, None, False) 67 | 68 | def test_emulate_x86_64(self): 69 | binary = BinaryFile(get_full_path("./samples/bin/loop-simple.x86_64")) 70 | arch_mode = ARCH_X86_MODE_64 71 | arch_info = X86ArchitectureInformation(arch_mode) 72 | ir_emulator = ReilEmulator(arch_info) 73 | disassembler = X86Disassembler(ARCH_X86_MODE_64) 74 | ir_translator = X86Translator(ARCH_X86_MODE_64) 75 | 76 | emu = Emulator(arch_info, ir_emulator, ir_translator, disassembler) 77 | 78 | emu.load_binary(binary) 79 | 80 | emu.emulate(0x4004d6, 0x400507, {}, None, False) 81 | 82 | def test_emulate_arm(self): 83 | binary = BinaryFile(get_full_path("./samples/bin/loop-simple.arm")) 84 | arch_mode = ARCH_ARM_MODE_ARM 85 | arch_info = ArmArchitectureInformation(arch_mode) 86 | ir_emulator = ReilEmulator(arch_info) 87 | disassembler = ArmDisassembler(architecture_mode=ARCH_ARM_MODE_ARM) 88 | ir_translator = ArmTranslator(architecture_mode=ARCH_ARM_MODE_ARM) 89 | 90 | emu = Emulator(arch_info, ir_emulator, ir_translator, disassembler) 91 | 92 | emu.load_binary(binary) 93 | 94 | emu.emulate(0x10400, 0x10460, {}, None, True) 95 | 96 | def test_emulate_arm_thumb(self): 97 | binary = BinaryFile(get_full_path("./samples/bin/loop-simple.arm_thumb")) 98 | arch_mode = ARCH_ARM_MODE_THUMB 99 | arch_info = ArmArchitectureInformation(arch_mode) 100 | ir_emulator = ReilEmulator(arch_info) 101 | disassembler = ArmDisassembler(architecture_mode=ARCH_ARM_MODE_THUMB) 102 | ir_translator = ArmTranslator(architecture_mode=ARCH_ARM_MODE_THUMB) 103 | 104 | emu = Emulator(arch_info, ir_emulator, ir_translator, disassembler) 105 | 106 | emu.load_binary(binary) 107 | 108 | emu.emulate(0x10401, 0x10432, {}, None, True) 109 | -------------------------------------------------------------------------------- /tests/arch/arm/test_armparser.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import unittest 28 | 29 | from barf.arch import ARCH_ARM_MODE_THUMB 30 | from barf.arch.arm.parser import ArmParser 31 | 32 | 33 | class ArmParser32BitsTests(unittest.TestCase): 34 | 35 | def setUp(self): 36 | self._parser = ArmParser(ARCH_ARM_MODE_THUMB) 37 | 38 | def test_data_processing_instructions(self): 39 | 40 | inst_samples = [ 41 | "add r0, r0, r1, lsl #4", 42 | "mov r0, #0", 43 | "add r3, r3, #1", 44 | "cmp r7, #1000", 45 | "bic r9, r8, #0xff00", 46 | "mov r2, r0", 47 | "add r4, r3, r2", 48 | "cmp r7, r8", 49 | "mov r2, r0, lsl #2", 50 | "add r9, r5, r5, lsl #3", 51 | "sub r10, r9, r8, lsr #4", 52 | "mov r12, r4, ror r3", 53 | "rsb r9, r5, r8, rrx", 54 | 55 | # Same with condition codes 56 | "addeq r0, r0, r1, lsl #4", 57 | "movne r0, #0", 58 | "addcs r3, r3, #1", 59 | "cmpcc r7, #1000", 60 | "bicmi r9, r8, #0xff00", 61 | "movpl r2, r0", 62 | "addvs r4, r3, r2", 63 | "cmpvc r7, r8", 64 | "movhi r2, r0, lsl #2", 65 | "addls r9, r5, r5, lsl #3", 66 | "subge r10, r9, r8, lsr #4", 67 | "movlt r12, r4, ror r3", 68 | "rsbgt r9, r5, r8, rrx", 69 | "rsble r9, r5, r8, rrx", 70 | "rsbal r9, r5, r8, rrx", 71 | ] 72 | 73 | for i in inst_samples: 74 | asm = self._parser.parse(i) 75 | self.assertEqual(str(asm), i) 76 | 77 | def test_load_store_instructions(self): 78 | 79 | inst_samples = [ 80 | "ldr r2, [r3, #4]", 81 | "ldr r2, [r3, #-0x224]", 82 | "str r2, [r3, -r3]", 83 | "ldr r2, [r3, fp, ror #0x2]", 84 | "str r2, [r3, -#-0x3]", 85 | 86 | "ldr r2, [r3, #4]!", 87 | "str r1, [sp, #-0x2454]!", 88 | "ldr r2, [r0, -sp]!", 89 | "str r2, [r9, r12, lsr #0x33]!", 90 | "ldr r2, [r9, r12, rrx]!", 91 | 92 | "ldr r2, [r3], #4", 93 | "ldr r2, [sp], r0", 94 | "ldr r2, [r3], #-134314", 95 | "ldr r2, [r3], r3, lsl #0x12", 96 | 97 | # A3.11.4 (examples) 98 | "ldr r1, [r0]", 99 | "ldr r8, [r3, #4]", 100 | "ldr r12, [r13, #-4]", 101 | "str r2, [r1, #0x100]", 102 | "strb r4, [r10, #0x200]", 103 | "strb r10, [r7, -r4]", 104 | "ldr r11, [r3, r5, lsl #2]", 105 | "ldr r1, [r0, #4]!", 106 | "strb r7, [r6, #-1]!", 107 | "str r2, [r5], #8", 108 | "ldrh r12, [r13, #-6]", 109 | "ldrsb r4, [r10, #0xc1]", 110 | "strh r10, [r7, -r4]", 111 | "ldrsh r1, [r0, #2]!", 112 | "ldrsb r7, [r6, #-1]!", 113 | "strd r8, [r2, #0x2c]", 114 | "strh r2, [r5], #8", 115 | 116 | # A3.12.1 (examples of load/store multiple) 117 | "stmfd r13, {r0 - r12, lr}", 118 | "ldmfd r13, {r0 - r12, pc}", 119 | "ldmia r0, {r5 - r8}", 120 | "stmda r1, {r2, r5, r7, r11}", 121 | "stmda r1, {r1, r6 - r9, r11}", 122 | ] 123 | 124 | for i in inst_samples: 125 | asm = self._parser.parse(i) 126 | self.assertEqual(str(asm), i) 127 | 128 | 129 | def main(): 130 | unittest.main() 131 | 132 | 133 | if __name__ == '__main__': 134 | main() 135 | -------------------------------------------------------------------------------- /tests/arch/arm/translators/test_data.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | import platform 28 | import unittest 29 | 30 | from .armtranslator import ArmTranslationTestCase 31 | 32 | 33 | @unittest.skipUnless(platform.machine().lower() in ['armv6l', 'armv7l'], 34 | 'Not running on an ARMv6 system') 35 | class ArmTranslationDataTests(ArmTranslationTestCase): 36 | 37 | def test_data_instructions(self): 38 | # NOTE: R13 (SP), R14 (LR), R15 (PC) are outside testing scope. 39 | 40 | instr_samples = [ 41 | # No flags. 42 | ["mov r0, r1"], 43 | ["mov r3, r8"], 44 | ["mov r5, r8"], 45 | ["and r0, r1, r2"], 46 | ["and r0, r6, #0x33"], 47 | ["orr r3, r5, r8"], 48 | ["orr r3, r5, #0x79"], 49 | ["orr r3, r5, r8, lsl #0x19"], 50 | ["eor r3, r5, r8"], 51 | ["eor r8, r4, r5, lsl r6"], 52 | ["eor r8, r4, r5, lsl #0x11"], 53 | ["add r8, r9, r11"], 54 | ["sub r0, r3, r12"], 55 | ["rsb r0, r3, r12"], 56 | ["cmp r3, r12"], 57 | ["cmn r3, r12"], 58 | ["mov r8, r5, lsl r6"], 59 | ["eor r8, r4, r5, lsl r6"], 60 | ["mul r3, r4, r8"], 61 | ["mov r8, #0", 62 | "mul r3, r4, r8"], 63 | ["mul r3, r4, r4"], 64 | # ["movw r5, #0x1235"], # Not supported in ARM mode. 65 | ["mvn r3, r8"], 66 | # ["lsl r7, r2"], 67 | ["lsl r2, r4, #0x0"], 68 | ["lsl r2, r4, #0x1"], 69 | ["lsl r2, r4, #10"], 70 | ["lsl r2, r4, #31"], 71 | 72 | # Flags update. 73 | ["movs r0, #0"], 74 | ["movs r0, #-10"], 75 | ["mov r0, #0x7FFFFFFF", 76 | "mov r1, r0", 77 | "adds r3, r0, r1"], 78 | ["mov r0, #0x7FFFFFFF", 79 | "mov r1, r0", 80 | "subs r3, r0, r1"], 81 | ["mov r0, #0x00FFFFFF", 82 | "add r1, r0, #10", 83 | "subs r3, r0, r1"], 84 | ["mov r0, #0x00FFFFFF", 85 | "add r1, r0, #10", 86 | "rsbs r3, r0, r1"], 87 | ["mov r0, #0xFFFFFFFF", 88 | "adds r3, r0, #10"], 89 | ["mov r0, #0x7FFFFFFF", 90 | "mov r1, #5", 91 | "adds r3, r0, r1"], 92 | ["mov r0, #0x80000000", 93 | "mov r1, #5", 94 | "subs r3, r0, r1"], 95 | ["mov r0, #0x80000000", 96 | "mov r1, #5", 97 | "rsbs r3, r0, r1"], 98 | # ["lsls r2, r4, #0x0"], 99 | # ["lsls r2, r4, #0x1"], 100 | # ["lsls r2, r4, #10"], 101 | # ["lsls r2, r4, #31"], 102 | 103 | # Flags evaluation. 104 | ["moveq r0, r1"], 105 | ["movne r3, r8"], 106 | ["movcs r5, r8"], 107 | ["andcc r0, r1, r2"], 108 | ["andmi r0, r6, #0x33"], 109 | ["orrpl r3, r5, r8"], 110 | ["orrvs r3, r5, #0x79"], 111 | ["orrvc r3, r5, r8, lsl #0x19"], 112 | ["eorhi r3, r5, r8"], 113 | ["eorls r8, r4, r5, lsl r6"], 114 | ["eorge r8, r4, r5, lsl #0x11"], 115 | ["addlt r8, r9, r11"], 116 | ["subgt r0, r3, r12"], 117 | ["rsbgt r0, r3, r12"], 118 | ["cmple r3, r12"], 119 | ["cmnal r3, r12"], 120 | ["addhs r8, r9, r11"], 121 | ["sublo r0, r3, r12"], 122 | ["rsblo r0, r3, r12"], 123 | ] 124 | 125 | for instr in instr_samples: 126 | self._test_asm_instruction(instr) 127 | -------------------------------------------------------------------------------- /barf/tools/cg/cg.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2015, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | from __future__ import print_function 27 | 28 | import argparse 29 | import os 30 | import sys 31 | import time 32 | 33 | from barf.analysis.graphs.callgraph import CallGraph 34 | from barf.barf import BARF 35 | from barf.core.symbols import load_symbols 36 | from barf.tools.common import load_symbols_from_file, recover_cfg_all, recover_cfg_some 37 | 38 | 39 | def init_parser(): 40 | 41 | description = "Tool for recovering CG of a binary." 42 | 43 | parser = argparse.ArgumentParser( 44 | formatter_class=argparse.RawDescriptionHelpFormatter, 45 | description=description) 46 | 47 | parser.add_argument( 48 | "filename", 49 | type=str, 50 | help="Binary file name.") 51 | 52 | parser.add_argument( 53 | "-s", "--symbol-file", 54 | type=str, 55 | help="Load symbols from file.") 56 | 57 | parser.add_argument( 58 | "-f", "--format", 59 | type=str, 60 | default="dot", 61 | choices=["pdf", "png", "dot", "svg"], 62 | help="Output format.") 63 | 64 | parser.add_argument( 65 | "-t", "--time", 66 | action="store_true", 67 | help="Print process time.") 68 | 69 | group = parser.add_mutually_exclusive_group() 70 | 71 | group.add_argument( 72 | "-a", "--recover-all", 73 | action="store_true", 74 | help="Recover all functions.") 75 | 76 | group.add_argument( 77 | "-r", "--recover", 78 | type=str, 79 | help="Recover specified functions by address (comma separated).") 80 | 81 | return parser 82 | 83 | 84 | def main(): 85 | 86 | parser = init_parser() 87 | 88 | args = parser.parse_args() 89 | 90 | # Set default options. 91 | if not args.recover_all and not args.recover: 92 | args.recover_all = True 93 | 94 | process_start = time.time() 95 | 96 | filename = os.path.abspath(args.filename) 97 | 98 | if not os.path.isfile(filename): 99 | print("[-] File not found : {}".format(filename)) 100 | 101 | sys.exit(1) 102 | 103 | # Create an instance of BARF. 104 | try: 105 | barf = BARF(filename) 106 | except Exception: 107 | print("[-] Error opening file : {}".format(filename)) 108 | 109 | sys.exit(1) 110 | 111 | # Load symbols. 112 | print("[+] Parsing symbol table...") 113 | 114 | if args.symbol_file: 115 | symbols_by_addr = load_symbols_from_file(args.symbol_file) 116 | else: 117 | symbols_by_addr = load_symbols(filename) 118 | 119 | # Recover CFGs. 120 | print("[+] Recovering CFGs...") 121 | 122 | if args.recover_all: 123 | cfgs = recover_cfg_all(barf, symbols_by_addr) 124 | 125 | if args.recover: 126 | addresses = [int(addr, 16) for addr in args.recover.split(",")] 127 | 128 | cfgs = recover_cfg_some(barf, addresses, symbols_by_addr) 129 | 130 | print("[+] Number of CFGs recovered: {:d}".format(len(cfgs))) 131 | 132 | # Recover CG. 133 | print("[+] Recovering program CG...") 134 | 135 | cfgs_filtered = [] 136 | for cfg in cfgs: 137 | if len(cfg.basic_blocks) == 0: 138 | print("[*] Ignoring empty CFG: {}".format(cfg.name)) 139 | continue 140 | 141 | cfgs_filtered.append(cfg) 142 | 143 | cg = CallGraph(cfgs_filtered) 144 | 145 | cg.save(filename.split(os.path.sep)[-1] + "_cg", format=args.format) 146 | 147 | process_end = time.time() 148 | 149 | if args.time: 150 | process_time = process_end - process_start 151 | 152 | print("[+] Process time: {:.3f}s".format(process_time)) 153 | 154 | 155 | if __name__ == "__main__": 156 | 157 | main() 158 | -------------------------------------------------------------------------------- /barf/arch/x86/translators/logical.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | 26 | # "Logical Instructions" 27 | # ============================================================================ # 28 | def _translate_and(self, tb, instruction): 29 | # Flags Affected 30 | # The OF and CF flags are cleared; the SF, ZF, and PF flags are 31 | # set according to the result. The state of the AF flag is 32 | # undefined. 33 | 34 | oprnd0 = self._reg_acc_translator.read(tb, instruction.operands[0]) 35 | oprnd1 = self._reg_acc_translator.read(tb, instruction.operands[1]) 36 | 37 | tmp0 = tb.temporal(oprnd0.size * 2) 38 | 39 | tb.add(self._builder.gen_and(oprnd0, oprnd1, tmp0)) 40 | 41 | # Flags : OF, CF 42 | self._flag_translator.clear_flag(tb, self._flags.of) 43 | self._flag_translator.clear_flag(tb, self._flags.cf) 44 | 45 | # Flags : SF, ZF, PF 46 | self._flag_translator.update_sf(tb, oprnd0, tmp0) 47 | self._flag_translator.update_zf(tb, oprnd0, tmp0) 48 | self._flag_translator.update_pf(tb, tmp0) 49 | 50 | # Flags : AF 51 | self._flag_translator.undefine_flag(tb, self._flags.af) 52 | 53 | self._reg_acc_translator.write(tb, instruction.operands[0], tmp0) 54 | 55 | 56 | def _translate_not(self, tb, instruction): 57 | # Flags Affected 58 | # None. 59 | 60 | oprnd0 = self._reg_acc_translator.read(tb, instruction.operands[0]) 61 | 62 | tmp0 = tb.temporal(oprnd0.size * 2) 63 | 64 | imm0 = tb.immediate((2 ** oprnd0.size) - 1, oprnd0.size) 65 | 66 | tb.add(self._builder.gen_xor(oprnd0, imm0, tmp0)) 67 | 68 | self._reg_acc_translator.write(tb, instruction.operands[0], tmp0) 69 | 70 | 71 | def _translate_or(self, tb, instruction): 72 | # Flags Affected 73 | # The OF and CF flags are cleared; the SF, ZF, and PF flags are 74 | # set according to the result. The state of the AF flag is 75 | # undefined. 76 | 77 | oprnd0 = self._reg_acc_translator.read(tb, instruction.operands[0]) 78 | oprnd1 = self._reg_acc_translator.read(tb, instruction.operands[1]) 79 | 80 | tmp0 = tb.temporal(oprnd0.size * 2) 81 | 82 | tb.add(self._builder.gen_or(oprnd0, oprnd1, tmp0)) 83 | 84 | # Flags : OF, CF 85 | self._flag_translator.clear_flag(tb, self._flags.of) 86 | self._flag_translator.clear_flag(tb, self._flags.cf) 87 | 88 | # Flags : SF, ZF, PF 89 | self._flag_translator.update_sf(tb, oprnd0, tmp0) 90 | self._flag_translator.update_zf(tb, oprnd0, tmp0) 91 | self._flag_translator.update_pf(tb, tmp0) 92 | 93 | # Flags : AF 94 | self._flag_translator.undefine_flag(tb, self._flags.af) 95 | 96 | self._reg_acc_translator.write(tb, instruction.operands[0], tmp0) 97 | 98 | 99 | def _translate_xor(self, tb, instruction): 100 | # Flags Affected 101 | # The OF and CF flags are cleared; the SF, ZF, and PF flags are set 102 | # according to the result. The state of the AF flag is 103 | # undefined. 104 | 105 | oprnd0 = self._reg_acc_translator.read(tb, instruction.operands[0]) 106 | oprnd1 = self._reg_acc_translator.read(tb, instruction.operands[1]) 107 | 108 | tmp0 = tb.temporal(oprnd0.size * 2) 109 | 110 | tb.add(self._builder.gen_xor(oprnd0, oprnd1, tmp0)) 111 | 112 | # Flags : OF, CF 113 | self._flag_translator.clear_flag(tb, self._flags.of) 114 | self._flag_translator.clear_flag(tb, self._flags.cf) 115 | 116 | # Flags : SF, ZF, PF 117 | self._flag_translator.update_sf(tb, oprnd0, tmp0) 118 | self._flag_translator.update_zf(tb, oprnd0, tmp0) 119 | self._flag_translator.update_pf(tb, tmp0) 120 | 121 | # Flags : AF 122 | self._flag_translator.undefine_flag(tb, self._flags.af) 123 | 124 | self._reg_acc_translator.write(tb, instruction.operands[0], tmp0) 125 | 126 | 127 | dispatcher = { 128 | 'and': _translate_and, 129 | 'not': _translate_not, 130 | 'or': _translate_or, 131 | 'xor': _translate_xor, 132 | } 133 | -------------------------------------------------------------------------------- /examples/flareon-2015/2/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | We'll show you how to solve **challenge #2** from [Flare-On Challenges 2015](http://flare-on.com/files/2015_FLAREOn_Challenges.zip). 4 | 5 | Challenge #2 is a windows binary that asks for a password. When the correct password is provided it prints **You're success**, otherwise it prints **You're failure**. 6 | 7 | Instead of manually reversing the binary to find the correct password, we'll solve it automatically using the **concolic execution** feature provided by **BARF**. 8 | 9 | ## Quick analysis 10 | 11 | The main function is located at address ``0x401000`` (graph below) and is responsible for checking the password and printing the messages. If you enter the correct password, the branch at address ``0x40106b`` is taken and the successful message is printed. The branch is taken based on the result of the function ``0x401084``, which has to be ``non-zero``. 12 | 13 | ![sub_401084](cfg/sub_401000.png) 14 | 15 | Now, let's take a look at function ``sub_401084``. The first thing to note is that it takes three parameters. The second, that there's a loop at address ``0x4010a2`` that processes bytes from one address and compares them to the bytes of the other address, one at a time. Soon we realize, these addresses correspond to the input buffer and a hardcoded string that we'll call the reference key. The missing parameter is the length of the input data. 16 | 17 | ![sub_401084](cfg/sub_401084.png) 18 | 19 | ## Finding the correct password 20 | 21 | So, if we want the program to print **You're success** we'll have to reverse the latter function so we can understand how to build a string that after being processed matches the reference key. However, there is a much easier way to achieve the same goal, automatically, using **concolic execution**. That is, we'll execute the function and set the input buffer as symbolic. Also, we'll mark address ``0x004010d5`` as our target address. If you take a loop at the CFG you'll see that execution goes through this path if and only if the password is correct. In short, we'll do the following: 22 | 23 | 1. **Load** the binary; 24 | 2. **Create** a initial and a final state, setting the conditions on which the function should start and end; 25 | 4. **Execute** the function concolically and set address ``0x004010d5`` as our target and, finally, 26 | 5. **Retrieve** the content of the input buffer from memory. 27 | 28 | ### Loading the binary 29 | 30 | To load the binary, we create a instance of a ``BinaryFile``. Then, we create a ``ReilContainer`` for the function of interest, in this case, function ``sub_401084``. 31 | 32 | ```python 33 | # Load the binary 34 | binary = BinaryFile("bin/very_success") 35 | 36 | arch_info = X86ArchitectureInformation(binary.architecture_mode) 37 | 38 | # Create a REIL container for the function of interest 39 | functions = [ 40 | # name | start | end 41 | ("sub_401084", 0x00401084, 0x004010de) 42 | ] 43 | 44 | reil_container = ReilContainerBuilder(binary).build(functions) 45 | ``` 46 | 47 | ### Create an initial and a final State 48 | 49 | We create an **initial state** so we can specify the value of registers and memory once the concolic execution starts. In this case, we set the value of the stack pointer (``esp``) and the parameters aforementioned. We also extract the hardcoded reference key from the binary and write it to memory. 50 | 51 | We do the same for the **final state**, however, there's nothing we would like to set or assert once the execution finishes. 52 | 53 | ```python 54 | # Set up initial state 55 | initial_state = State(arch_info, mode="initial") 56 | 57 | # Set up stack pointer 58 | esp = 0xffffceec 59 | 60 | initial_state.write_register(esp, 0xffffceec) 61 | 62 | # Set up parameters 63 | initial_state.write_memory(esp + 0xc, 4, 0x25) # password length 64 | initial_state.write_memory(esp + 0x8, 4, 0x00402159) # password address 65 | initial_state.write_memory(esp + 0x4, 4, 0x004010e4) # reference key address 66 | 67 | # Set memory content 68 | for i in xrange(user_password_len): 69 | initial_state.write_memory(ref_key_addr + i, 1, 70 | ord(binary.text_section[ref_key_addr + i])) 71 | 72 | # Set up final state 73 | final_state = State(arch_info, mode="final") 74 | ``` 75 | 76 | ### Execute the Function Concolically 77 | 78 | Now, it is all set to **concolically execute** the function. 79 | 80 | ```python 81 | sym_exec = ReilSymbolicExecutor(binary.architecture_mode) 82 | 83 | paths = sym_exec.find_address( 84 | reil_container, start=0x00401084, end=0x004010de, 85 | find=0x004010d5, avoid=[0x004010d7], initial_state=initial_state) 86 | ``` 87 | 88 | As you can see, what we are trying to do here is to find a path that connects the initial state at address ``0x00401084`` to a final state at address ``0x004010de``. Once found, we can query the memory for the input buffer. 89 | 90 | ### Retrieve the Content of the Input Buffer from Memory 91 | 92 | ```python 93 | # Query the memory for input buffer content 94 | se_res = SymExecResult(arch_info, initial_state, paths[0], final_state, 95 | binary.architecture_mode) 96 | 97 | user_password = bytearray() 98 | 99 | for i in xrange(user_password_len): 100 | user_password.append(se_res.query_memory(user_password_addr + i, 1)) 101 | ``` 102 | 103 | ## Conclusion 104 | 105 | You can see the full script [here](solve.py). 106 | -------------------------------------------------------------------------------- /barf/arch/x86/helpers.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | 26 | def fix_flags(src_flag, dst_flag, flags, arch_info): 27 | for flag in flags: 28 | _, bit = arch_info.alias_mapper[flag] 29 | 30 | # Clean flag. 31 | dst_flag &= ~(2**bit) & (2**32-1) 32 | 33 | # Copy flag. 34 | dst_flag |= (src_flag & 2**bit) 35 | 36 | return src_flag 37 | 38 | 39 | def compare_contexts(context_init, x86_context, reil_context): 40 | match = True 41 | mask = 2**64-1 42 | 43 | for reg in sorted(context_init.keys()): 44 | if (x86_context[reg] & mask) != (reil_context[reg] & mask): 45 | match = False 46 | break 47 | 48 | return match 49 | 50 | 51 | def print_contexts(context_init, x86_context, reil_context, skip=None): 52 | header_fmt = " {0:^12s}: {1:^16s} | {2:^16s} || {3:^16s}\n" 53 | header = header_fmt.format("Register", "Initial", "Expected", "Obtained") 54 | ruler = "-" * len(header) + "\n" 55 | 56 | out = header 57 | out += ruler 58 | 59 | fmt = " {0:>12s}: {1:016x} | {2:016x} {eq} {3:016x} {marker}\n" 60 | 61 | mask = 2**64-1 62 | 63 | for reg in sorted(context_init.keys()): 64 | if skip and reg in skip: 65 | continue 66 | 67 | if (x86_context[reg] & mask) != (reil_context[reg] & mask): 68 | eq, marker = "!=", "<" 69 | else: 70 | eq, marker = "==", "" 71 | 72 | out += fmt.format( 73 | reg, 74 | context_init[reg] & mask, 75 | x86_context[reg] & mask, 76 | reil_context[reg] & mask, 77 | eq=eq, 78 | marker=marker 79 | ) 80 | 81 | # Pretty print flags. 82 | fmt = "{0:>6s} ({1:>8s}): {2:016x} ({3:s})" 83 | 84 | reg = "eflags" if "eflags" in context_init else "rflags" 85 | 86 | init_value = context_init[reg] 87 | x86_value = x86_context[reg] 88 | reil_value = reil_context[reg] 89 | 90 | init_flags_str = print_flags(context_init[reg]) 91 | x86_flags_str = print_flags(x86_context[reg]) 92 | reil_flags_str = print_flags(reil_context[reg]) 93 | 94 | out += "\n" 95 | out += fmt.format(reg, "initial", init_value, init_flags_str) + "\n" 96 | out += fmt.format(reg, "expected", x86_value, x86_flags_str) + "\n" 97 | out += fmt.format(reg, "obtained", reil_value, reil_flags_str) 98 | 99 | return out 100 | 101 | 102 | def print_registers(registers): 103 | out = "" 104 | 105 | header_fmt = " {0:^8s} : {1:^16s}\n" 106 | header = header_fmt.format("Register", "Value") 107 | ruler = "-" * len(header) + "\n" 108 | 109 | out += header 110 | out += ruler 111 | 112 | fmt = " {0:>8s} : {1:016x}\n" 113 | 114 | for reg in sorted(registers.keys()): 115 | out += fmt.format(reg, registers[reg]) 116 | 117 | return out 118 | 119 | 120 | def print_flags(flags): 121 | # flags 122 | flags_mapper = { 123 | 0: "cf", # bit 0 124 | 2: "pf", # bit 2 125 | 4: "af", # bit 4 126 | 6: "zf", # bit 6 127 | 7: "sf", # bit 7 128 | 10: "df", # bit 10 129 | 11: "of", # bit 11 130 | } 131 | 132 | out = "" 133 | 134 | for bit, flag in flags_mapper.items(): 135 | flag_str = flag.upper() if flags & 2**bit else flag.lower() 136 | out += flag_str + " " 137 | 138 | return out[:-1] 139 | 140 | 141 | def print_stack(emulator, sp, addr_size): 142 | out = "" 143 | 144 | header_fmt = " {0:^15s} : {1:^16s}\n" 145 | header = header_fmt.format("Address", "Value") 146 | ruler = "-" * len(header) + "\n" 147 | 148 | out += header 149 | out += ruler 150 | 151 | for addr in range(sp - 6*addr_size, sp + 6*addr_size, addr_size): 152 | value = emulator.read_memory(addr, addr_size) 153 | 154 | if addr == sp: 155 | out += "{:016x} : {:016x} <\n".format(addr, value) 156 | else: 157 | out += "{:016x} : {:016x}\n".format(addr, value) 158 | 159 | return out 160 | 161 | -------------------------------------------------------------------------------- /barf/arch/arm/translators/branch.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | 27 | from barf.arch.arm import ArmImmediateOperand 28 | from barf.arch.arm import ArmRegisterOperand 29 | from barf.arch.arm.helpers import ArmConditionCodeHelper 30 | from barf.arch.helper import and_regs 31 | from barf.core.reil import ReilImmediateOperand 32 | from barf.core.reil import ReilRegisterOperand 33 | 34 | 35 | # "Branch Instructions" 36 | # ============================================================================ # 37 | def _translate_b(self, tb, instruction): 38 | _translate_branch(self, tb, instruction, link=False) 39 | 40 | 41 | def _translate_bl(self, tb, instruction): 42 | _translate_branch(self, tb, instruction, link=True) 43 | 44 | 45 | # TODO: Thumb 46 | def _translate_bx(self, tb, instruction): 47 | _translate_branch(self, tb, instruction, link=False) 48 | 49 | 50 | def _translate_blx(self, tb, instruction): 51 | _translate_branch(self, tb, instruction, link=True) 52 | 53 | 54 | def _translate_bne(self, tb, instruction): 55 | _translate_branch(self, tb, instruction, link=False) 56 | 57 | 58 | def _translate_beq(self, tb, instruction): 59 | _translate_branch(self, tb, instruction, link=False) 60 | 61 | 62 | def _translate_bpl(self, tb, instruction): 63 | _translate_branch(self, tb, instruction, link=False) 64 | 65 | 66 | def _translate_ble(self, tb, instruction): 67 | _translate_branch(self, tb, instruction, link=False) 68 | 69 | 70 | def _translate_bcs(self, tb, instruction): 71 | _translate_branch(self, tb, instruction, link=False) 72 | 73 | 74 | def _translate_bhs(self, tb, instruction): 75 | _translate_branch(self, tb, instruction, link=False) 76 | 77 | 78 | def _translate_blt(self, tb, instruction): 79 | _translate_branch(self, tb, instruction, link=False) 80 | 81 | 82 | def _translate_bge(self, tb, instruction): 83 | _translate_branch(self, tb, instruction, link=False) 84 | 85 | 86 | def _translate_bhi(self, tb, instruction): 87 | _translate_branch(self, tb, instruction, link=False) 88 | 89 | 90 | def _translate_blo(self, tb, instruction): 91 | _translate_branch(self, tb, instruction, link=False) 92 | 93 | 94 | def _translate_bls(self, tb, instruction): 95 | _translate_branch(self, tb, instruction, link=False) 96 | 97 | 98 | def _translate_branch(self, tb, instruction, link): 99 | oprnd_cc = ArmConditionCodeHelper.evaluate_cond_code(self._flags, tb, instruction.condition_code) 100 | 101 | arm_operand = instruction.operands[0] 102 | 103 | if isinstance(arm_operand, ArmImmediateOperand): 104 | target = ReilImmediateOperand(arm_operand.immediate << 8, self._pc.size + 8) 105 | elif isinstance(arm_operand, ArmRegisterOperand): 106 | target = ReilRegisterOperand(arm_operand.name, arm_operand.size) 107 | target = and_regs(tb, target, ReilImmediateOperand(0xFFFFFFFE, target.size)) 108 | 109 | tmp0 = tb.temporal(target.size + 8) 110 | tmp1 = tb.temporal(target.size + 8) 111 | 112 | tb.add(self._builder.gen_str(target, tmp0)) 113 | tb.add(self._builder.gen_bsh(tmp0, ReilImmediateOperand(8, target.size + 8), tmp1)) 114 | 115 | target = tmp1 116 | else: 117 | raise NotImplementedError("Instruction Not Implemented: Unknown operand for branch operation.") 118 | 119 | if link: 120 | tb.add(self._builder.gen_str(ReilImmediateOperand(instruction.address + instruction.size, self._pc.size), 121 | self._lr)) 122 | 123 | tb.add(self._builder.gen_jcc(oprnd_cc, target)) 124 | 125 | 126 | dispatcher = { 127 | 'b': _translate_b, 128 | 'bl': _translate_bl, 129 | 'bx': _translate_bx, 130 | 'blx': _translate_blx, 131 | 'bne': _translate_bne, 132 | 'beq': _translate_beq, 133 | 'bpl': _translate_bpl, 134 | 'ble': _translate_ble, 135 | 'bcs': _translate_bcs, 136 | 'bhs': _translate_bhs, 137 | 'blt': _translate_blt, 138 | 'bge': _translate_bge, 139 | 'bhi': _translate_bhi, 140 | 'blo': _translate_blo, 141 | 'bls': _translate_bls, 142 | } 143 | -------------------------------------------------------------------------------- /barf/core/reil/container.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2014, Fundacion Dr. Manuel Sadosky 2 | # All rights reserved. 3 | 4 | # Redistribution and use in source and binary forms, with or without 5 | # modification, are permitted provided that the following conditions are met: 6 | 7 | # 1. Redistributions of source code must retain the above copyright notice, this 8 | # list of conditions and the following disclaimer. 9 | 10 | # 2. Redistributions in binary form must reproduce the above copyright notice, 11 | # this list of conditions and the following disclaimer in the documentation 12 | # and/or other materials provided with the distribution. 13 | 14 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | 25 | from __future__ import absolute_import 26 | from __future__ import print_function 27 | 28 | from barf.core.reil.helpers import split_address 29 | from barf.core.reil.helpers import to_asm_address 30 | 31 | 32 | class ReilSequenceInvalidAddressError(Exception): 33 | pass 34 | 35 | 36 | class ReilSequence(object): 37 | 38 | """Reil instruction sequence. 39 | """ 40 | 41 | def __init__(self, assembly=None): 42 | self.__assembly = assembly 43 | self.__sequence = [] 44 | self.__next_seq_address = None 45 | 46 | @property 47 | def assembly(self): 48 | return self.__assembly 49 | 50 | def append(self, instruction): 51 | self.__sequence.append(instruction) 52 | 53 | def fetch(self, address): 54 | base_addr, index = split_address(address) 55 | 56 | if base_addr != to_asm_address(self.address): 57 | raise ReilSequenceInvalidAddressError() 58 | 59 | return self.get(index) 60 | 61 | def get(self, index): 62 | return self.__sequence[index] 63 | 64 | def get_next_address(self, address): 65 | base_addr, index = split_address(address) 66 | 67 | if base_addr != to_asm_address(self.address): 68 | raise ReilSequenceInvalidAddressError() 69 | 70 | addr = address 71 | 72 | if index < len(self.__sequence) - 1: 73 | addr += 1 74 | else: 75 | raise ReilSequenceInvalidAddressError() 76 | 77 | return addr 78 | 79 | def dump(self): 80 | for instr in self.__sequence: 81 | base_addr, index = split_address(instr.address) 82 | 83 | print("{:08x}:{:02x}\t{}".format(base_addr, index, instr)) 84 | 85 | @property 86 | def address(self): 87 | return self.__sequence[0].address if self.__sequence else None 88 | 89 | @property 90 | def next_sequence_address(self): 91 | return self.__next_seq_address 92 | 93 | @next_sequence_address.setter 94 | def next_sequence_address(self, address): 95 | self.__next_seq_address = address 96 | 97 | def __len__(self): 98 | return len(self.__sequence) 99 | 100 | def __iter__(self): 101 | for instr in self.__sequence: 102 | yield instr 103 | 104 | 105 | class ReilContainerInvalidAddressError(Exception): 106 | pass 107 | 108 | 109 | class ReilContainer(object): 110 | 111 | """Reil instruction container. 112 | """ 113 | 114 | def __init__(self): 115 | self.__container = {} 116 | 117 | def add(self, sequence): 118 | base_addr, _ = split_address(sequence.address) 119 | 120 | if base_addr in self.__container.keys(): 121 | raise Exception("Invalid sequence") 122 | 123 | self.__container[base_addr] = sequence 124 | 125 | def fetch(self, address): 126 | base_addr, index = split_address(address) 127 | 128 | if base_addr not in self.__container: 129 | raise ReilContainerInvalidAddressError() 130 | 131 | return self.__container[base_addr].get(index) 132 | 133 | def fetch_sequence(self, address): 134 | base_addr, index = split_address(address) 135 | 136 | if base_addr not in self.__container: 137 | raise ReilContainerInvalidAddressError() 138 | 139 | return self.__container[base_addr] 140 | 141 | def get_next_address(self, address): 142 | base_addr, index = split_address(address) 143 | 144 | if base_addr not in self.__container: 145 | raise Exception("Invalid address.") 146 | 147 | addr = address 148 | 149 | if index < len(self.__container[base_addr]) - 1: 150 | addr += 1 151 | else: 152 | addr = self.__container[base_addr].next_sequence_address 153 | 154 | return addr 155 | 156 | def dump(self): 157 | for base_addr in sorted(self.__container.keys()): 158 | self.__container[base_addr].dump() 159 | 160 | print("-" * 80) 161 | 162 | def __iter__(self): 163 | for addr in sorted(self.__container.keys()): 164 | for instr in self.__container[addr]: 165 | yield instr 166 | --------------------------------------------------------------------------------