diff options
author | Timo Röhling <roehling@debian.org> | 2023-06-12 13:32:31 +0200 |
---|---|---|
committer | Timo Röhling <roehling@debian.org> | 2023-06-12 13:32:31 +0200 |
commit | d2a3b5f42b8e380a1ac87084a9fef002655d0555 (patch) | |
tree | 1cd4044a70c9fd100b1b18ca5d606ae7d314b1f9 | |
parent | 0ba0716f87d77a4c526c151cf5126419f9b3fea7 (diff) |
New upstream version 4.10.0
77 files changed, 1673 insertions, 711 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2f6a2b2..32c7142 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -198,6 +198,8 @@ jobs: pypi: runs-on: ubuntu-latest if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') + permissions: + id-token: write needs: test steps: - name: Download artifacts @@ -207,10 +209,7 @@ jobs: path: dist - name: Publish package - uses: pypa/gh-action-pypi-publish@v1.1.0 - with: - user: __token__ - password: ${{ secrets.pypi_password }} + uses: pypa/gh-action-pypi-publish@release/v1 - if: failure() run: ls -R diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 5a50f8e..fbe46f4 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -28,10 +28,10 @@ jobs: set -x pip install pylint pip install --upgrade -r requirements.txt - pylint --exit-zero --errors-only pwnlib > current.txt + pylint --exit-zero --errors-only pwnlib -f parseable | cut -d ' ' -f2- > current.txt git fetch origin git checkout origin/"$GITHUB_BASE_REF" - pylint --exit-zero --errors-only pwnlib > base.txt + pylint --exit-zero --errors-only pwnlib -f parseable | cut -d ' ' -f2- > base.txt if diff base.txt current.txt | grep '>'; then false fi @@ -21,3 +21,4 @@ venv .idea __pycache__ !.github +.DS_Store diff --git a/CHANGELOG.md b/CHANGELOG.md index 300c739..03bfd99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,9 +9,10 @@ The table below shows which release corresponds to each branch, and what date th | Version | Branch | Release Date | | ---------------- | -------- | ---------------------- | -| [4.11.0](#4110) | `dev` | -| [4.10.0](#4100) | `beta` | -| [4.9.0](#490) | `stable` | Dec 29, 2022 +| [4.12.0](#4120) | `dev` | +| [4.11.0](#4110) | `beta` | +| [4.10.0](#4100) | `stable` | May 21, 2023 +| [4.9.0](#490) | | Dec 29, 2022 | [4.8.0](#480) | | Apr 21, 2022 | [4.7.1](#471) | | Apr 20, 2022 | [4.7.0](#470) | | Nov 15, 2021 @@ -65,25 +66,52 @@ The table below shows which release corresponds to each branch, and what date th | [3.0.0](#300) | | Aug 20, 2016 | [2.2.0](#220) | | Jan 5, 2015 -## 4.11.0 (`dev`) +## 4.12.0 (`dev`) -## 4.10.0 (`beta`) +## 4.11.0 (`beta`) +- [#2185][2185] make fmtstr module able to create payload without $ notation - [#2062][2062] make pwn cyclic -l work with entry larger than 4 bytes - [#2092][2092] shellcraft: dup() is now called dupio() consistently across all supported arches - [#2093][2093] setresuid() in shellcraft uses current euid by default +- [#2103][2103] Add search for libc binary by leaked function addresses `libcdb.search_by_symbol_offsets()` - [#2125][2125] Allow tube.recvregex to return capture groups - [#2144][2144] Removes `p2align 2` `asm()` headers from `x86-32`, `x86-64` and `mips` architectures to avoid inconsistent instruction length when patching binaries +- [#2177][2177] Support for RISC-V 64-bit architecture +- [#2186][2186] Enhance `ELF.nx` and `ELF.execstack` +- [#2129][2129] Handle `context.newline` correctly when typing in `tube.interactive()` +[2185]: https://github.com/Gallopsled/pwntools/pull/2185 [2062]: https://github.com/Gallopsled/pwntools/pull/2062 [2092]: https://github.com/Gallopsled/pwntools/pull/2092 [2093]: https://github.com/Gallopsled/pwntools/pull/2093 +[2103]: https://github.com/Gallopsled/pwntools/pull/2103 [2125]: https://github.com/Gallopsled/pwntools/pull/2125 [2144]: https://github.com/Gallopsled/pwntools/pull/2144 +[2177]: https://github.com/Gallopsled/pwntools/pull/2177 +[2186]: https://github.com/Gallopsled/pwntools/pull/2186 +[2129]: https://github.com/Gallopsled/pwntools/pull/2129 -## 4.9.0 (`stable`) +## 4.10.0 (`stable`) + +In memoriam — [Zach Riggle][zach] — long time contributor and maintainer of Pwntools. + +- [#2062][2062] make pwn cyclic -l work with entry larger than 4 bytes +- [#2092][2092] shellcraft: dup() is now called dupio() consistently across all supported arches +- [#2093][2093] setresuid() in shellcraft uses current euid by default +- [#2125][2125] Allow tube.recvregex to return capture groups +- [#2144][2144] Removes `p2align 2` `asm()` headers from `x86-32`, `x86-64` and `mips` architectures to avoid inconsistent instruction length when patching binaries + +[2062]: https://github.com/Gallopsled/pwntools/pull/2062 +[2092]: https://github.com/Gallopsled/pwntools/pull/2092 +[2093]: https://github.com/Gallopsled/pwntools/pull/2093 +[2125]: https://github.com/Gallopsled/pwntools/pull/2125 +[2144]: https://github.com/Gallopsled/pwntools/pull/2144 +[zach]: https://github.com/zachriggle + +## 4.9.0 - [#1975][1975] Add libcdb commandline tool - [#1979][1979] Add `js_escape()` and `js_unescape()` to `util.fiddling` @@ -4,7 +4,7 @@ [![PyPI](https://img.shields.io/pypi/v/pwntools?style=flat)](https://pypi.python.org/pypi/pwntools/) [![Docs](https://readthedocs.org/projects/pwntools/badge/?version=stable)](https://docs.pwntools.com/) [![Travis](https://img.shields.io/travis/Gallopsled/pwntools/dev?logo=Travis)](https://travis-ci.org/Gallopsled/pwntools) -[![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/Gallopsled/pwntools/Continuous%20Integration/dev?logo=GitHub)](https://github.com/Gallopsled/pwntools/actions?query=workflow%3A%22Continuous+Integration%22+branch%3Adev) +[![GitHub Workflow Status (dev)](https://img.shields.io/github/actions/workflow/status/Gallopsled/pwntools/ci.yml?branch=dev&logo=GitHub)](https://github.com/Gallopsled/pwntools/actions/workflows/ci.yml?query=branch%3Adev) [![Coveralls](https://img.shields.io/coveralls/github/Gallopsled/pwntools/dev?logo=coveralls)](https://coveralls.io/github/Gallopsled/pwntools?branch=dev) [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat)](http://choosealicense.com/licenses/mit/) [![Packaging status](https://img.shields.io/repology/repositories/python:pwntools)](https://repology.org/project/python:pwntools/versions) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..41b8580 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------------- | ------------------ | +| latest dev | :white_check_mark: | +| latest beta | :white_check_mark: | +| latest stable | :white_check_mark: | +| anything else | :x: | + +## Reporting a Vulnerability + +The aim of pwntools is exploiting software vulnerabilities, which is an unusual position, but it nevertheless can have its own security issues. +Especially that an attacker (=re-victim) is usually not prepared to be attacked back (by the re-attacker). + +The first question to ask yourself is: is this an actual vulnerability? +- can it be triggered by a re-attacker (malicious honeypot pretending to be a vulnerable service)? +- does it impact the attacker (=re-victim)? +- is it serious? + * *availability: medium* means *at least* exhausting RAM or disk space of the attacker (=re-victim) + * *confidentiality: medium* means *at least* reading the filesystem of the attacker (=re-victim) + * *integrity: medium* means *at least* performing uncontrolled actions or data corruption on behalf of the attacker (=re-victim) + * if crucial for some sophisticated exploit chain, it is always serious + * `safe_eval` bypasses **are** serious. + * an example of what was **kind of** serious: [#1732](https://github.com/Gallopsled/pwntools/pull/1732) +- can it be fixed without compromising on Pwntools' usability? + +If at least one of the answers is no, then this is NOT a vulnerability, so just file a bug report or feature request, without the weird confidential disclosure dance. + +Just e-mail the maintainers. Arusekk is the one that is currently the most excited to fix vulnerabilities. +Or create a CTF task! Prove a point the good old hacker way! diff --git a/docs/Makefile b/docs/Makefile index e1e777d..dfc57c3 100755 --- a/docs/Makefile +++ b/docs/Makefile @@ -6,7 +6,6 @@ SPHINXOPTS = SPHINXBUILD = sphinx-build PAPER = BUILDDIR = build -DASHBUILD = ./dashbuild.py TAR = tar # Internal variables. @@ -145,8 +144,8 @@ gettext: @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." dash: - $(DASHBUILD) source $(BUILDDIR)/dash - $(TAR) --exclude='.DS_Store' -cvzf $(BUILDDIR)/dash/pwntools.tgz -C $(BUILDDIR)/dash pwntools.docset + $(SPHINXBUILD) -b html -d $(BUILDDIR)/doctrees -t dash source $(BUILDDIR)/html + doc2dash $(BUILDDIR)/html -d $(BUILDDIR)/dash -n pwntools -f -I index.html @echo "Build finished. The Dash docset is in $(BUILDDIR)/dash." changes: diff --git a/docs/dashbuild.py b/docs/dashbuild.py deleted file mode 100755 index 2fddc4e..0000000 --- a/docs/dashbuild.py +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env python - -# -*- coding: utf-8 -*- - -# -# Helper to build Dash docset from sphinx source files. -# -# Dash docsets can be read by various applications: -# -# Dash OS X, iOS https://kapeli.com -# Zeal Linux, Windows https://zealdocs.org -# Velocity Windows http://velocity.silverlakesoftware.com -# LovelyDocs Android http://lovelydocs.io -# dasht POSIX https://github.com/sunaku/dasht -# Helm Dash emacs https://github.com/areina/helm-dash -# - -import argparse -import doc2dash.__main__ -import os, os.path -import sphinx -import sqlite3 -import sys - -sys.path.append(os.path.abspath(os.path.join('..', 'pwnlib'))) -import version - -def main(args): - """Generate a Dash docset from Sphinx source files.""" - - srcdir = args.srcdir - dstdir = args.dstdir - name = args.name - - if not os.path.exists(dstdir): - os.makedirs(dstdir) - - # Generate HTML without indices. - sphinx.build_main([ "sphinx-build", "-b", "html", "-d", os.path.join(dstdir, "doctrees"), \ - "-t", "dash", srcdir, os.path.join(dstdir, "html") ]) - - # Convert to docset. - try: - doc2dash.__main__.main.main( \ - [ os.path.join(dstdir, "html"), "-d", dstdir, "-n", name, \ - "-f", "-I", "index.html"], "doc2dash", False) - except SystemExit as e: - pass - - # Insert a link to the online version. - online = args.online - if online is not None and online != "": - url = online.replace("@VERSION", args.version) - with open(os.path.join(dstdir, name+".docset", "Contents", "Info.plist"), "r+") as f_info: - pl = f_info.read() - pl = pl.replace("</dict>", \ - "\t<key>DashDocSetFallbackURL</key>\n\t<string>%s</string>\n</dict>" % url) - f_info.seek(0) - f_info.write(pl) - f_info.truncate() - - # Modify the CSS to hide the menu included in the HTML. - with open(os.path.join(dstdir, name+".docset", "Contents", "Resources", "Documents", "_static", "css", "theme.css"), "r+") as f_css: - css = f_css.read() - css = css.replace( \ - '@media screen and (max-width: 768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}',\ - '@media screen {.wy-body-for-nav{background:#fcfcfc}' ) - css = css.replace( \ - '@media screen and (max-width: 480px)', \ - '@media screen ') - f_css.seek(0) - f_css.write(css) - f_css.truncate() - - # Modify the index - db_conn = sqlite3.connect(os.path.join(dstdir, name+".docset", "Contents", "Resources", "docSet.dsidx")) - try: - db_conn.execute('INSERT INTO "searchIndex" ("name","type","path") VALUES ' \ - '("1 Contents", "Guide", "index.html"), ' \ - '("2 About pwntools", "Guide", "about.html"), ' \ - '("3 Installation", "Guide", "install.html"), ' \ - '("4 Getting Started", "Guide", "intro.html"), ' \ - '("5 Globals (pwn)", "Guide", "globals.html"), ' \ - '("6 Command Line Tools", "Guide", "commandline.html")') - db_conn.execute('DELETE FROM "searchIndex" WHERE "type" = "Module" AND ("name" = "pwn" OR "name" = "pwnlib")') - db_conn.commit() - finally: - db_conn.close() - - return 0 - -parser = argparse.ArgumentParser() -parser.add_argument("--name", help="docset name", default="pwntools") -parser.add_argument("--online", help="URL for online docs", default="https://pwntools.readthedocs.org/en/@VERSION/") -parser.add_argument("--version", help="pwntools version", default=version.__version__) -parser.add_argument("srcdir", help="Source directory containing .rst files") -parser.add_argument("dstdir", help="Destination and working directory") - -main(parser.parse_args()) diff --git a/docs/source/conf.py b/docs/source/conf.py index a07377a..8ce3cca 100755 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -377,9 +377,10 @@ if build_dash: on_rtd = os.environ.get('READTHEDOCS', None) == 'True' if not on_rtd: # only import and set the theme if we're building docs locally - import sphinx_rtd_theme - html_theme = 'sphinx_rtd_theme' - html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] + import alabaster + html_theme = 'alabaster' + html_theme_path = [alabaster.get_path()] + html_theme_options = { 'nosidebar' : True } # otherwise, readthedocs.org uses their theme by default, so no need to specify it diff --git a/docs/source/index.rst b/docs/source/index.rst index 6961de8..bc2f2b3 100755 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -13,7 +13,7 @@ readthedocs_. It comes in three primary flavors: - Dev_ .. _readthedocs: https://readthedocs.org -.. _docs.pwntools.com: https://docs.pwntools.com +.. _docs.pwntools.com: https://docs.pwntools.com/en/latest .. _Stable: https://docs.pwntools.com/en/stable .. _Beta: https://docs.pwntools.com/en/beta .. _Dev: https://docs.pwntools.com/en/dev diff --git a/docs/source/install/binutils.rst b/docs/source/install/binutils.rst index 94c54df..a04543f 100644 --- a/docs/source/install/binutils.rst +++ b/docs/source/install/binutils.rst @@ -5,7 +5,7 @@ Assembly of foreign architectures (e.g. assembling Sparc shellcode on Mac OS X) requires cross-compiled versions of ``binutils`` to be installed. We've made this process as smooth as we can. -In these examples, replace ``$ARCH`` with your target architecture (e.g., arm, mips64, vax, etc.). +In these examples, replace ``$ARCH`` with your target architecture (e.g., arm, aarch64, mips64, vax, etc.). Building `binutils` from source takes about 60 seconds on a modern 8-core machine. @@ -33,7 +33,7 @@ Mac OS X Mac OS X is just as easy, but requires building binutils from source. However, we've made ``homebrew`` recipes to make this a single command. -After installing `brew <http://brew.sh>`__, grab the appropriate +After installing `brew <https://brew.sh>`__, grab the appropriate recipe from our `binutils repo <https://github.com/Gallopsled/pwntools-binutils/>`__. @@ -51,10 +51,10 @@ OSes, ``binutils`` is simple to build by hand. #!/usr/bin/env bash - V=2.25 # Binutils Version + V=2.38 # Binutils Version ARCH=arm # Target architecture - cd /tmp + cd $TMP wget -nc https://ftp.gnu.org/gnu/binutils/binutils-$V.tar.gz wget -nc https://ftp.gnu.org/gnu/binutils/binutils-$V.tar.gz.sig @@ -70,7 +70,7 @@ OSes, ``binutils`` is simple to build by hand. export AS=as ../binutils-$V/configure \ - --prefix=/usr/local \ + --prefix=${PREFIX:-/usr/local} \ --target=$ARCH-unknown-linux-gnu \ --disable-static \ --disable-multilib \ diff --git a/docs/source/rop/rop.rst b/docs/source/rop/rop.rst index 411ef4c..8d5d93f 100644 --- a/docs/source/rop/rop.rst +++ b/docs/source/rop/rop.rst @@ -15,6 +15,7 @@ from pwnlib.tubes.process import process from pwnlib import shellcraft from pwnlib.util.misc import which + import pwnlib.data context.clear() diff --git a/extra/docker/Makefile b/extra/docker/Makefile index 3d1c9d4..25629a2 100644 --- a/extra/docker/Makefile +++ b/extra/docker/Makefile @@ -1,4 +1,4 @@ -subdirs=$(shell find . -type d -depth 1 | xargs basename) +subdirs=$(shell find . -mindepth 1 -maxdepth 1 -type d | xargs -n1 basename) tags=base stable beta dev ROOT=$(shell git rev-parse --show-toplevel) CMD ?= zsh @@ -7,7 +7,7 @@ ifneq ($(HISTFILE),) MOUNT_HISTFILE=--mount type=bind,source="$(HISTFILE)",target=/home/pwntools/.history endif -all: $(subdirs) $(tags) +all: $(tags) $(subdirs) tags: $(tags) @@ -36,4 +36,4 @@ clean: FORCE: -.PHONY: all $(subdirs) $(makefiles) $(tags)
\ No newline at end of file +.PHONY: all $(subdirs) $(makefiles) $(tags) diff --git a/extra/docker/base/Dockerfile b/extra/docker/base/Dockerfile index 697471a..ea0879f 100644 --- a/extra/docker/base/Dockerfile +++ b/extra/docker/base/Dockerfile @@ -3,26 +3,26 @@ # Based on Ubuntu ############################################################ -FROM ubuntu:bionic +FROM ubuntu:jammy MAINTAINER Maintainer Gallopsled et al. -env DEBIAN_FRONTEND=noninteractive ENV LANG en_US.UTF-8 ENV LANGUAGE en_US:en ENV LC_ALL en_US.UTF-8 +ARG DEBIAN_FRONTEND=noninteractive RUN apt-get update \ - && apt-get install locales \ - && locale-gen en_US.UTF-8 \ && apt-get install -y \ + sudo \ + locales \ build-essential \ elfutils \ git \ libssl-dev \ libffi-dev \ - python \ - python-pip \ - python-dev \ + python2.7 \ + python2.7-dev \ + python2-pip-whl \ python3 \ python3-pip \ python3-dev \ @@ -35,14 +35,15 @@ RUN apt-get update \ binutils-powerpc64-linux-gnu \ binutils-sparc64-linux-gnu \ tmux \ - && pip install --upgrade pip \ - && python -m pip install --upgrade pwntools \ - && pip3 install --upgrade pip \ + patchelf \ + && locale-gen en_US.UTF-8 \ + && update-locale LANG=en_US.UTF-8 \ + && PYTHONPATH=`echo /usr/share/python-wheels/pip-*.whl` python2.7 -m pip install --upgrade pip setuptools wheel \ + && python2.7 -m pip install --upgrade pwntools \ + && python3 -m pip install --upgrade pip \ && python3 -m pip install --upgrade pwntools \ && PWNLIB_NOTERM=1 pwn update \ - && apt-get install -y sudo \ && useradd -m pwntools \ && passwd --delete --unlock pwntools \ && echo "pwntools ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/pwntools USER pwntools -WORKDIR /home/pwntools diff --git a/extra/docker/beta/Dockerfile b/extra/docker/beta/Dockerfile index d4df4e3..cbfd056 100644 --- a/extra/docker/beta/Dockerfile +++ b/extra/docker/beta/Dockerfile @@ -1,7 +1,7 @@ FROM pwntools/pwntools:stable USER root -RUN pip install --upgrade git+https://github.com/Gallopsled/pwntools@beta -RUN pip3 install --upgrade git+https://github.com/Gallopsled/pwntools@beta +RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@beta \ + && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@beta RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/extra/docker/dev/Dockerfile b/extra/docker/dev/Dockerfile index 365213a..d5f7af8 100644 --- a/extra/docker/dev/Dockerfile +++ b/extra/docker/dev/Dockerfile @@ -1,7 +1,7 @@ FROM pwntools/pwntools:stable USER root -RUN pip install --upgrade git+https://github.com/Gallopsled/pwntools@dev -RUN pip3 install --upgrade git+https://github.com/Gallopsled/pwntools@dev +RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@dev \ + && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@dev RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/extra/docker/develop/Dockerfile b/extra/docker/develop/Dockerfile index dabe9b6..e51986a 100644 --- a/extra/docker/develop/Dockerfile +++ b/extra/docker/develop/Dockerfile @@ -5,8 +5,8 @@ ENV HISTFILE=/home/pwntools/.history # Uninstall existing versions of pwntools USER root -RUN python -m pip uninstall -q -y pwntools \ - && python3 -m pip uninstall -q -y pwntools +RUN python2.7 -m pip uninstall -q -y pwntools \ + && python3 -m pip uninstall -q -y pwntools # Switch back to the pwntools user from here forward USER pwntools @@ -18,20 +18,23 @@ ENV PATH="/home/pwntools/.local/bin:${PATH}" # Install Pwntools to the home directory, make it an editable install RUN git clone https://github.com/Gallopsled/pwntools \ - && python -m pip install --upgrade --editable pwntools \ + && python2.7 -m pip install --upgrade --editable pwntools \ && python3 -m pip install --upgrade --editable pwntools \ && PWNLIB_NOTERM=1 pwn version # Requirements for running the tests -RUN python -m pip install --upgrade --requirement pwntools/docs/requirements.txt \ - && python3 -m pip install --upgrade --requirement pwntools/docs/requirements.txt +RUN python2.7 -m pip install --upgrade --requirement pwntools/docs/requirements.txt \ + && python3 -m pip install --upgrade --requirement pwntools/docs/requirements.txt # Python niceties for debugging -RUN python -m pip install -U ipython ipdb \ - && python3 -m pip install -U ipython ipdb +RUN python2.7 -m pip install -U ipython ipdb \ + && python3 -m pip install -U ipython ipdb # Dependencies from .travis.yml addons -> apt -> packages -RUN sudo apt-get install -y \ +ARG DEBIAN_FRONTEND=noninteractive +ENV TZ="UTC" +RUN sudo apt-get update && sudo -E apt-get install -y \ + tzdata \ ash \ bash \ bash-static \ @@ -41,7 +44,7 @@ RUN sudo apt-get install -y \ dash \ gcc \ gcc-multilib \ - gdb \ + gdb \ ksh \ lib32stdc++6 \ libc6-dev-i386 \ @@ -51,12 +54,9 @@ RUN sudo apt-get install -y \ socat \ sshpass \ vim \ - zsh - + zsh \ # Misc useful things when developing -RUN sudo apt-get install -y \ curl \ - ipython \ ipython3 \ lsb-release \ ssh \ @@ -64,7 +64,7 @@ RUN sudo apt-get install -y \ wget # Use zsh by default -RUN sudo chsh -s /bin/zsh pwntools +RUN sudo -E chsh -s /bin/zsh pwntools # Get and install prezto RUN git clone --recursive https://github.com/sorin-ionescu/prezto.git .zprezto @@ -83,4 +83,4 @@ ADD 10-import.py /home/pwntools/.ipython/profile_default/startup ADD ipython_config.py /home/pwntools/.ipython/profile_default # Do not require password for sudo -RUN echo "pwntools ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/travis
\ No newline at end of file +RUN echo "pwntools ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/travis diff --git a/extra/docker/stable/Dockerfile b/extra/docker/stable/Dockerfile index 43a3ae1..980ef3f 100644 --- a/extra/docker/stable/Dockerfile +++ b/extra/docker/stable/Dockerfile @@ -1,7 +1,7 @@ FROM pwntools/pwntools:base USER root -RUN pip install --upgrade git+https://github.com/Gallopsled/pwntools@stable -RUN pip3 install --upgrade git+https://github.com/Gallopsled/pwntools@stable +RUN python2.7 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@stable \ + && python3 -m pip install --upgrade git+https://github.com/Gallopsled/pwntools@stable RUN PWNLIB_NOTERM=1 pwn update USER pwntools diff --git a/pwnlib/asm.py b/pwnlib/asm.py index 7d59d76..745ac74 100644 --- a/pwnlib/asm.py +++ b/pwnlib/asm.py @@ -320,20 +320,23 @@ def _arch_header(): prefix = ['.section .shellcode,"awx"', '.global _start', '.global __start', - '.p2align 2', '_start:', '__start:'] headers = { - 'i386' : ['.intel_syntax noprefix'], - 'amd64' : ['.intel_syntax noprefix'], + 'i386' : ['.intel_syntax noprefix', '.p2align 0'], + 'amd64' : ['.intel_syntax noprefix', '.p2align 0'], 'arm' : ['.syntax unified', '.arch armv7-a', - '.arm'], + '.arm', + '.p2align 2'], 'thumb' : ['.syntax unified', '.arch armv7-a', - '.thumb'], + '.thumb', + '.p2align 2' + ], 'mips' : ['.set mips2', '.set noreorder', + '.p2align 2' ], } diff --git a/pwnlib/commandline/cyclic.py b/pwnlib/commandline/cyclic.py index 9adac3b..eeb55b9 100644 --- a/pwnlib/commandline/cyclic.py +++ b/pwnlib/commandline/cyclic.py @@ -72,13 +72,16 @@ def main(args): try: pat = int(pat, 0) + pat = pack(pat, 'all') except ValueError: pass pat = flat(pat, bytes=args.length) - if len(pat) != subsize: - log.critical('Subpattern must be %d bytes' % subsize) + if len(pat) < subsize: + log.critical('Subpattern must be at least %d bytes' % subsize) sys.exit(1) + else: + pat = pat[:subsize] if not all(c in alphabet for c in pat): log.critical('Pattern contains characters not present in the alphabet') diff --git a/pwnlib/commandline/disasm.py b/pwnlib/commandline/disasm.py index e4ab12e..78e69b9 100644 --- a/pwnlib/commandline/disasm.py +++ b/pwnlib/commandline/disasm.py @@ -82,9 +82,9 @@ def main(args): instrs = disasm(dat, vma=safeeval.const(args.address), byte=False, offset=False) # instrs = highlight(instrs, PwntoolsLexer(), TerminalFormatter()) + highlight_bytes = lambda t: ''.join(map(lambda x: x.replace('00', text.red('00')).replace('0a', text.red('0a')), group(2, t))) for o,b,i in zip(*map(str.splitlines, (offsets, bytes, instrs))): - b = b.replace('00', text.red('00')) - b = b.replace('0a', text.red('0a')) + b = ' '.join(highlight_bytes(bb) for bb in b.split(' ')) i = highlight(i.strip(), PwntoolsLexer(), TerminalFormatter()).strip() i = i.replace(',',', ') diff --git a/pwnlib/data/crcsums.txt b/pwnlib/data/crcsums.txt index ab1d6e7..ba8b41d 100644 --- a/pwnlib/data/crcsums.txt +++ b/pwnlib/data/crcsums.txt @@ -1,58 +1,59 @@ # This file was generated using the command: -# curl -s 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.legend' | sed -nr -e 's@<H3><A NAME="(crc\.cat[^"]*).*@\1@p' -e 's@.*<CODE>(width.*)</CODE>.*@\1@p' | sed '$!N;s/\n/ /' > crcsums.txt +# curl -s 'https://reveng.sourceforge.io/crc-catalogue/all.htm' | sed -nr -e 's@.*?<A NAME="(crc\.cat[^"]*)">C.*@\1@p' -e 's@.*<CODE>(width=.*)</CODE>.*@\1@p' | sed '$!N;s/\n/ /' # # At the time of download, that page was available under the GPLv3 license, which can found here: # https://www.gnu.org/licenses/gpl.html # +crc.cat.crc-3-gsm width=3 poly=0x3 init=0x0 refin=false refout=false xorout=0x7 check=0x4 residue=0x2 name="CRC-3/GSM" crc.cat.crc-3-rohc width=3 poly=0x3 init=0x7 refin=true refout=true xorout=0x0 check=0x6 residue=0x0 name="CRC-3/ROHC" -crc.cat-bits.3 width=3 poly=0x3 init=0x0 refin=false refout=false xorout=0x7 check=0x4 residue=0x2 name="CRC-3/GSM" -crc.cat-bits.4 width=4 poly=0x3 init=0xf refin=false refout=false xorout=0xf check=0xb residue=0x2 name="CRC-4/INTERLAKEN" -crc.cat.crc-4-itu width=4 poly=0x3 init=0x0 refin=true refout=true xorout=0x0 check=0x7 residue=0x0 name="CRC-4/ITU" -crc.cat-bits.5 width=5 poly=0x09 init=0x09 refin=false refout=false xorout=0x00 check=0x00 residue=0x00 name="CRC-5/EPC" -crc.cat.crc-5-itu width=5 poly=0x15 init=0x00 refin=true refout=true xorout=0x00 check=0x07 residue=0x00 name="CRC-5/ITU" +crc.cat.crc-4-g-704 width=4 poly=0x3 init=0x0 refin=true refout=true xorout=0x0 check=0x7 residue=0x0 name="CRC-4/G-704" +crc.cat.crc-4-interlaken width=4 poly=0x3 init=0xf refin=false refout=false xorout=0xf check=0xb residue=0x2 name="CRC-4/INTERLAKEN" +crc.cat.crc-5-epc-c1g2 width=5 poly=0x09 init=0x09 refin=false refout=false xorout=0x00 check=0x00 residue=0x00 name="CRC-5/EPC-C1G2" +crc.cat.crc-5-g-704 width=5 poly=0x15 init=0x00 refin=true refout=true xorout=0x00 check=0x07 residue=0x00 name="CRC-5/G-704" crc.cat.crc-5-usb width=5 poly=0x05 init=0x1f refin=true refout=true xorout=0x1f check=0x19 residue=0x06 name="CRC-5/USB" -crc.cat-bits.6 width=6 poly=0x27 init=0x3f refin=false refout=false xorout=0x00 check=0x0d residue=0x00 name="CRC-6/CDMA2000-A" +crc.cat.crc-6-cdma2000-a width=6 poly=0x27 init=0x3f refin=false refout=false xorout=0x00 check=0x0d residue=0x00 name="CRC-6/CDMA2000-A" crc.cat.crc-6-cdma2000-b width=6 poly=0x07 init=0x3f refin=false refout=false xorout=0x00 check=0x3b residue=0x00 name="CRC-6/CDMA2000-B" crc.cat.crc-6-darc width=6 poly=0x19 init=0x00 refin=true refout=true xorout=0x00 check=0x26 residue=0x00 name="CRC-6/DARC" +crc.cat.crc-6-g-704 width=6 poly=0x03 init=0x00 refin=true refout=true xorout=0x00 check=0x06 residue=0x00 name="CRC-6/G-704" crc.cat.crc-6-gsm width=6 poly=0x2f init=0x00 refin=false refout=false xorout=0x3f check=0x13 residue=0x3a name="CRC-6/GSM" -crc.cat.crc-6-itu width=6 poly=0x03 init=0x00 refin=true refout=true xorout=0x00 check=0x06 residue=0x00 name="CRC-6/ITU" -crc.cat-bits.7 width=7 poly=0x09 init=0x00 refin=false refout=false xorout=0x00 check=0x75 residue=0x00 name="CRC-7" +crc.cat.crc-7-mmc width=7 poly=0x09 init=0x00 refin=false refout=false xorout=0x00 check=0x75 residue=0x00 name="CRC-7/MMC" crc.cat.crc-7-rohc width=7 poly=0x4f init=0x7f refin=true refout=true xorout=0x00 check=0x53 residue=0x00 name="CRC-7/ROHC" crc.cat.crc-7-umts width=7 poly=0x45 init=0x00 refin=false refout=false xorout=0x00 check=0x61 residue=0x00 name="CRC-7/UMTS" -crc.cat-bits.8 width=8 poly=0x07 init=0x00 refin=false refout=false xorout=0x00 check=0xf4 residue=0x00 name="CRC-8" crc.cat.crc-8-autosar width=8 poly=0x2f init=0xff refin=false refout=false xorout=0xff check=0xdf residue=0x42 name="CRC-8/AUTOSAR" +crc.cat.crc-8-bluetooth width=8 poly=0xa7 init=0x00 refin=true refout=true xorout=0x00 check=0x26 residue=0x00 name="CRC-8/BLUETOOTH" crc.cat.crc-8-cdma2000 width=8 poly=0x9b init=0xff refin=false refout=false xorout=0x00 check=0xda residue=0x00 name="CRC-8/CDMA2000" crc.cat.crc-8-darc width=8 poly=0x39 init=0x00 refin=true refout=true xorout=0x00 check=0x15 residue=0x00 name="CRC-8/DARC" crc.cat.crc-8-dvb-s2 width=8 poly=0xd5 init=0x00 refin=false refout=false xorout=0x00 check=0xbc residue=0x00 name="CRC-8/DVB-S2" -crc.cat.crc-8-ebu width=8 poly=0x1d init=0xff refin=true refout=true xorout=0x00 check=0x97 residue=0x00 name="CRC-8/EBU" crc.cat.crc-8-gsm-a width=8 poly=0x1d init=0x00 refin=false refout=false xorout=0x00 check=0x37 residue=0x00 name="CRC-8/GSM-A" crc.cat.crc-8-gsm-b width=8 poly=0x49 init=0x00 refin=false refout=false xorout=0xff check=0x94 residue=0x53 name="CRC-8/GSM-B" +crc.cat.crc-8-hitag width=8 poly=0x1d init=0xff refin=false refout=false xorout=0x00 check=0xb4 residue=0x00 name="CRC-8/HITAG" +crc.cat.crc-8-i-432-1 width=8 poly=0x07 init=0x00 refin=false refout=false xorout=0x55 check=0xa1 residue=0xac name="CRC-8/I-432-1" crc.cat.crc-8-i-code width=8 poly=0x1d init=0xfd refin=false refout=false xorout=0x00 check=0x7e residue=0x00 name="CRC-8/I-CODE" -crc.cat.crc-8-itu width=8 poly=0x07 init=0x00 refin=false refout=false xorout=0x55 check=0xa1 residue=0xac name="CRC-8/ITU" crc.cat.crc-8-lte width=8 poly=0x9b init=0x00 refin=false refout=false xorout=0x00 check=0xea residue=0x00 name="CRC-8/LTE" -crc.cat.crc-8-maxim width=8 poly=0x31 init=0x00 refin=true refout=true xorout=0x00 check=0xa1 residue=0x00 name="CRC-8/MAXIM" +crc.cat.crc-8-maxim-dow width=8 poly=0x31 init=0x00 refin=true refout=true xorout=0x00 check=0xa1 residue=0x00 name="CRC-8/MAXIM-DOW" +crc.cat.crc-8-mifare-mad width=8 poly=0x1d init=0xc7 refin=false refout=false xorout=0x00 check=0x99 residue=0x00 name="CRC-8/MIFARE-MAD" +crc.cat.crc-8-nrsc-5 width=8 poly=0x31 init=0xff refin=false refout=false xorout=0x00 check=0xf7 residue=0x00 name="CRC-8/NRSC-5" crc.cat.crc-8-opensafety width=8 poly=0x2f init=0x00 refin=false refout=false xorout=0x00 check=0x3e residue=0x00 name="CRC-8/OPENSAFETY" crc.cat.crc-8-rohc width=8 poly=0x07 init=0xff refin=true refout=true xorout=0x00 check=0xd0 residue=0x00 name="CRC-8/ROHC" crc.cat.crc-8-sae-j1850 width=8 poly=0x1d init=0xff refin=false refout=false xorout=0xff check=0x4b residue=0xc4 name="CRC-8/SAE-J1850" -crc.cat.crc-8-wdcma width=8 poly=0x9b init=0x00 refin=true refout=true xorout=0x00 check=0x25 residue=0x00 name="CRC-8/WCDMA" -crc.cat-bits.10 width=10 poly=0x233 init=0x000 refin=false refout=false xorout=0x000 check=0x199 residue=0x000 name="CRC-10" +crc.cat.crc-8-smbus width=8 poly=0x07 init=0x00 refin=false refout=false xorout=0x00 check=0xf4 residue=0x00 name="CRC-8/SMBUS" +crc.cat.crc-8-tech-3250 width=8 poly=0x1d init=0xff refin=true refout=true xorout=0x00 check=0x97 residue=0x00 name="CRC-8/TECH-3250" +crc.cat.crc-8-wcdma width=8 poly=0x9b init=0x00 refin=true refout=true xorout=0x00 check=0x25 residue=0x00 name="CRC-8/WCDMA" +crc.cat.crc-10-atm width=10 poly=0x233 init=0x000 refin=false refout=false xorout=0x000 check=0x199 residue=0x000 name="CRC-10/ATM" crc.cat.crc-10-cdma2000 width=10 poly=0x3d9 init=0x3ff refin=false refout=false xorout=0x000 check=0x233 residue=0x000 name="CRC-10/CDMA2000" crc.cat.crc-10-gsm width=10 poly=0x175 init=0x000 refin=false refout=false xorout=0x3ff check=0x12a residue=0x0c6 name="CRC-10/GSM" -crc.cat-bits.11 width=11 poly=0x385 init=0x01a refin=false refout=false xorout=0x000 check=0x5a3 residue=0x000 name="CRC-11" +crc.cat.crc-11-flexray width=11 poly=0x385 init=0x01a refin=false refout=false xorout=0x000 check=0x5a3 residue=0x000 name="CRC-11/FLEXRAY" crc.cat.crc-11-umts width=11 poly=0x307 init=0x000 refin=false refout=false xorout=0x000 check=0x061 residue=0x000 name="CRC-11/UMTS" -crc.cat-bits.12 width=12 poly=0xf13 init=0xfff refin=false refout=false xorout=0x000 check=0xd4d residue=0x000 name="CRC-12/CDMA2000" +crc.cat.crc-12-cdma2000 width=12 poly=0xf13 init=0xfff refin=false refout=false xorout=0x000 check=0xd4d residue=0x000 name="CRC-12/CDMA2000" crc.cat.crc-12-dect width=12 poly=0x80f init=0x000 refin=false refout=false xorout=0x000 check=0xf5b residue=0x000 name="CRC-12/DECT" crc.cat.crc-12-gsm width=12 poly=0xd31 init=0x000 refin=false refout=false xorout=0xfff check=0xb34 residue=0x178 name="CRC-12/GSM" crc.cat.crc-12-umts width=12 poly=0x80f init=0x000 refin=false refout=true xorout=0x000 check=0xdaf residue=0x000 name="CRC-12/UMTS" -crc.cat-bits.13 width=13 poly=0x1cf5 init=0x0000 refin=false refout=false xorout=0x0000 check=0x04fa residue=0x0000 name="CRC-13/BBC" -crc.cat-bits.14 width=14 poly=0x0805 init=0x0000 refin=true refout=true xorout=0x0000 check=0x082d residue=0x0000 name="CRC-14/DARC" +crc.cat.crc-13-bbc width=13 poly=0x1cf5 init=0x0000 refin=false refout=false xorout=0x0000 check=0x04fa residue=0x0000 name="CRC-13/BBC" +crc.cat.crc-14-darc width=14 poly=0x0805 init=0x0000 refin=true refout=true xorout=0x0000 check=0x082d residue=0x0000 name="CRC-14/DARC" crc.cat.crc-14-gsm width=14 poly=0x202d init=0x0000 refin=false refout=false xorout=0x3fff check=0x30ae residue=0x031e name="CRC-14/GSM" -crc.cat-bits.15 width=15 poly=0x4599 init=0x0000 refin=false refout=false xorout=0x0000 check=0x059e residue=0x0000 name="CRC-15" +crc.cat.crc-15-can width=15 poly=0x4599 init=0x0000 refin=false refout=false xorout=0x0000 check=0x059e residue=0x0000 name="CRC-15/CAN" crc.cat.crc-15-mpt1327 width=15 poly=0x6815 init=0x0000 refin=false refout=false xorout=0x0001 check=0x2566 residue=0x6815 name="CRC-15/MPT1327" -crc.cat-bits.16 width=16 poly=0x8005 init=0x0000 refin=true refout=true xorout=0x0000 check=0xbb3d residue=0x0000 name="ARC" -crc.cat.crc-16-aug-ccitt width=16 poly=0x1021 init=0x1d0f refin=false refout=false xorout=0x0000 check=0xe5cc residue=0x0000 name="CRC-16/AUG-CCITT" -crc.cat.crc-16-buypass width=16 poly=0x8005 init=0x0000 refin=false refout=false xorout=0x0000 check=0xfee8 residue=0x0000 name="CRC-16/BUYPASS" -crc.cat.crc-16-ccitt-false width=16 poly=0x1021 init=0xffff refin=false refout=false xorout=0x0000 check=0x29b1 residue=0x0000 name="CRC-16/CCITT-FALSE" +crc.cat.crc-16-arc width=16 poly=0x8005 init=0x0000 refin=true refout=true xorout=0x0000 check=0xbb3d residue=0x0000 name="CRC-16/ARC" crc.cat.crc-16-cdma2000 width=16 poly=0xc867 init=0xffff refin=false refout=false xorout=0x0000 check=0x4c06 residue=0x0000 name="CRC-16/CDMA2000" crc.cat.crc-16-cms width=16 poly=0x8005 init=0xffff refin=false refout=false xorout=0x0000 check=0xaee7 residue=0x0000 name="CRC-16/CMS" crc.cat.crc-16-dds-110 width=16 poly=0x8005 init=0x800d refin=false refout=false xorout=0x0000 check=0x9ecf residue=0x0000 name="CRC-16/DDS-110" @@ -62,44 +63,55 @@ crc.cat.crc-16-dnp width=16 poly=0x3d65 init=0x0000 refin=true refout=true crc.cat.crc-16-en-13757 width=16 poly=0x3d65 init=0x0000 refin=false refout=false xorout=0xffff check=0xc2b7 residue=0xa366 name="CRC-16/EN-13757" crc.cat.crc-16-genibus width=16 poly=0x1021 init=0xffff refin=false refout=false xorout=0xffff check=0xd64e residue=0x1d0f name="CRC-16/GENIBUS" crc.cat.crc-16-gsm width=16 poly=0x1021 init=0x0000 refin=false refout=false xorout=0xffff check=0xce3c residue=0x1d0f name="CRC-16/GSM" +crc.cat.crc-16-ibm-3740 width=16 poly=0x1021 init=0xffff refin=false refout=false xorout=0x0000 check=0x29b1 residue=0x0000 name="CRC-16/IBM-3740" +crc.cat.crc-16-ibm-sdlc width=16 poly=0x1021 init=0xffff refin=true refout=true xorout=0xffff check=0x906e residue=0xf0b8 name="CRC-16/IBM-SDLC" +crc.cat.crc-16-iso-iec-14443-3-a width=16 poly=0x1021 init=0xc6c6 refin=true refout=true xorout=0x0000 check=0xbf05 residue=0x0000 name="CRC-16/ISO-IEC-14443-3-A" +crc.cat.crc-16-kermit width=16 poly=0x1021 init=0x0000 refin=true refout=true xorout=0x0000 check=0x2189 residue=0x0000 name="CRC-16/KERMIT" crc.cat.crc-16-lj1200 width=16 poly=0x6f63 init=0x0000 refin=false refout=false xorout=0x0000 check=0xbdf4 residue=0x0000 name="CRC-16/LJ1200" -crc.cat.crc-16-maxim width=16 poly=0x8005 init=0x0000 refin=true refout=true xorout=0xffff check=0x44c2 residue=0xb001 name="CRC-16/MAXIM" +crc.cat.crc-16-m17 width=16 poly=0x5935 init=0xffff refin=false refout=false xorout=0x0000 check=0x772b residue=0x0000 name="CRC-16/M17" +crc.cat.crc-16-maxim-dow width=16 poly=0x8005 init=0x0000 refin=true refout=true xorout=0xffff check=0x44c2 residue=0xb001 name="CRC-16/MAXIM-DOW" crc.cat.crc-16-mcrf4xx width=16 poly=0x1021 init=0xffff refin=true refout=true xorout=0x0000 check=0x6f91 residue=0x0000 name="CRC-16/MCRF4XX" +crc.cat.crc-16-modbus width=16 poly=0x8005 init=0xffff refin=true refout=true xorout=0x0000 check=0x4b37 residue=0x0000 name="CRC-16/MODBUS" +crc.cat.crc-16-nrsc-5 width=16 poly=0x080b init=0xffff refin=true refout=true xorout=0x0000 check=0xa066 residue=0x0000 name="CRC-16/NRSC-5" crc.cat.crc-16-opensafety-a width=16 poly=0x5935 init=0x0000 refin=false refout=false xorout=0x0000 check=0x5d38 residue=0x0000 name="CRC-16/OPENSAFETY-A" -crc.cat.crc-16-opensafety-a width=16 poly=0x755b init=0x0000 refin=false refout=false xorout=0x0000 check=0x20fe residue=0x0000 name="CRC-16/OPENSAFETY-B" +crc.cat.crc-16-opensafety-b width=16 poly=0x755b init=0x0000 refin=false refout=false xorout=0x0000 check=0x20fe residue=0x0000 name="CRC-16/OPENSAFETY-B" crc.cat.crc-16-profibus width=16 poly=0x1dcf init=0xffff refin=false refout=false xorout=0xffff check=0xa819 residue=0xe394 name="CRC-16/PROFIBUS" crc.cat.crc-16-riello width=16 poly=0x1021 init=0xb2aa refin=true refout=true xorout=0x0000 check=0x63d0 residue=0x0000 name="CRC-16/RIELLO" +crc.cat.crc-16-spi-fujitsu width=16 poly=0x1021 init=0x1d0f refin=false refout=false xorout=0x0000 check=0xe5cc residue=0x0000 name="CRC-16/SPI-FUJITSU" crc.cat.crc-16-t10-dif width=16 poly=0x8bb7 init=0x0000 refin=false refout=false xorout=0x0000 check=0xd0db residue=0x0000 name="CRC-16/T10-DIF" crc.cat.crc-16-teledisk width=16 poly=0xa097 init=0x0000 refin=false refout=false xorout=0x0000 check=0x0fb3 residue=0x0000 name="CRC-16/TELEDISK" crc.cat.crc-16-tms37157 width=16 poly=0x1021 init=0x89ec refin=true refout=true xorout=0x0000 check=0x26b1 residue=0x0000 name="CRC-16/TMS37157" +crc.cat.crc-16-umts width=16 poly=0x8005 init=0x0000 refin=false refout=false xorout=0x0000 check=0xfee8 residue=0x0000 name="CRC-16/UMTS" crc.cat.crc-16-usb width=16 poly=0x8005 init=0xffff refin=true refout=true xorout=0xffff check=0xb4c8 residue=0xb001 name="CRC-16/USB" -crc.cat.crc-a width=16 poly=0x1021 init=0xc6c6 refin=true refout=true xorout=0x0000 check=0xbf05 residue=0x0000 name="CRC-A" -crc.cat.kermit width=16 poly=0x1021 init=0x0000 refin=true refout=true xorout=0x0000 check=0x2189 residue=0x0000 name="KERMIT" -crc.cat.modbus width=16 poly=0x8005 init=0xffff refin=true refout=true xorout=0x0000 check=0x4b37 residue=0x0000 name="MODBUS" -crc.cat.x-25 width=16 poly=0x1021 init=0xffff refin=true refout=true xorout=0xffff check=0x906e residue=0xf0b8 name="X-25" -crc.cat.xmodem width=16 poly=0x1021 init=0x0000 refin=false refout=false xorout=0x0000 check=0x31c3 residue=0x0000 name="XMODEM" -crc.cat-bits.24 width=24 poly=0x864cfb init=0xb704ce refin=false refout=false xorout=0x000000 check=0x21cf02 residue=0x000000 name="CRC-24" +crc.cat.crc-16-xmodem width=16 poly=0x1021 init=0x0000 refin=false refout=false xorout=0x0000 check=0x31c3 residue=0x0000 name="CRC-16/XMODEM" +crc.cat.crc-17-can-fd width=17 poly=0x1685b init=0x00000 refin=false refout=false xorout=0x00000 check=0x04f03 residue=0x00000 name="CRC-17/CAN-FD" +crc.cat.crc-21-can-fd width=21 poly=0x102899 init=0x000000 refin=false refout=false xorout=0x000000 check=0x0ed841 residue=0x000000 name="CRC-21/CAN-FD" crc.cat.crc-24-ble width=24 poly=0x00065b init=0x555555 refin=true refout=true xorout=0x000000 check=0xc25a56 residue=0x000000 name="CRC-24/BLE" crc.cat.crc-24-flexray-a width=24 poly=0x5d6dcb init=0xfedcba refin=false refout=false xorout=0x000000 check=0x7979bd residue=0x000000 name="CRC-24/FLEXRAY-A" crc.cat.crc-24-flexray-b width=24 poly=0x5d6dcb init=0xabcdef refin=false refout=false xorout=0x000000 check=0x1f23b8 residue=0x000000 name="CRC-24/FLEXRAY-B" crc.cat.crc-24-interlaken width=24 poly=0x328b63 init=0xffffff refin=false refout=false xorout=0xffffff check=0xb4f3e6 residue=0x144e63 name="CRC-24/INTERLAKEN" crc.cat.crc-24-lte-a width=24 poly=0x864cfb init=0x000000 refin=false refout=false xorout=0x000000 check=0xcde703 residue=0x000000 name="CRC-24/LTE-A" crc.cat.crc-24-lte-b width=24 poly=0x800063 init=0x000000 refin=false refout=false xorout=0x000000 check=0x23ef52 residue=0x000000 name="CRC-24/LTE-B" -crc.cat-bits.30 width=30 poly=0x2030b9c7 init=0x3fffffff refin=false refout=false xorout=0x3fffffff check=0x04c34abf residue=0x34efa55a name="CRC-30/CDMA" -crc.cat-bits.31 width=31 poly=0x04c11db7 init=0x7fffffff refin=false refout=false xorout=0x7fffffff check=0x0ce9e46c residue=0x4eaf26f1 name="CRC-31/PHILIPS" -crc.cat-bits.32 width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xcbf43926 residue=0xdebb20e3 name="CRC-32" +crc.cat.crc-24-openpgp width=24 poly=0x864cfb init=0xb704ce refin=false refout=false xorout=0x000000 check=0x21cf02 residue=0x000000 name="CRC-24/OPENPGP" +crc.cat.crc-24-os-9 width=24 poly=0x800063 init=0xffffff refin=false refout=false xorout=0xffffff check=0x200fa5 residue=0x800fe3 name="CRC-24/OS-9" +crc.cat.crc-30-cdma width=30 poly=0x2030b9c7 init=0x3fffffff refin=false refout=false xorout=0x3fffffff check=0x04c34abf residue=0x34efa55a name="CRC-30/CDMA" +crc.cat.crc-31-philips width=31 poly=0x04c11db7 init=0x7fffffff refin=false refout=false xorout=0x7fffffff check=0x0ce9e46c residue=0x4eaf26f1 name="CRC-31/PHILIPS" +crc.cat.crc-32-aixm width=32 poly=0x814141ab init=0x00000000 refin=false refout=false xorout=0x00000000 check=0x3010bf7f residue=0x00000000 name="CRC-32/AIXM" crc.cat.crc-32-autosar width=32 poly=0xf4acfb13 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0x1697d06a residue=0x904cddbf name="CRC-32/AUTOSAR" +crc.cat.crc-32-base91-d width=32 poly=0xa833982b init=0xffffffff refin=true refout=true xorout=0xffffffff check=0x87315576 residue=0x45270551 name="CRC-32/BASE91-D" crc.cat.crc-32-bzip2 width=32 poly=0x04c11db7 init=0xffffffff refin=false refout=false xorout=0xffffffff check=0xfc891918 residue=0xc704dd7b name="CRC-32/BZIP2" -crc.cat.crc-32c width=32 poly=0x1edc6f41 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xe3069283 residue=0xb798b438 name="CRC-32C" -crc.cat.crc-32d width=32 poly=0xa833982b init=0xffffffff refin=true refout=true xorout=0xffffffff check=0x87315576 residue=0x45270551 name="CRC-32D" +crc.cat.crc-32-cd-rom-edc width=32 poly=0x8001801b init=0x00000000 refin=true refout=true xorout=0x00000000 check=0x6ec2edc4 residue=0x00000000 name="CRC-32/CD-ROM-EDC" +crc.cat.crc-32-cksum width=32 poly=0x04c11db7 init=0x00000000 refin=false refout=false xorout=0xffffffff check=0x765e7680 residue=0xc704dd7b name="CRC-32/CKSUM" +crc.cat.crc-32-iscsi width=32 poly=0x1edc6f41 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xe3069283 residue=0xb798b438 name="CRC-32/ISCSI" +crc.cat.crc-32-iso-hdlc width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0xffffffff check=0xcbf43926 residue=0xdebb20e3 name="CRC-32/ISO-HDLC" +crc.cat.crc-32-jamcrc width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0x00000000 check=0x340bc6d9 residue=0x00000000 name="CRC-32/JAMCRC" +crc.cat.crc-32-mef width=32 poly=0x741b8cd7 init=0xffffffff refin=true refout=true xorout=0x00000000 check=0xd2c22f51 residue=0x00000000 name="CRC-32/MEF" crc.cat.crc-32-mpeg-2 width=32 poly=0x04c11db7 init=0xffffffff refin=false refout=false xorout=0x00000000 check=0x0376e6e7 residue=0x00000000 name="CRC-32/MPEG-2" -crc.cat.crc-32-posix width=32 poly=0x04c11db7 init=0x00000000 refin=false refout=false xorout=0xffffffff check=0x765e7680 residue=0xc704dd7b name="CRC-32/POSIX" -crc.cat.crc-32q width=32 poly=0x814141ab init=0x00000000 refin=false refout=false xorout=0x00000000 check=0x3010bf7f residue=0x00000000 name="CRC-32Q" -crc.cat.jamcrc width=32 poly=0x04c11db7 init=0xffffffff refin=true refout=true xorout=0x00000000 check=0x340bc6d9 residue=0x00000000 name="JAMCRC" -crc.cat.xfer width=32 poly=0x000000af init=0x00000000 refin=false refout=false xorout=0x00000000 check=0xbd0be338 residue=0x00000000 name="XFER" -crc.cat-bits.40 width=40 poly=0x0004820009 init=0x0000000000 refin=false refout=false xorout=0xffffffffff check=0xd4164fc646 residue=0xc4ff8071ff name="CRC-40/GSM" -crc.cat-bits.64 width=64 poly=0x42f0e1eba9ea3693 init=0x0000000000000000 refin=false refout=false xorout=0x0000000000000000 check=0x6c40df5f0b497347 residue=0x0000000000000000 name="CRC-64" +crc.cat.crc-32-xfer width=32 poly=0x000000af init=0x00000000 refin=false refout=false xorout=0x00000000 check=0xbd0be338 residue=0x00000000 name="CRC-32/XFER" +crc.cat.crc-40-gsm width=40 poly=0x0004820009 init=0x0000000000 refin=false refout=false xorout=0xffffffffff check=0xd4164fc646 residue=0xc4ff8071ff name="CRC-40/GSM" +crc.cat.crc-64-ecma-182 width=64 poly=0x42f0e1eba9ea3693 init=0x0000000000000000 refin=false refout=false xorout=0x0000000000000000 check=0x6c40df5f0b497347 residue=0x0000000000000000 name="CRC-64/ECMA-182" crc.cat.crc-64-go-iso width=64 poly=0x000000000000001b init=0xffffffffffffffff refin=true refout=true xorout=0xffffffffffffffff check=0xb90956c775a41001 residue=0x5300000000000000 name="CRC-64/GO-ISO" +crc.cat.crc-64-ms width=64 poly=0x259c84cba6426349 init=0xffffffffffffffff refin=true refout=true xorout=0x0000000000000000 check=0x75d4b74f024eceea residue=0x0000000000000000 name="CRC-64/MS" crc.cat.crc-64-we width=64 poly=0x42f0e1eba9ea3693 init=0xffffffffffffffff refin=false refout=false xorout=0xffffffffffffffff check=0x62ec59e3f1a4f00a residue=0xfcacbebd5931a992 name="CRC-64/WE" crc.cat.crc-64-xz width=64 poly=0x42f0e1eba9ea3693 init=0xffffffffffffffff refin=true refout=true xorout=0xffffffffffffffff check=0x995dc9bbdf1939fa residue=0x49958c9abd7d353f name="CRC-64/XZ" -crc.cat-bits.82 width=82 poly=0x0308c0111011401440411 init=0x000000000000000000000 refin=true refout=true xorout=0x000000000000000000000 check=0x09ea83f625023801fd612 residue=0x000000000000000000000 name="CRC-82/DARC" +crc.cat.crc-82-darc width=82 poly=0x0308c0111011401440411 init=0x000000000000000000000 refin=true refout=true xorout=0x000000000000000000000 check=0x09ea83f625023801fd612 residue=0x000000000000000000000 name="CRC-82/DARC" diff --git a/pwnlib/data/templates/pwnup.mako b/pwnlib/data/templates/pwnup.mako index 0c43ba8..5690e26 100644 --- a/pwnlib/data/templates/pwnup.mako +++ b/pwnlib/data/templates/pwnup.mako @@ -44,7 +44,7 @@ from pwn import * # Set up pwntools for the correct architecture %endif %if ctx.binary: -exe = context.binary = ELF(${binary_repr}) +exe = context.binary = ELF(args.EXE or ${binary_repr}) <% binary_repr = 'exe.path' %> %else: context.update(arch='i386') @@ -58,7 +58,7 @@ exe = ${binary_repr} # for all created processes... # ./exploit.py DEBUG NOASLR %if host or port or user: -# ./exploit.py GDB HOST=example.com PORT=4141 +# ./exploit.py GDB HOST=example.com PORT=4141 EXE=/tmp/executable %endif %endif %if host: diff --git a/pwnlib/dynelf.py b/pwnlib/dynelf.py index a0311a2..579a26a 100644 --- a/pwnlib/dynelf.py +++ b/pwnlib/dynelf.py @@ -140,10 +140,10 @@ class DynELF(object): .. _.got.plt: https://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/specialsections.html .. _DYNAMIC: http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#dynamic_section .. _SYSV: https://refspecs.linuxbase.org/elf/gabi4+/ch5.dynamic.html#hash - .. _GNU: https://blogs.oracle.com/ali/entry/gnu_hash_elf_sections + .. _GNU: https://blogs.oracle.com/solaris/post/gnu-hash-elf-sections .. _DT_DEBUG: https://reverseengineering.stackexchange.com/questions/6525/elf-link-map-when-linked-as-relro .. _link map: https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/link.h;h=eaca8028e45a859ac280301a6e955a14eed1b887;hb=HEAD#l84 - .. _DT_PLTGOT: http://refspecs.linuxfoundation.org/ELF/zSeries/lzsabi0_zSeries/x2251.html + .. _DT_PLTGOT: https://refspecs.linuxfoundation.org/ELF/zSeries/lzsabi0_zSeries/x2251.html ''' def __init__(self, leak, pointer=None, elf=None, libcdb=True): @@ -769,7 +769,7 @@ class DynELF(object): structure. Again, Oracle has good documentation. - https://blogs.oracle.com/ali/entry/gnu_hash_elf_sections + https://blogs.oracle.com/solaris/post/gnu-hash-elf-sections You can force an ELF to use this type of symbol table by compiling with 'gcc -Wl,--hash-style=gnu' diff --git a/pwnlib/elf/corefile.py b/pwnlib/elf/corefile.py index 7399762..9d81995 100644 --- a/pwnlib/elf/corefile.py +++ b/pwnlib/elf/corefile.py @@ -1406,9 +1406,8 @@ class CorefileFinder(object): "coredumpctl", "dump", "--output=%s" % filename, - # Filter coredump by pid and filename + # Filter coredump by pid str(self.pid), - self.basename, ], stdout=open(os.devnull, 'w'), stderr=subprocess.STDOUT, diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index c6e6708..9053a1a 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -225,7 +225,7 @@ class ELF(ELFFile): super(ELF,self).__init__(self.mmap) #: :class:`str`: Path to the file - self.path = os.path.abspath(path) + self.path = packing._need_text(os.path.abspath(path)) #: :class:`str`: Architecture of the file (e.g. ``'i386'``, ``'arm'``). #: @@ -1165,7 +1165,7 @@ class ELF(ELFFile): won't work. Arguments: - needle(str): String to search for. + needle(bytes): String to search for. writable(bool): Search only writable sections. executable(bool): Search only executable sections. @@ -1346,7 +1346,7 @@ class ELF(ELFFile): count(int): Number of bytes to read Returns: - A :class:`str` object, or :const:`None`. + A :class:`bytes` object, or :const:`None`. Examples: The simplest example is just to read the ELF header. @@ -1507,7 +1507,7 @@ class ELF(ELFFile): @property def data(self): - """:class:`str`: Raw data of the ELF file. + """:class:`bytes`: Raw data of the ELF file. See: :meth:`get_data` @@ -1535,7 +1535,7 @@ class ELF(ELFFile): This modifies the ELF in-place. The resulting binary can be saved with :meth:`.ELF.save` """ - binary = asm(assembly, vma=address) + binary = asm(assembly, vma=address, arch=self.arch, endian=self.endian, bits=self.bits) self.write(address, binary) def bss(self, offset=0): @@ -1653,7 +1653,7 @@ class ELF(ELFFile): .. _page 81: https://refspecs.linuxbase.org/elf/elf.pdf#page=81 .. _DT_BIND_NOW: https://refspecs.linuxbase.org/elf/elf.pdf#page=81 .. _PT_GNU_RELRO: https://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic.html#PROGHEADER - .. _DF_BIND_NOW: http://refspecs.linuxbase.org/elf/gabi4+/ch5.dynamic.html#df_bind_now + .. _DF_BIND_NOW: https://refspecs.linuxbase.org/elf/gabi4+/ch5.dynamic.html#df_bind_now >>> path = pwnlib.data.elf.relro.path >>> for test in glob(os.path.join(path, 'test-*')): @@ -1915,7 +1915,7 @@ class ELF(ELFFile): @property def buildid(self): - """:class:`str`: GNU Build ID embedded into the binary""" + """:class:`bytes`: GNU Build ID embedded into the binary""" section = self.get_section_by_name('.note.gnu.build-id') if section: return section.data()[16:] diff --git a/pwnlib/encoders/i386/ascii_shellcode.py b/pwnlib/encoders/i386/ascii_shellcode.py index c1d250f..0b61ca7 100644 --- a/pwnlib/encoders/i386/ascii_shellcode.py +++ b/pwnlib/encoders/i386/ascii_shellcode.py @@ -21,10 +21,10 @@ class AsciiShellcodeEncoder(Encoder): executes (on the stack)
The original paper this encoder is based on:
- http://julianor.tripod.com/bc/bypass-msb.txt
+ https://julianor.tripod.com/bc/bypass-msb.txt
A more visual explanation as well as an implementation in C:
- https://github.com/VincentDary/PolyAsciiShellGen/blob/master/README.md#mechanism
+ https://vincentdary.github.io/blog-posts/polyasciishellgen-caezar-ascii-shellcode-generator/index.html#22-mechanism
"""
def __init__(self, slop=20, max_subs=4):
diff --git a/pwnlib/filepointer.py b/pwnlib/filepointer.py index 9fea772..6c69a5f 100644 --- a/pwnlib/filepointer.py +++ b/pwnlib/filepointer.py @@ -309,7 +309,7 @@ class FileStructure(object): def orange(self,io_list_all,vtable): r""" - Perform a House of Orange (https://github.com/shellphish/how2heap/blob/master/glibc_2.25/house_of_orange.c), provided you have libc leaks. + Perform a House of Orange (https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_orange.c), provided you have libc leaks. Arguments: io_list_all(int) diff --git a/pwnlib/fmtstr.py b/pwnlib/fmtstr.py index bd684b6..c4b7682 100644 --- a/pwnlib/fmtstr.py +++ b/pwnlib/fmtstr.py @@ -285,9 +285,15 @@ def make_atoms_simple(address, data, badbytes=frozenset()): This function is simple and does not try to minimize the number of atoms. For example, if there are no bad bytes, it simply returns one atom for each byte: - - >>> pwnlib.fmtstr.make_atoms_simple(0x0, b"abc", set()) - [AtomWrite(start=0, size=1, integer=0x61, mask=0xff), AtomWrite(start=1, size=1, integer=0x62, mask=0xff), AtomWrite(start=2, size=1, integer=0x63, mask=0xff)] + >>> pwnlib.fmtstr.make_atoms_simple(0x0, b"abc", set()) + [AtomWrite(start=0, size=1, integer=0x61, mask=0xff), AtomWrite(start=1, size=1, integer=0x62, mask=0xff), AtomWrite(start=2, size=1, integer=0x63, mask=0xff)] + + If there are bad bytes, it will try to bypass by skipping addresses containing bad bytes, otherwise a + RuntimeError will be raised: + >>> pwnlib.fmtstr.make_atoms_simple(0x61, b'abc', b'\x62') + [AtomWrite(start=97, size=2, integer=0x6261, mask=0xffff), AtomWrite(start=99, size=1, integer=0x63, mask=0xff)] + >>> pwnlib.fmtstr.make_atoms_simple(0x61, b'a'*0x10, b'\x62\x63\x64\x65\x66\x67\x68') + [AtomWrite(start=97, size=8, integer=0x6161616161616161, mask=0xffffffffffffffff), AtomWrite(start=105, size=1, integer=0x61, mask=0xff), AtomWrite(start=106, size=1, integer=0x61, mask=0xff), AtomWrite(start=107, size=1, integer=0x61, mask=0xff), AtomWrite(start=108, size=1, integer=0x61, mask=0xff), AtomWrite(start=109, size=1, integer=0x61, mask=0xff), AtomWrite(start=110, size=1, integer=0x61, mask=0xff), AtomWrite(start=111, size=1, integer=0x61, mask=0xff), AtomWrite(start=112, size=1, integer=0x61, mask=0xff)] """ data = bytearray(data) if not badbytes: @@ -300,11 +306,11 @@ def make_atoms_simple(address, data, badbytes=frozenset()): out = [] while i < len(data): candidate = AtomWrite(address + i, 1, data[i]) - while candidate.end < len(data) and any(x in badbytes for x in pack(candidate.end)): + while i + candidate.size < len(data) and any(x in badbytes for x in pack(candidate.end)): candidate = candidate.union(AtomWrite(candidate.end, 1, data[i + candidate.size])) sz = min([s for s in SPECIFIER if s >= candidate.size] + [float("inf")]) - if candidate.start + sz > len(data): + if i + sz > len(data): raise RuntimeError("impossible to avoid badbytes starting after offset %d (address %x)" % (i, i + address)) i += candidate.size candidate = candidate.union(AtomWrite(candidate.end, sz - candidate.size, 0, 0)) diff --git a/pwnlib/gdb.py b/pwnlib/gdb.py index 39e2ce1..049035a 100644 --- a/pwnlib/gdb.py +++ b/pwnlib/gdb.py @@ -374,8 +374,10 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= exe(str): Path to the executable on disk env(dict): Environment to start the binary in ssh(:class:`.ssh`): Remote ssh session to use to launch the process. - sysroot(str): Foreign-architecture sysroot, used for QEMU-emulated binaries - and Android targets. + sysroot(str): Set an alternate system root. The system root is used to + load absolute shared library symbol files. This is useful to instruct + gdb to load a local version of binaries/libraries instead of downloading + them from the gdbserver, which is faster api(bool): Enable access to GDB Python API. Returns: @@ -568,7 +570,7 @@ def debug(args, gdbscript=None, exe=None, ssh=None, env=None, sysroot=None, api= gdbserver.executable = exe # Find what port we need to connect to - if context.native or (context.os == 'android'): + if ssh or context.native or (context.os == 'android'): port = _gdbserver_port(gdbserver, ssh) else: port = qemu_port @@ -663,6 +665,48 @@ class Breakpoint: # Handle stop() call from the server. return self.stop() +class FinishBreakpoint: + """Mirror of ``gdb.FinishBreakpoint`` class. + + See https://sourceware.org/gdb/onlinedocs/gdb/Finish-Breakpoints-in-Python.html + for more information. + """ + + def __init__(self, conn, *args, **kwargs): + """Do not create instances of this class directly. + + Use ``pwnlib.gdb.Gdb.FinishBreakpoint`` instead. + """ + # Creates a real finish breakpoint and connects it with this mirror + self.conn = conn + self.server_breakpoint = conn.root.set_finish_breakpoint( + self, hasattr(self, 'stop'), hasattr(self, 'out_of_scope'), + *args, **kwargs) + + def __getattr__(self, item): + """Return attributes of the real breakpoint.""" + if item in ( + '____id_pack__', + '__name__', + '____conn__', + 'stop', + 'out_of_scope', + ): + # Ignore RPyC netref attributes. + # Also, if stop() or out_of_scope() are not defined, hasattr() call + # in our __init__() will bring us here. Don't contact the + # server in this case either. + raise AttributeError() + return getattr(self.server_breakpoint, item) + + def exposed_stop(self): + # Handle stop() call from the server. + return self.stop() + + def exposed_out_of_scope(self): + # Handle out_of_scope() call from the server. + return self.out_of_scope() + class Gdb: """Mirror of ``gdb`` module. @@ -680,8 +724,12 @@ class Gdb: class _Breakpoint(Breakpoint): def __init__(self, *args, **kwargs): super().__init__(conn, *args, **kwargs) + class _FinishBreakpoint(FinishBreakpoint): + def __init__(self, *args, **kwargs): + super().__init__(conn, *args, **kwargs) self.Breakpoint = _Breakpoint + self.FinishBreakpoint = _FinishBreakpoint self.stopped = Event() def stop_handler(event): @@ -728,8 +776,10 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr arch(str): Architechture of the target binary. If `exe` known GDB will detect the architechture automatically (if it is supported). gdb_args(list): List of additional arguments to pass to GDB. - sysroot(str): Foreign-architecture sysroot, used for QEMU-emulated binaries - and Android targets. + sysroot(str): Set an alternate system root. The system root is used to + load absolute shared library symbol files. This is useful to instruct + gdb to load a local version of binaries/libraries instead of downloading + them from the gdbserver, which is faster api(bool): Enable access to GDB Python API. Returns: @@ -868,11 +918,11 @@ def attach(target, gdbscript = '', exe = None, gdb_args = None, ssh = None, sysr # gdb script to run before `gdbscript` pre = '' + if sysroot: + pre += 'set sysroot %s\n' % sysroot if not context.native: pre += 'set endian %s\n' % context.endian pre += 'set architecture %s\n' % get_gdb_arch() - if sysroot: - pre += 'set sysroot %s\n' % sysroot if context.os == 'android': pre += 'set gnutarget ' + _bfdname() + '\n' diff --git a/pwnlib/gdb_api_bridge.py b/pwnlib/gdb_api_bridge.py index 5a0dfb4..05f209e 100644 --- a/pwnlib/gdb_api_bridge.py +++ b/pwnlib/gdb_api_bridge.py @@ -89,6 +89,17 @@ class GdbService(Service): return Breakpoint(*args, **kwargs) return gdb.Breakpoint(*args, **kwargs) + def exposed_set_finish_breakpoint(self, client, has_stop, has_out_of_scope, *args, **kwargs): + """Create a finish breakpoint and connect it with the client-side mirror.""" + class FinishBreakpoint(gdb.FinishBreakpoint): + if has_stop: + def stop(self): + return client.stop() + if has_out_of_scope: + def out_of_scope(self): + client.out_of_scope() + return FinishBreakpoint(*args, **kwargs) + def exposed_quit(self): """Terminate GDB.""" gdb.post_event(lambda: gdb.execute('quit')) diff --git a/pwnlib/lexer.py b/pwnlib/lexer.py index be7730c..b3a3ac6 100644 --- a/pwnlib/lexer.py +++ b/pwnlib/lexer.py @@ -38,7 +38,7 @@ class PwntoolsLexer(RegexLexer): string = r'"(\\"|[^"])*"' char = r'[\w$.@-]' identifier = r'(?:[a-zA-Z$_]' + char + r'*|\.' + char + '+|or)' - number = r'(?:0[xX][a-zA-Z0-9]+|\d+)' + number = r'(?:-?0[xX][a-zA-Z0-9]+|\d+)' memory = r'(?:[\]\[])' bad = r'(?:\(bad\))' diff --git a/pwnlib/libcdb.py b/pwnlib/libcdb.py index 9a66868..98f51ad 100644 --- a/pwnlib/libcdb.py +++ b/pwnlib/libcdb.py @@ -25,7 +25,13 @@ from pwnlib.util.web import wget log = getLogger(__name__) HASHES = ['build_id', 'sha1', 'sha256', 'md5'] -DEBUGINFOD_SERVERS = ['https://debuginfod.systemtap.org/'] +DEBUGINFOD_SERVERS = [ + 'https://debuginfod.elfutils.org/', +] + +if 'DEBUGINFOD_URLS' in os.environ: + urls = os.environ['DEBUGINFOD_URLS'].split(' ') + DEBUGINFOD_SERVERS = urls + DEBUGINFOD_SERVERS # https://gitlab.com/libcdb/libcdb wasn't updated after 2019, # but still is a massive database of older libc binaries. @@ -202,20 +208,18 @@ def unstrip_libc(filename): :const:`True` if binary was unstripped, :const:`False` otherwise. Examples: - >>> filename = search_by_build_id('2d1c5e0b85cb06ff47fa6fa088ec22cb6e06074e', unstrip=False) + >>> filename = search_by_build_id('69389d485a9793dbe873f0ea2c93e02efaa9aa3d', unstrip=False) >>> libc = ELF(filename) - >>> hex(libc.symbols.read) - '0xe56c0' >>> 'main_arena' in libc.symbols False >>> unstrip_libc(filename) True >>> libc = ELF(filename) >>> hex(libc.symbols.main_arena) - '0x1d57a0' + '0x219c80' >>> unstrip_libc(which('python')) False - >>> filename = search_by_build_id('06a8004be6e10c4aeabbe0db74423ace392a2d6b', unstrip=True) + >>> filename = search_by_build_id('d1704d25fbbb72fa95d517b883131828c0883fe9', unstrip=True) >>> 'main_arena' in ELF(filename).symbols True """ @@ -228,6 +232,8 @@ def unstrip_libc(filename): log.warn_once('Given libc does not have a buildid. Cannot look for debuginfo to unstrip.') return False + log.debug('Trying debuginfod servers: %r', DEBUGINFOD_SERVERS) + for server_url in DEBUGINFOD_SERVERS: libc_dbg = _search_debuginfo_by_hash(server_url, enhex(libc.buildid)) if libc_dbg: diff --git a/pwnlib/rop/gadgets.py b/pwnlib/rop/gadgets.py index f31d916..67a6dab 100644 --- a/pwnlib/rop/gadgets.py +++ b/pwnlib/rop/gadgets.py @@ -39,7 +39,7 @@ class Gadget(object): move = 0 def __init__(self, address, insns, regs, move): - self.address = address + self.address = int(address) self.insns = insns self.regs = regs self.move = move diff --git a/pwnlib/rop/ret2csu.py b/pwnlib/rop/ret2csu.py index 39eef82..a426884 100644 --- a/pwnlib/rop/ret2csu.py +++ b/pwnlib/rop/ret2csu.py @@ -31,27 +31,34 @@ def ret2csu(rop, elf, edi, rsi, rdx, rbx, rbp, r12, r13, r14, r15, call=None): # Resolve __libc_csu_ symbols if candidate binary is stripped if '__libc_csu_init' not in elf.symbols: - if elf.pie: - for insn in md.disasm(elf.section('.text'), - elf.offset_to_vaddr(elf.get_section_by_name('.text').header['sh_offset'])): - if insn.mnemonic == 'lea' and insn.operands[0].reg == X86_REG_R8: - elf.sym['__libc_csu_fini'] = insn.address + insn.size + insn.disp - if insn.mnemonic == 'lea' and insn.operands[0].reg == X86_REG_RCX: - elf.sym['__libc_csu_init'] = insn.address + insn.size + insn.disp + textaddr = elf.offset_to_vaddr(elf.get_section_by_name('.text').header.sh_offset) + entry = elf.entry + data = elf.section('.text')[entry-textaddr:] + mnemonic = elf.pie and 'lea' or 'mov' + for insn in md.disasm(data, entry): + if insn.mnemonic == mnemonic: + if mnemonic == 'lea': + addr = insn.address + insn.size + insn.disp + else: + addr = insn.operands[1].imm + + if insn.operands[0].reg == X86_REG_R8: + elf.sym['__libc_csu_fini'] = addr + if insn.operands[0].reg == X86_REG_RCX: + elf.sym['__libc_csu_init'] = addr break + elif insn.mnemonic == 'xor' and insn.operands[0].reg == insn.operands[1].reg == X86_REG_ECX: + log.error("This binary is compiled for glibc 2.34+ and does not have __libc_csu_init") + elif insn.mnemonic in ('hlt', 'jmp', 'call', 'syscall'): + log.error("No __libc_csu_init (no glibc _start)") else: - for insn in md.disasm(elf.section('.text'), elf.get_section_by_name('.text').header['sh_addr']): - if insn.mnemonic == 'mov' and insn.operands[0].reg == X86_REG_R8: - elf.sym['__libc_csu_fini'] = insn.operands[1].imm - if insn.mnemonic == 'mov' and insn.operands[0].reg == X86_REG_RCX: - elf.sym['__libc_csu_init'] = insn.operands[1].imm - break + log.error("Weird _start, definitely no __libc_csu_init") # Resolve location of _fini address if required if not elf.pie and not call: - fini = next(elf.search(p64(elf.dynamic_by_tag('DT_FINI')['d_ptr']))) + call = next(elf.search(p64(elf.dynamic_by_tag('DT_FINI')['d_ptr']))) elif elf.pie and not call: - log.error('No non-PIE binaries in [elfs], \'call\' parameter is required') + log.error("No non-PIE binaries in [elfs], 'call' parameter is required") csu_function = elf.read(elf.sym['__libc_csu_init'], elf.sym['__libc_csu_fini'] - elf.sym['__libc_csu_init']) @@ -63,26 +70,33 @@ def ret2csu(rop, elf, edi, rsi, rdx, rbx, rbp, r12, r13, r14, r15, call=None): # rbx and rbp must be equal after 'add rbx, 1' rop.raw(0x00) # pop rbx rop.raw(0x01) # pop rbp - if call: - rop.raw(call) # pop r12 - else: - rop.raw(fini) # pop r12 # Older versions of gcc use r13 to populate rdx then r15d to populate edi, newer versions use the reverse # Account for this when the binary was linked against a glibc that was built with a newer gcc for insn in md.disasm(csu_function, elf.sym['__libc_csu_init']): if insn.mnemonic == 'mov' and insn.operands[0].reg == X86_REG_RDX and insn.operands[1].reg == X86_REG_R13: + rop.raw(call) # pop r12 rop.raw(rdx) # pop r13 rop.raw(rsi) # pop r14 rop.raw(edi) # pop r15 rop.raw(insn.address) break + elif insn.mnemonic == 'mov' and insn.operands[0].reg == X86_REG_RDX and insn.operands[1].reg == X86_REG_R14: + rop.raw(edi) # pop r12 + rop.raw(rsi) # pop r13 + rop.raw(rdx) # pop r14 + rop.raw(call) # pop r15 + rop.raw(insn.address) + break elif insn.mnemonic == 'mov' and insn.operands[0].reg == X86_REG_RDX and insn.operands[1].reg == X86_REG_R15: + rop.raw(call) # pop r12 rop.raw(edi) # pop r13 rop.raw(rsi) # pop r14 rop.raw(rdx) # pop r15 rop.raw(insn.address) break + else: + log.error("This CSU init variant is not supported by pwntools") # 2nd gadget: Populate edi, rsi & rdx. Populate optional registers rop.raw(Padding('<add rsp, 8>')) # add rsp, 8 diff --git a/pwnlib/rop/ret2dlresolve.py b/pwnlib/rop/ret2dlresolve.py index 8c23b0c..6b9aeac 100644 --- a/pwnlib/rop/ret2dlresolve.py +++ b/pwnlib/rop/ret2dlresolve.py @@ -303,7 +303,11 @@ class Ret2dlresolvePayload(object): rel_addr = self.jmprel + self.reloc_index * ElfRel.size rel_type = 7 rel = ElfRel(r_offset=self.data_addr, r_info=(index<<ELF_R_SYM_SHIFT)+rel_type) - + + # When a program's PIE is enabled, r_offset should be the relative address, not the absolute address + if self.elf.pie: + rel = ElfRel(r_offset=self.data_addr - (self.elf.load_addr + self.elf_load_address_fixup), r_info=(index<<ELF_R_SYM_SHIFT)+rel_type) + self.payload = fit({ symbol_name_addr - self.data_addr: symbol_name, sym_addr - self.data_addr: sym, diff --git a/pwnlib/rop/rop.py b/pwnlib/rop/rop.py index 04e6d3c..0756ad5 100644 --- a/pwnlib/rop/rop.py +++ b/pwnlib/rop/rop.py @@ -24,7 +24,7 @@ Each :class:`Gadget` has an ``address`` property which has the real address as w >>> hex(rop.eax.address) '0x10000004' -Other, more complicated gdagets also happen magically +Other, more complicated gadgets also happen magically >>> rop.ecx Gadget(0x10000006, ['pop ecx', 'pop ebx', 'ret'], ['ecx', 'ebx'], 0xc) @@ -1167,6 +1167,15 @@ class ROP(object): if tuple(gadget.insns)[:n] == tuple(instructions): return gadget + def _flatten(self, initial_list): + # Flatten out any nested lists. + flattened_list = [] + for data in initial_list: + if isinstance(data, (list, tuple)): + flattened_list.extend(self._flatten(data)) + else: + flattened_list.append(data) + return flattened_list def raw(self, value): """Adds a raw integer or string to the ROP chain. @@ -1174,14 +1183,18 @@ class ROP(object): If your architecture requires aligned values, then make sure that any given string is aligned! + When given a list or a tuple of values, the list is + flattened before adding every item to the chain. + Arguments: - data(int/bytes): The raw value to put onto the rop chain. + data(int/bytes/list): The raw value to put onto the rop chain. >>> context.clear(arch='i386') >>> rop = ROP([]) >>> rop.raw('AAAAAAAA') >>> rop.raw('BBBBBBBB') >>> rop.raw('CCCCCCCC') + >>> rop.raw(['DDDD', 'DDDD']) >>> print(rop.dump()) 0x0000: b'AAAA' 'AAAAAAAA' 0x0004: b'AAAA' @@ -1189,10 +1202,16 @@ class ROP(object): 0x000c: b'BBBB' 0x0010: b'CCCC' 'CCCCCCCC' 0x0014: b'CCCC' + 0x0018: b'DDDD' 'DDDD' + 0x001c: b'DDDD' 'DDDD' """ if self.migrated: log.error('Cannot append to a migrated chain') - self._chain.append(value) + + if isinstance(value, (list, tuple)): + self._chain.extend(self._flatten(value)) + else: + self._chain.append(value) def migrate(self, next_base): """Explicitly set $sp, by using a ``leave; ret`` gadget""" @@ -1372,7 +1391,11 @@ class ROP(object): regs.append(pop.match(insn).group(1)) sp_move += context.bytes elif add.match(insn): - sp_move += int(add.match(insn).group(1), 16) + arg = int(add.match(insn).group(1), 16) + sp_move += arg + while arg >= context.bytes: + regs.append(hex(arg)) + arg -= context.bytes elif ret.match(insn): sp_move += context.bytes elif leave.match(insn): diff --git a/pwnlib/shellcraft/__init__.py b/pwnlib/shellcraft/__init__.py index 1fd2fee..592766c 100644 --- a/pwnlib/shellcraft/__init__.py +++ b/pwnlib/shellcraft/__init__.py @@ -186,4 +186,5 @@ class LazyImporter: def load_module(self, fullname): return sys.modules[fullname] + sys.meta_path.append(LazyImporter()) diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dupio.asm b/pwnlib/shellcraft/templates/aarch64/linux/dupio.asm new file mode 100644 index 0000000..7f6ea86 --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/dupio.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.aarch64 import mov,setregs %> +<%page args="sock = 'x12'"/> +<%docstring> +Args: [sock (imm/reg) = x12] + Duplicates sock to stdin, stdout and stderr +</%docstring> +<% + looplabel = common.label("loop") +%> + /* dup() file descriptor ${sock} into stdin/stdout/stderr */ + ${setregs({'x8': 'SYS_dup3', 'x1': 2, 'x2': 0})} + +${looplabel}: + ${mov('x0', sock)} + svc #0 + subs x1, x1, #1 + bpl ${looplabel} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/dupsh.asm b/pwnlib/shellcraft/templates/aarch64/linux/dupsh.asm new file mode 100644 index 0000000..8ee2e1d --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/dupsh.asm @@ -0,0 +1,11 @@ +<% from pwnlib.shellcraft.aarch64 import linux %> +<%page args="sock = 'x12'"/> +<%docstring> +Args: [sock (imm/reg) = x12] + Duplicates sock to stdin, stdout and stderr and spawns a shell. +</%docstring> + + +${linux.dupio(sock)} + +${linux.sh()} diff --git a/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm b/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm new file mode 100644 index 0000000..bdb766e --- /dev/null +++ b/pwnlib/shellcraft/templates/aarch64/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.aarch64 import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = 'x0' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/amd64/itoa.asm b/pwnlib/shellcraft/templates/amd64/itoa.asm index c2cba6e..0737f54 100644 --- a/pwnlib/shellcraft/templates/amd64/itoa.asm +++ b/pwnlib/shellcraft/templates/amd64/itoa.asm @@ -35,14 +35,16 @@ assert v in registers.amd64 ${mov('rdi', buffer)} ${mov('rax', v)} push rax /* save for later */ + ${mov('rcx', 10)} ${size_loop}: ${mov('rdx', 0)} - ${mov('rcx', 10)} div rcx - inc rdi + stosb test rax, rax jnz ${size_loop} - dec rdi +## null terminate + std + stosb ## Now we begin the actual division process pop rax ${itoa_loop}: @@ -54,7 +56,4 @@ ${size_loop}: dec rdi test rax, rax jnz ${itoa_loop} -## null terminate - ${mov('rdx', 0)} - mov BYTE PTR [rdi], dl - inc rdi + cld diff --git a/pwnlib/shellcraft/templates/amd64/linux/dup.asm b/pwnlib/shellcraft/templates/amd64/linux/dupio.asm index a9960e7..730ab27 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/dup.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/dupio.asm @@ -5,23 +5,12 @@ Args: [sock (imm/reg) = rbp] Duplicates sock to stdin, stdout and stderr </%docstring> <% - dup = common.label("dup") looplabel = common.label("loop") - after = common.label("after") %> /* dup() file descriptor ${sock} into stdin/stdout/stderr */ -${dup}: - ${amd64.mov('rbp', sock)} - - push 3 + ${amd64.setregs({'rdi': sock, 'rsi': 2})} ${looplabel}: - pop rsi + ${amd64.linux.dup2('rdi', 'rsi')} dec rsi - js ${after} - push rsi - - ${amd64.linux.syscall('SYS_dup2', 'rbp', 'rsi')} - - jmp ${looplabel} -${after}: + jns ${looplabel} diff --git a/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm b/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm index 6e09418..788cb22 100644 --- a/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm +++ b/pwnlib/shellcraft/templates/amd64/linux/dupsh.asm @@ -7,6 +7,6 @@ Args: [sock (imm/reg) = rbp] </%docstring> -${linux.dup(sock)} +${linux.dupio(sock)} ${linux.sh()} diff --git a/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm b/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm new file mode 100644 index 0000000..d1c1ee7 --- /dev/null +++ b/pwnlib/shellcraft/templates/amd64/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.amd64 import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = 'eax' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/arm/linux/dupio.asm b/pwnlib/shellcraft/templates/arm/linux/dupio.asm new file mode 100644 index 0000000..85b0264 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dupio.asm @@ -0,0 +1,19 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.arm import mov %> +<%page args="sock = 'r6'"/> +<%docstring> +Args: [sock (imm/reg) = r6] + Duplicates sock to stdin, stdout and stderr +</%docstring> +<% + looplabel = common.label("loop") +%> + /* dup() file descriptor ${sock} into stdin/stdout/stderr */ + ${mov('r1', 2)} + ${mov('r7', 'SYS_dup2')} + +${looplabel}: + ${mov('r0', sock)} + svc 0 + subs r1, #1 + bpl ${looplabel} diff --git a/pwnlib/shellcraft/templates/arm/linux/dupsh.asm b/pwnlib/shellcraft/templates/arm/linux/dupsh.asm new file mode 100644 index 0000000..8465db6 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/dupsh.asm @@ -0,0 +1,11 @@ +<% from pwnlib.shellcraft.arm import linux %> +<%page args="sock = 'r6'"/> +<%docstring> +Args: [sock (imm/reg) = r6] + Duplicates sock to stdin, stdout and stderr and spawns a shell. +</%docstring> + + +${linux.dupio(sock)} + +${linux.sh()} diff --git a/pwnlib/shellcraft/templates/arm/linux/setresuid.asm b/pwnlib/shellcraft/templates/arm/linux/setresuid.asm new file mode 100644 index 0000000..0dc8c53 --- /dev/null +++ b/pwnlib/shellcraft/templates/arm/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.arm import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = 'r0' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/i386/itoa.asm b/pwnlib/shellcraft/templates/i386/itoa.asm index 4d86d0f..4747fe3 100644 --- a/pwnlib/shellcraft/templates/i386/itoa.asm +++ b/pwnlib/shellcraft/templates/i386/itoa.asm @@ -36,14 +36,16 @@ assert v in registers.i386 ${mov('edi', buffer)} ${mov('eax', v)} push eax /* save for later */ + ${mov('ecx', 10)} ${size_loop}: ${mov('edx', 0)} - ${mov('ecx', 10)} div ecx inc edi test eax, eax jnz ${size_loop} - dec edi +## null terminate + std + stosb ## Now we begin the actual division process pop eax ${itoa_loop}: @@ -55,7 +57,4 @@ ${size_loop}: dec edi test eax, eax jnz ${itoa_loop} -## null terminate - ${mov('edx', 0)} - mov BYTE PTR [edi], dl - inc edi + cld diff --git a/pwnlib/shellcraft/templates/i386/linux/dupio.asm b/pwnlib/shellcraft/templates/i386/linux/dupio.asm index f1a17ce..8746d01 100644 --- a/pwnlib/shellcraft/templates/i386/linux/dupio.asm +++ b/pwnlib/shellcraft/templates/i386/linux/dupio.asm @@ -1,5 +1,5 @@ <% from pwnlib.shellcraft.i386.linux import dup2 %> -<% from pwnlib.shellcraft.i386 import mov %> +<% from pwnlib.shellcraft.i386 import setregs %> <% from pwnlib.shellcraft import common %> <%page args="sock = 'ebp'"/> <%docstring> @@ -7,16 +7,12 @@ Args: [sock (imm/reg) = ebp] Duplicates sock to stdin, stdout and stderr </%docstring> <% - dup = common.label("dup") looplabel = common.label("loop") %> /* dup() file descriptor ${sock} into stdin/stdout/stderr */ -${dup}: - ${mov('ebx', sock)} - ${mov('ecx', 3)} + ${setregs({'ebx': sock, 'ecx': 2})} ${looplabel}: - dec ecx - ${dup2('ebx', 'ecx')} - jnz ${looplabel} + dec ecx + jns ${looplabel} diff --git a/pwnlib/shellcraft/templates/i386/linux/setresuid.asm b/pwnlib/shellcraft/templates/i386/linux/setresuid.asm new file mode 100644 index 0000000..0e23d01 --- /dev/null +++ b/pwnlib/shellcraft/templates/i386/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.i386 import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = 'eax' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/mips/linux/dupio.asm b/pwnlib/shellcraft/templates/mips/linux/dupio.asm index 0dc27b0..1918af9 100644 --- a/pwnlib/shellcraft/templates/mips/linux/dupio.asm +++ b/pwnlib/shellcraft/templates/mips/linux/dupio.asm @@ -7,12 +7,10 @@ Args: [sock (imm/reg) = s0] Duplicates sock to stdin, stdout and stderr </%docstring> <% - dup = common.label("dup") looplabel = common.label("loop") %> /* dup() file descriptor ${sock} into stdin/stdout/stderr */ -${dup}: ${mov('$v0',2)} ${looplabel}: ${dup2(sock,'$v0')} diff --git a/pwnlib/shellcraft/templates/mips/linux/setresuid.asm b/pwnlib/shellcraft/templates/mips/linux/setresuid.asm new file mode 100644 index 0000000..8b386ca --- /dev/null +++ b/pwnlib/shellcraft/templates/mips/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.mips import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = '$v0' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/shellcraft/templates/mips/mov.asm b/pwnlib/shellcraft/templates/mips/mov.asm index 0bc0ece..28e3c77 100644 --- a/pwnlib/shellcraft/templates/mips/mov.asm +++ b/pwnlib/shellcraft/templates/mips/mov.asm @@ -69,7 +69,7 @@ if not dst.startswith('$'): log.error("Registers must start with $") return -if isinstance(src, str) and dst.startswith('$') and dst not in registers.mips: +if isinstance(dst, str) and dst.startswith('$') and dst not in registers.mips: log.error("Unknown register %r" % dst) return diff --git a/pwnlib/shellcraft/templates/thumb/linux/dup.asm b/pwnlib/shellcraft/templates/thumb/linux/dupio.asm index 5b0cf37..5a57f0c 100644 --- a/pwnlib/shellcraft/templates/thumb/linux/dup.asm +++ b/pwnlib/shellcraft/templates/thumb/linux/dupio.asm @@ -6,11 +6,9 @@ Args: [sock (imm/reg) = r6] Duplicates sock to stdin, stdout and stderr </%docstring> <% - dup = common.label("dup") looplabel = common.label("loop") %> /* dup() file descriptor ${sock} into stdin/stdout/stderr */ -${dup}: ${mov('r1', 2)} ${mov('r7', 'SYS_dup2')} diff --git a/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm b/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm index 68eb142..0623b23 100644 --- a/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm +++ b/pwnlib/shellcraft/templates/thumb/linux/dupsh.asm @@ -1,11 +1,11 @@ <% from pwnlib.shellcraft.thumb import linux %> <%page args="sock = 'r6'"/> <%docstring> -Args: [sock (imm/reg) = ebp] +Args: [sock (imm/reg) = r6] Duplicates sock to stdin, stdout and stderr and spawns a shell. </%docstring> -${linux.dup(sock)} +${linux.dupio(sock)} ${linux.sh()} diff --git a/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm b/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm new file mode 100644 index 0000000..e171854 --- /dev/null +++ b/pwnlib/shellcraft/templates/thumb/linux/setresuid.asm @@ -0,0 +1,18 @@ +<% from pwnlib.shellcraft import common %> +<% from pwnlib.shellcraft.thumb import mov, linux %> +<%page args="ruid=None, euid=None, suid=None"/> +<%docstring> +Args: [ruid = geteuid(), euid = ruid, suid = ruid] + Sets real, effective and saved user ids to given values +</%docstring> + +%if ruid is None: +${linux.geteuid()} +<% ruid = 'r0' %> +%endif +<% + if euid is None: euid = ruid + if suid is None: suid = ruid +%> + +${linux.syscalls.setresuid(ruid, euid, suid)} diff --git a/pwnlib/term/term.py b/pwnlib/term/term.py index b300a5f..5ed4fe0 100644 --- a/pwnlib/term/term.py +++ b/pwnlib/term/term.py @@ -59,10 +59,14 @@ def update_geometry(): height, width = h, w def handler_sigwinch(signum, stack): + if hasattr(signal, 'pthread_sigmask'): + signal.pthread_sigmask(signal.SIG_BLOCK, {signal.SIGWINCH}) update_geometry() redraw() for cb in on_winch: cb() + if hasattr(signal, 'pthread_sigmask'): + signal.pthread_sigmask(signal.SIG_UNBLOCK, {signal.SIGWINCH}) def handler_sigstop(signum, stack): resetterm() @@ -326,14 +330,14 @@ def parse(s): elif c == 0x0d: x = (CR, None) i += 1 - else: - i += 1 - if _graphics_mode: - continue if x is None: x = (STR, [six.int2byte(c) for c in bytearray(b'\\x%02x' % c)]) i += 1 + + if _graphics_mode: + continue + if x[0] == STR and out and out[-1][0] == STR: out[-1][1].extend(x[1]) else: diff --git a/pwnlib/testexample.py b/pwnlib/testexample.py index 13ed133..749e2e8 100644 --- a/pwnlib/testexample.py +++ b/pwnlib/testexample.py @@ -14,7 +14,7 @@ the Python prompt. For more on doctests, see the `Python documentation <https://docs.python.org/2/library/doctest.html>`_. All of the syntax in this file is ReStructuredText. You can find a -`nice cheat sheet here <https://goo.gl/qEKFIu>`_. +`nice cheat sheet here <https://github.com/ralsina/rst-cheatsheet/blob/master/rst-cheatsheet.rst>`_. Here's an example of a module-level doctest: diff --git a/pwnlib/tubes/listen.py b/pwnlib/tubes/listen.py index 359cde2..f012f9b 100644 --- a/pwnlib/tubes/listen.py +++ b/pwnlib/tubes/listen.py @@ -13,7 +13,8 @@ log = getLogger(__name__) class listen(sock): r"""Creates an TCP or UDP-socket to receive data on. It supports - both IPv4 and IPv6. + both IPv4 and IPv6. You need to call :meth:`wait_for_connection` + before using the listen socket. The returned object supports all the methods from :class:`pwnlib.tubes.sock` and :class:`pwnlib.tubes.tube`. @@ -46,6 +47,7 @@ class listen(sock): >>> # and it works with ipv6 by defaut, too! >>> l = listen() >>> r = remote('::1', l.lport) + >>> _ = l.wait_for_connection() >>> r.sendline(b'Bye-bye') >>> l.recvline() b'Bye-bye\n' diff --git a/pwnlib/tubes/process.py b/pwnlib/tubes/process.py index f42bae2..8770ade 100644 --- a/pwnlib/tubes/process.py +++ b/pwnlib/tubes/process.py @@ -217,6 +217,8 @@ class process(tube): #: Have we seen the process stop? If so, this is a unix timestamp. _stop_noticed = 0 + proc = None + def __init__(self, argv = None, shell = False, executable = None, @@ -729,9 +731,9 @@ class process(tube): if direction == 'any': return self.poll() is None elif direction == 'send': - return not self.proc.stdin.closed + return self.proc.stdin and not self.proc.stdin.closed elif direction == 'recv': - return not self.proc.stdout.closed + return self.proc.stdout and not self.proc.stdout.closed def close(self): if self.proc is None: @@ -772,7 +774,7 @@ class process(tube): if direction == "recv": self.proc.stdout.close() - if False not in [self.proc.stdin.closed, self.proc.stdout.closed]: + if all(fp is None or fp.closed for fp in [self.proc.stdin, self.proc.stdout]): self.close() def __pty_make_controlling_tty(self, tty_fd): diff --git a/pwnlib/tubes/ssh.py b/pwnlib/tubes/ssh.py index eab27a5..cd06f34 100644 --- a/pwnlib/tubes/ssh.py +++ b/pwnlib/tubes/ssh.py @@ -1633,7 +1633,7 @@ from ctypes import *; libc = CDLL('libc.so.6'); print(libc.getenv(%r)) remote: Remote directory """ - remote = remote or self.cwd + remote = packing._encode(remote or self.cwd) local = os.path.expanduser(local) dirname = os.path.dirname(local) @@ -1654,7 +1654,7 @@ from ctypes import *; libc = CDLL('libc.so.6'); print(libc.getenv(%r)) remote_tar = self.mktemp('--suffix=.tar.gz') self.upload_file(local_tar, remote_tar) - untar = self.run('cd %s && tar -xzf %s' % (remote, remote_tar)) + untar = self.run(b'cd %s && tar -xzf %s' % (sh_string(remote), sh_string(remote_tar))) message = untar.recvrepeat(2) if untar.wait() != 0: diff --git a/pwnlib/tubes/tube.py b/pwnlib/tubes/tube.py index f476cc4..91ca4f2 100644 --- a/pwnlib/tubes/tube.py +++ b/pwnlib/tubes/tube.py @@ -2,6 +2,7 @@ from __future__ import absolute_import from __future__ import division +import abc import logging import re import six @@ -647,17 +648,30 @@ class tube(Timeout, Logger): keepends=keepends, timeout=timeout) - def recvregex(self, regex, exact=False, timeout=default): - """recvregex(regex, exact=False, timeout=default) -> bytes + def recvregex(self, regex, exact=False, timeout=default, capture=False): + r"""recvregex(regex, exact=False, timeout=default, capture=False) -> bytes Wrapper around :func:`recvpred`, which will return when a regex matches the string in the buffer. + Returns all received data up until the regex matched. If `capture` is + set to True, a :class:`re.Match` object is returned instead. + By default :func:`re.RegexObject.search` is used, but if `exact` is set to True, then :func:`re.RegexObject.match` will be used instead. If the request is not satisfied before ``timeout`` seconds pass, all data is buffered and an empty string (``''``) is returned. + + Examples: + + >>> t = tube() + >>> t.recv_raw = lambda n: b'The lucky number is 1337 as always\nBla blubb blargh\n' + >>> m = t.recvregex(br'number is ([0-9]+) as always\n', capture=True) + >>> m.group(1) + b'1337' + >>> t.recvregex(br'Bla .* blargh\n') + b'Bla blubb blargh\n' """ if isinstance(regex, (bytes, bytearray, six.text_type)): @@ -669,7 +683,10 @@ class tube(Timeout, Logger): else: pred = regex.search - return self.recvpred(pred, timeout = timeout) + if capture: + return pred(self.recvpred(pred, timeout = timeout)) + else: + return self.recvpred(pred, timeout = timeout) def recvline_regex(self, regex, exact=False, keepends=False, timeout=default): """recvline_regex(regex, exact=False, keepends=False, timeout=default) -> bytes @@ -1291,6 +1308,7 @@ class tube(Timeout, Logger): self.close() # The minimal interface to be implemented by a child + @abc.abstractmethod def recv_raw(self, numb): """recv_raw(numb) -> str @@ -1304,6 +1322,7 @@ class tube(Timeout, Logger): raise EOFError('Not implemented') + @abc.abstractmethod def send_raw(self, data): """send_raw(data) diff --git a/pwnlib/util/crc/__init__.py b/pwnlib/util/crc/__init__.py index e08a0c1..56877e6 100644 --- a/pwnlib/util/crc/__init__.py +++ b/pwnlib/util/crc/__init__.py @@ -269,7 +269,7 @@ class Module(types.ModuleType): """A generic CRC-sum function. This is suitable to use with: - http://reveng.sourceforge.net/crc-catalogue/all.htm + https://reveng.sourceforge.io/crc-catalogue/all.htm The "check" value in the document is the CRC-sum of the string "123456789". @@ -360,7 +360,7 @@ class Module(types.ModuleType): l = len(data) data += packing.pack(l, 'all', endian='little', sign=False) - return crc.crc_32_posix(data) + return crc.crc_32_cksum(data) @staticmethod def find_crc_function(data, checksum): diff --git a/pwnlib/util/crc/known.py b/pwnlib/util/crc/known.py index 9b40057..7d28e7d 100644 --- a/pwnlib/util/crc/known.py +++ b/pwnlib/util/crc/known.py @@ -6,7 +6,7 @@ import re def generate(): """Generates a dictionary of all the known CRC formats from: - http://reveng.sourceforge.net/crc-catalogue/all.htm + https://reveng.sourceforge.io/crc-catalogue/all.htm See pwnlib/data/crcsum.txt for more information. """ @@ -39,7 +39,7 @@ def generate(): ref, l = l.split(' ', 1) cur = {} - cur['link'] = 'http://reveng.sourceforge.net/crc-catalogue/all.htm#' + ref + cur['link'] = 'https://reveng.sourceforge.io/crc-catalogue/all.htm#' + ref for key in ['width', 'poly', 'init', 'refin', 'refout', 'xorout', 'check', 'name']: cur[key] = fixup(re.findall(r'%s=(\S+)' % key, l)[0]) @@ -51,27 +51,18 @@ def generate(): all_crcs = \ - {'arc': {'check': 47933, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.16', - 'name': 'arc', - 'poly': 32773, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 0}, - 'crc_10': {'check': 409, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.10', - 'name': 'crc_10', - 'poly': 563, - 'refin': False, - 'refout': False, - 'width': 10, - 'xorout': 0}, + {'crc_10_atm': {'check': 409, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-10-atm', + 'name': 'crc_10_atm', + 'poly': 563, + 'refin': False, + 'refout': False, + 'width': 10, + 'xorout': 0}, 'crc_10_cdma2000': {'check': 563, 'init': 1023, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-10-cdma2000', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-10-cdma2000', 'name': 'crc_10_cdma2000', 'poly': 985, 'refin': False, @@ -80,25 +71,25 @@ all_crcs = \ 'xorout': 0}, 'crc_10_gsm': {'check': 298, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-10-gsm', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-10-gsm', 'name': 'crc_10_gsm', 'poly': 373, 'refin': False, 'refout': False, 'width': 10, 'xorout': 1023}, - 'crc_11': {'check': 1443, - 'init': 26, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.11', - 'name': 'crc_11', - 'poly': 901, - 'refin': False, - 'refout': False, - 'width': 11, - 'xorout': 0}, + 'crc_11_flexray': {'check': 1443, + 'init': 26, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-11-flexray', + 'name': 'crc_11_flexray', + 'poly': 901, + 'refin': False, + 'refout': False, + 'width': 11, + 'xorout': 0}, 'crc_11_umts': {'check': 97, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-11-umts', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-11-umts', 'name': 'crc_11_umts', 'poly': 775, 'refin': False, @@ -107,7 +98,7 @@ all_crcs = \ 'xorout': 0}, 'crc_12_cdma2000': {'check': 3405, 'init': 4095, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.12', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-12-cdma2000', 'name': 'crc_12_cdma2000', 'poly': 3859, 'refin': False, @@ -116,7 +107,7 @@ all_crcs = \ 'xorout': 0}, 'crc_12_dect': {'check': 3931, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-12-dect', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-12-dect', 'name': 'crc_12_dect', 'poly': 2063, 'refin': False, @@ -125,7 +116,7 @@ all_crcs = \ 'xorout': 0}, 'crc_12_gsm': {'check': 2868, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-12-gsm', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-12-gsm', 'name': 'crc_12_gsm', 'poly': 3377, 'refin': False, @@ -134,7 +125,7 @@ all_crcs = \ 'xorout': 4095}, 'crc_12_umts': {'check': 3503, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-12-umts', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-12-umts', 'name': 'crc_12_umts', 'poly': 2063, 'refin': False, @@ -143,7 +134,7 @@ all_crcs = \ 'xorout': 0}, 'crc_13_bbc': {'check': 1274, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.13', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-13-bbc', 'name': 'crc_13_bbc', 'poly': 7413, 'refin': False, @@ -152,7 +143,7 @@ all_crcs = \ 'xorout': 0}, 'crc_14_darc': {'check': 2093, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.14', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-14-darc', 'name': 'crc_14_darc', 'poly': 2053, 'refin': True, @@ -161,61 +152,43 @@ all_crcs = \ 'xorout': 0}, 'crc_14_gsm': {'check': 12462, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-14-gsm', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-14-gsm', 'name': 'crc_14_gsm', 'poly': 8237, 'refin': False, 'refout': False, 'width': 14, 'xorout': 16383}, - 'crc_15': {'check': 1438, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.15', - 'name': 'crc_15', - 'poly': 17817, - 'refin': False, - 'refout': False, - 'width': 15, - 'xorout': 0}, + 'crc_15_can': {'check': 1438, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-15-can', + 'name': 'crc_15_can', + 'poly': 17817, + 'refin': False, + 'refout': False, + 'width': 15, + 'xorout': 0}, 'crc_15_mpt1327': {'check': 9574, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-15-mpt1327', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-15-mpt1327', 'name': 'crc_15_mpt1327', 'poly': 26645, 'refin': False, 'refout': False, 'width': 15, 'xorout': 1}, - 'crc_16_aug_ccitt': {'check': 58828, - 'init': 7439, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-aug-ccitt', - 'name': 'crc_16_aug_ccitt', - 'poly': 4129, - 'refin': False, - 'refout': False, - 'width': 16, - 'xorout': 0}, - 'crc_16_buypass': {'check': 65256, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-buypass', - 'name': 'crc_16_buypass', - 'poly': 32773, - 'refin': False, - 'refout': False, - 'width': 16, - 'xorout': 0}, - 'crc_16_ccitt_false': {'check': 10673, - 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-ccitt-false', - 'name': 'crc_16_ccitt_false', - 'poly': 4129, - 'refin': False, - 'refout': False, - 'width': 16, - 'xorout': 0}, + 'crc_16_arc': {'check': 47933, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-arc', + 'name': 'crc_16_arc', + 'poly': 32773, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 0}, 'crc_16_cdma2000': {'check': 19462, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-cdma2000', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-cdma2000', 'name': 'crc_16_cdma2000', 'poly': 51303, 'refin': False, @@ -224,7 +197,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_cms': {'check': 44775, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-cms', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-cms', 'name': 'crc_16_cms', 'poly': 32773, 'refin': False, @@ -233,7 +206,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_dds_110': {'check': 40655, 'init': 32781, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-dds-110', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-dds-110', 'name': 'crc_16_dds_110', 'poly': 32773, 'refin': False, @@ -242,7 +215,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_dect_r': {'check': 126, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-dect-r', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-dect-r', 'name': 'crc_16_dect_r', 'poly': 1417, 'refin': False, @@ -251,7 +224,7 @@ all_crcs = \ 'xorout': 1}, 'crc_16_dect_x': {'check': 127, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-dect-x', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-dect-x', 'name': 'crc_16_dect_x', 'poly': 1417, 'refin': False, @@ -260,7 +233,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_dnp': {'check': 60034, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-dnp', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-dnp', 'name': 'crc_16_dnp', 'poly': 15717, 'refin': True, @@ -269,7 +242,7 @@ all_crcs = \ 'xorout': 65535}, 'crc_16_en_13757': {'check': 49847, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-en-13757', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-en-13757', 'name': 'crc_16_en_13757', 'poly': 15717, 'refin': False, @@ -278,7 +251,7 @@ all_crcs = \ 'xorout': 65535}, 'crc_16_genibus': {'check': 54862, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-genibus', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-genibus', 'name': 'crc_16_genibus', 'poly': 4129, 'refin': False, @@ -287,43 +260,106 @@ all_crcs = \ 'xorout': 65535}, 'crc_16_gsm': {'check': 52796, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-gsm', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-gsm', 'name': 'crc_16_gsm', 'poly': 4129, 'refin': False, 'refout': False, 'width': 16, 'xorout': 65535}, + 'crc_16_ibm_3740': {'check': 10673, + 'init': 65535, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-ibm-3740', + 'name': 'crc_16_ibm_3740', + 'poly': 4129, + 'refin': False, + 'refout': False, + 'width': 16, + 'xorout': 0}, + 'crc_16_ibm_sdlc': {'check': 36974, + 'init': 65535, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-ibm-sdlc', + 'name': 'crc_16_ibm_sdlc', + 'poly': 4129, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 65535}, + 'crc_16_iso_iec_14443_3_a': {'check': 48901, + 'init': 50886, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-iso-iec-14443-3-a', + 'name': 'crc_16_iso_iec_14443_3_a', + 'poly': 4129, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 0}, + 'crc_16_kermit': {'check': 8585, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-kermit', + 'name': 'crc_16_kermit', + 'poly': 4129, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 0}, 'crc_16_lj1200': {'check': 48628, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-lj1200', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-lj1200', 'name': 'crc_16_lj1200', 'poly': 28515, 'refin': False, 'refout': False, 'width': 16, 'xorout': 0}, - 'crc_16_maxim': {'check': 17602, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-maxim', - 'name': 'crc_16_maxim', - 'poly': 32773, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 65535}, + 'crc_16_m17': {'check': 30507, + 'init': 65535, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-m17', + 'name': 'crc_16_m17', + 'poly': 22837, + 'refin': False, + 'refout': False, + 'width': 16, + 'xorout': 0}, + 'crc_16_maxim_dow': {'check': 17602, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-maxim-dow', + 'name': 'crc_16_maxim_dow', + 'poly': 32773, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 65535}, 'crc_16_mcrf4xx': {'check': 28561, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-mcrf4xx', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-mcrf4xx', 'name': 'crc_16_mcrf4xx', 'poly': 4129, 'refin': True, 'refout': True, 'width': 16, 'xorout': 0}, + 'crc_16_modbus': {'check': 19255, + 'init': 65535, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-modbus', + 'name': 'crc_16_modbus', + 'poly': 32773, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 0}, + 'crc_16_nrsc_5': {'check': 41062, + 'init': 65535, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-nrsc-5', + 'name': 'crc_16_nrsc_5', + 'poly': 2059, + 'refin': True, + 'refout': True, + 'width': 16, + 'xorout': 0}, 'crc_16_opensafety_a': {'check': 23864, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-opensafety-a', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-opensafety-a', 'name': 'crc_16_opensafety_a', 'poly': 22837, 'refin': False, @@ -332,7 +368,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_opensafety_b': {'check': 8446, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-opensafety-a', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-opensafety-b', 'name': 'crc_16_opensafety_b', 'poly': 30043, 'refin': False, @@ -341,7 +377,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_profibus': {'check': 43033, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-profibus', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-profibus', 'name': 'crc_16_profibus', 'poly': 7631, 'refin': False, @@ -350,16 +386,25 @@ all_crcs = \ 'xorout': 65535}, 'crc_16_riello': {'check': 25552, 'init': 45738, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-riello', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-riello', 'name': 'crc_16_riello', 'poly': 4129, 'refin': True, 'refout': True, 'width': 16, 'xorout': 0}, + 'crc_16_spi_fujitsu': {'check': 58828, + 'init': 7439, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-spi-fujitsu', + 'name': 'crc_16_spi_fujitsu', + 'poly': 4129, + 'refin': False, + 'refout': False, + 'width': 16, + 'xorout': 0}, 'crc_16_t10_dif': {'check': 53467, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-t10-dif', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-t10-dif', 'name': 'crc_16_t10_dif', 'poly': 35767, 'refin': False, @@ -368,7 +413,7 @@ all_crcs = \ 'xorout': 0}, 'crc_16_teledisk': {'check': 4019, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-teledisk', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-teledisk', 'name': 'crc_16_teledisk', 'poly': 41111, 'refin': False, @@ -377,34 +422,61 @@ all_crcs = \ 'xorout': 0}, 'crc_16_tms37157': {'check': 9905, 'init': 35308, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-tms37157', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-tms37157', 'name': 'crc_16_tms37157', 'poly': 4129, 'refin': True, 'refout': True, 'width': 16, 'xorout': 0}, + 'crc_16_umts': {'check': 65256, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-umts', + 'name': 'crc_16_umts', + 'poly': 32773, + 'refin': False, + 'refout': False, + 'width': 16, + 'xorout': 0}, 'crc_16_usb': {'check': 46280, 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-usb', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-usb', 'name': 'crc_16_usb', 'poly': 32773, 'refin': True, 'refout': True, 'width': 16, 'xorout': 65535}, - 'crc_24': {'check': 2215682, - 'init': 11994318, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.24', - 'name': 'crc_24', - 'poly': 8801531, - 'refin': False, - 'refout': False, - 'width': 24, - 'xorout': 0}, + 'crc_16_xmodem': {'check': 12739, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-16-xmodem', + 'name': 'crc_16_xmodem', + 'poly': 4129, + 'refin': False, + 'refout': False, + 'width': 16, + 'xorout': 0}, + 'crc_17_can_fd': {'check': 20227, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-17-can-fd', + 'name': 'crc_17_can_fd', + 'poly': 92251, + 'refin': False, + 'refout': False, + 'width': 17, + 'xorout': 0}, + 'crc_21_can_fd': {'check': 972865, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-21-can-fd', + 'name': 'crc_21_can_fd', + 'poly': 1058969, + 'refin': False, + 'refout': False, + 'width': 21, + 'xorout': 0}, 'crc_24_ble': {'check': 12737110, 'init': 5592405, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-ble', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-ble', 'name': 'crc_24_ble', 'poly': 1627, 'refin': True, @@ -413,7 +485,7 @@ all_crcs = \ 'xorout': 0}, 'crc_24_flexray_a': {'check': 7961021, 'init': 16702650, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-flexray-a', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-flexray-a', 'name': 'crc_24_flexray_a', 'poly': 6122955, 'refin': False, @@ -422,7 +494,7 @@ all_crcs = \ 'xorout': 0}, 'crc_24_flexray_b': {'check': 2040760, 'init': 11259375, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-flexray-b', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-flexray-b', 'name': 'crc_24_flexray_b', 'poly': 6122955, 'refin': False, @@ -431,7 +503,7 @@ all_crcs = \ 'xorout': 0}, 'crc_24_interlaken': {'check': 11858918, 'init': 16777215, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-interlaken', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-interlaken', 'name': 'crc_24_interlaken', 'poly': 3312483, 'refin': False, @@ -440,7 +512,7 @@ all_crcs = \ 'xorout': 16777215}, 'crc_24_lte_a': {'check': 13494019, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-lte-a', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-lte-a', 'name': 'crc_24_lte_a', 'poly': 8801531, 'refin': False, @@ -449,16 +521,34 @@ all_crcs = \ 'xorout': 0}, 'crc_24_lte_b': {'check': 2355026, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-24-lte-b', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-lte-b', 'name': 'crc_24_lte_b', 'poly': 8388707, 'refin': False, 'refout': False, 'width': 24, 'xorout': 0}, + 'crc_24_openpgp': {'check': 2215682, + 'init': 11994318, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-openpgp', + 'name': 'crc_24_openpgp', + 'poly': 8801531, + 'refin': False, + 'refout': False, + 'width': 24, + 'xorout': 0}, + 'crc_24_os_9': {'check': 2101157, + 'init': 16777215, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-24-os-9', + 'name': 'crc_24_os_9', + 'poly': 8388707, + 'refin': False, + 'refout': False, + 'width': 24, + 'xorout': 16777215}, 'crc_30_cdma': {'check': 79907519, 'init': 1073741823, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.30', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-30-cdma', 'name': 'crc_30_cdma', 'poly': 540064199, 'refin': False, @@ -467,88 +557,124 @@ all_crcs = \ 'xorout': 1073741823}, 'crc_31_philips': {'check': 216654956, 'init': 2147483647, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.31', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-31-philips', 'name': 'crc_31_philips', 'poly': 79764919, 'refin': False, 'refout': False, 'width': 31, 'xorout': 2147483647}, - 'crc_32': {'check': 3421780262, - 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.32', - 'name': 'crc_32', - 'poly': 79764919, - 'refin': True, - 'refout': True, - 'width': 32, - 'xorout': 4294967295}, + 'crc_32_aixm': {'check': 806403967, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-aixm', + 'name': 'crc_32_aixm', + 'poly': 2168537515, + 'refin': False, + 'refout': False, + 'width': 32, + 'xorout': 0}, 'crc_32_autosar': {'check': 379048042, 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32-autosar', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-autosar', 'name': 'crc_32_autosar', 'poly': 4104977171, 'refin': True, 'refout': True, 'width': 32, 'xorout': 4294967295}, + 'crc_32_base91_d': {'check': 2268157302, + 'init': 4294967295, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-base91-d', + 'name': 'crc_32_base91_d', + 'poly': 2821953579, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 4294967295}, 'crc_32_bzip2': {'check': 4236843288, 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32-bzip2', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-bzip2', 'name': 'crc_32_bzip2', 'poly': 79764919, 'refin': False, 'refout': False, 'width': 32, 'xorout': 4294967295}, + 'crc_32_cd_rom_edc': {'check': 1858268612, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-cd-rom-edc', + 'name': 'crc_32_cd_rom_edc', + 'poly': 2147581979, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 0}, + 'crc_32_cksum': {'check': 1985902208, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-cksum', + 'name': 'crc_32_cksum', + 'poly': 79764919, + 'refin': False, + 'refout': False, + 'width': 32, + 'xorout': 4294967295}, + 'crc_32_iscsi': {'check': 3808858755, + 'init': 4294967295, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-iscsi', + 'name': 'crc_32_iscsi', + 'poly': 517762881, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 4294967295}, + 'crc_32_iso_hdlc': {'check': 3421780262, + 'init': 4294967295, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-iso-hdlc', + 'name': 'crc_32_iso_hdlc', + 'poly': 79764919, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 4294967295}, + 'crc_32_jamcrc': {'check': 873187033, + 'init': 4294967295, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-jamcrc', + 'name': 'crc_32_jamcrc', + 'poly': 79764919, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 0}, + 'crc_32_mef': {'check': 3535941457, + 'init': 4294967295, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-mef', + 'name': 'crc_32_mef', + 'poly': 1947962583, + 'refin': True, + 'refout': True, + 'width': 32, + 'xorout': 0}, 'crc_32_mpeg_2': {'check': 58124007, 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32-mpeg-2', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-mpeg-2', 'name': 'crc_32_mpeg_2', 'poly': 79764919, 'refin': False, 'refout': False, 'width': 32, 'xorout': 0}, - 'crc_32_posix': {'check': 1985902208, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32-posix', - 'name': 'crc_32_posix', - 'poly': 79764919, - 'refin': False, - 'refout': False, - 'width': 32, - 'xorout': 4294967295}, - 'crc_32c': {'check': 3808858755, - 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32c', - 'name': 'crc_32c', - 'poly': 517762881, - 'refin': True, - 'refout': True, - 'width': 32, - 'xorout': 4294967295}, - 'crc_32d': {'check': 2268157302, - 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32d', - 'name': 'crc_32d', - 'poly': 2821953579, - 'refin': True, - 'refout': True, - 'width': 32, - 'xorout': 4294967295}, - 'crc_32q': {'check': 806403967, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-32q', - 'name': 'crc_32q', - 'poly': 2168537515, - 'refin': False, - 'refout': False, - 'width': 32, - 'xorout': 0}, + 'crc_32_xfer': {'check': 3171672888, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-32-xfer', + 'name': 'crc_32_xfer', + 'poly': 175, + 'refin': False, + 'refout': False, + 'width': 32, + 'xorout': 0}, 'crc_3_gsm': {'check': 4, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.3', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-3-gsm', 'name': 'crc_3_gsm', 'poly': 3, 'refin': False, @@ -557,7 +683,7 @@ all_crcs = \ 'xorout': 7}, 'crc_3_rohc': {'check': 6, 'init': 7, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-3-rohc', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-3-rohc', 'name': 'crc_3_rohc', 'poly': 3, 'refin': True, @@ -566,79 +692,88 @@ all_crcs = \ 'xorout': 0}, 'crc_40_gsm': {'check': 910907393606, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.40', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-40-gsm', 'name': 'crc_40_gsm', 'poly': 75628553, 'refin': False, 'refout': False, 'width': 40, 'xorout': 1099511627775}, + 'crc_4_g_704': {'check': 7, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-4-g-704', + 'name': 'crc_4_g_704', + 'poly': 3, + 'refin': True, + 'refout': True, + 'width': 4, + 'xorout': 0}, 'crc_4_interlaken': {'check': 11, 'init': 15, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.4', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-4-interlaken', 'name': 'crc_4_interlaken', 'poly': 3, 'refin': False, 'refout': False, 'width': 4, 'xorout': 15}, - 'crc_4_itu': {'check': 7, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-4-itu', - 'name': 'crc_4_itu', - 'poly': 3, - 'refin': True, - 'refout': True, - 'width': 4, - 'xorout': 0}, - 'crc_5_epc': {'check': 0, - 'init': 9, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.5', - 'name': 'crc_5_epc', - 'poly': 9, - 'refin': False, - 'refout': False, - 'width': 5, - 'xorout': 0}, - 'crc_5_itu': {'check': 7, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-5-itu', - 'name': 'crc_5_itu', - 'poly': 21, - 'refin': True, - 'refout': True, - 'width': 5, - 'xorout': 0}, + 'crc_5_epc_c1g2': {'check': 0, + 'init': 9, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-5-epc-c1g2', + 'name': 'crc_5_epc_c1g2', + 'poly': 9, + 'refin': False, + 'refout': False, + 'width': 5, + 'xorout': 0}, + 'crc_5_g_704': {'check': 7, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-5-g-704', + 'name': 'crc_5_g_704', + 'poly': 21, + 'refin': True, + 'refout': True, + 'width': 5, + 'xorout': 0}, 'crc_5_usb': {'check': 25, 'init': 31, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-5-usb', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-5-usb', 'name': 'crc_5_usb', 'poly': 5, 'refin': True, 'refout': True, 'width': 5, 'xorout': 31}, - 'crc_64': {'check': 7800480153909949255, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.64', - 'name': 'crc_64', - 'poly': 4823603603198064275, - 'refin': False, - 'refout': False, - 'width': 64, - 'xorout': 0}, + 'crc_64_ecma_182': {'check': 7800480153909949255, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-64-ecma-182', + 'name': 'crc_64_ecma_182', + 'poly': 4823603603198064275, + 'refin': False, + 'refout': False, + 'width': 64, + 'xorout': 0}, 'crc_64_go_iso': {'check': 13333283586479230977, 'init': 18446744073709551615, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-64-go-iso', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-64-go-iso', 'name': 'crc_64_go_iso', 'poly': 27, 'refin': True, 'refout': True, 'width': 64, 'xorout': 18446744073709551615}, + 'crc_64_ms': {'check': 8490612747469246186, + 'init': 18446744073709551615, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-64-ms', + 'name': 'crc_64_ms', + 'poly': 2710187085972792137, + 'refin': True, + 'refout': True, + 'width': 64, + 'xorout': 0}, 'crc_64_we': {'check': 7128171145767219210, 'init': 18446744073709551615, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-64-we', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-64-we', 'name': 'crc_64_we', 'poly': 4823603603198064275, 'refin': False, @@ -647,7 +782,7 @@ all_crcs = \ 'xorout': 18446744073709551615}, 'crc_64_xz': {'check': 11051210869376104954, 'init': 18446744073709551615, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-64-xz', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-64-xz', 'name': 'crc_64_xz', 'poly': 4823603603198064275, 'refin': True, @@ -656,7 +791,7 @@ all_crcs = \ 'xorout': 18446744073709551615}, 'crc_6_cdma2000_a': {'check': 13, 'init': 63, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.6', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-6-cdma2000-a', 'name': 'crc_6_cdma2000_a', 'poly': 39, 'refin': False, @@ -665,7 +800,7 @@ all_crcs = \ 'xorout': 0}, 'crc_6_cdma2000_b': {'check': 59, 'init': 63, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-6-cdma2000-b', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-6-cdma2000-b', 'name': 'crc_6_cdma2000_b', 'poly': 7, 'refin': False, @@ -674,43 +809,43 @@ all_crcs = \ 'xorout': 0}, 'crc_6_darc': {'check': 38, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-6-darc', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-6-darc', 'name': 'crc_6_darc', 'poly': 25, 'refin': True, 'refout': True, 'width': 6, 'xorout': 0}, + 'crc_6_g_704': {'check': 6, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-6-g-704', + 'name': 'crc_6_g_704', + 'poly': 3, + 'refin': True, + 'refout': True, + 'width': 6, + 'xorout': 0}, 'crc_6_gsm': {'check': 19, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-6-gsm', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-6-gsm', 'name': 'crc_6_gsm', 'poly': 47, 'refin': False, 'refout': False, 'width': 6, 'xorout': 63}, - 'crc_6_itu': {'check': 6, + 'crc_7_mmc': {'check': 117, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-6-itu', - 'name': 'crc_6_itu', - 'poly': 3, - 'refin': True, - 'refout': True, - 'width': 6, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-7-mmc', + 'name': 'crc_7_mmc', + 'poly': 9, + 'refin': False, + 'refout': False, + 'width': 7, 'xorout': 0}, - 'crc_7': {'check': 117, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.7', - 'name': 'crc_7', - 'poly': 9, - 'refin': False, - 'refout': False, - 'width': 7, - 'xorout': 0}, 'crc_7_rohc': {'check': 83, 'init': 127, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-7-rohc', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-7-rohc', 'name': 'crc_7_rohc', 'poly': 79, 'refin': True, @@ -719,25 +854,16 @@ all_crcs = \ 'xorout': 0}, 'crc_7_umts': {'check': 97, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-7-umts', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-7-umts', 'name': 'crc_7_umts', 'poly': 69, 'refin': False, 'refout': False, 'width': 7, 'xorout': 0}, - 'crc_8': {'check': 244, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.8', - 'name': 'crc_8', - 'poly': 7, - 'refin': False, - 'refout': False, - 'width': 8, - 'xorout': 0}, 'crc_82_darc': {'check': 749237524598872659187218, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat-bits.82', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-82-darc', 'name': 'crc_82_darc', 'poly': 229256212191916381701137, 'refin': True, @@ -746,16 +872,25 @@ all_crcs = \ 'xorout': 0}, 'crc_8_autosar': {'check': 223, 'init': 255, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-autosar', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-autosar', 'name': 'crc_8_autosar', 'poly': 47, 'refin': False, 'refout': False, 'width': 8, 'xorout': 255}, + 'crc_8_bluetooth': {'check': 38, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-bluetooth', + 'name': 'crc_8_bluetooth', + 'poly': 167, + 'refin': True, + 'refout': True, + 'width': 8, + 'xorout': 0}, 'crc_8_cdma2000': {'check': 218, 'init': 255, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-cdma2000', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-cdma2000', 'name': 'crc_8_cdma2000', 'poly': 155, 'refin': False, @@ -764,7 +899,7 @@ all_crcs = \ 'xorout': 0}, 'crc_8_darc': {'check': 21, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-darc', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-darc', 'name': 'crc_8_darc', 'poly': 57, 'refin': True, @@ -773,25 +908,16 @@ all_crcs = \ 'xorout': 0}, 'crc_8_dvb_s2': {'check': 188, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-dvb-s2', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-dvb-s2', 'name': 'crc_8_dvb_s2', 'poly': 213, 'refin': False, 'refout': False, 'width': 8, 'xorout': 0}, - 'crc_8_ebu': {'check': 151, - 'init': 255, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-ebu', - 'name': 'crc_8_ebu', - 'poly': 29, - 'refin': True, - 'refout': True, - 'width': 8, - 'xorout': 0}, 'crc_8_gsm_a': {'check': 55, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-gsm-a', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-gsm-a', 'name': 'crc_8_gsm_a', 'poly': 29, 'refin': False, @@ -800,52 +926,79 @@ all_crcs = \ 'xorout': 0}, 'crc_8_gsm_b': {'check': 148, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-gsm-b', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-gsm-b', 'name': 'crc_8_gsm_b', 'poly': 73, 'refin': False, 'refout': False, 'width': 8, 'xorout': 255}, + 'crc_8_hitag': {'check': 180, + 'init': 255, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-hitag', + 'name': 'crc_8_hitag', + 'poly': 29, + 'refin': False, + 'refout': False, + 'width': 8, + 'xorout': 0}, + 'crc_8_i_432_1': {'check': 161, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-i-432-1', + 'name': 'crc_8_i_432_1', + 'poly': 7, + 'refin': False, + 'refout': False, + 'width': 8, + 'xorout': 85}, 'crc_8_i_code': {'check': 126, 'init': 253, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-i-code', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-i-code', 'name': 'crc_8_i_code', 'poly': 29, 'refin': False, 'refout': False, 'width': 8, 'xorout': 0}, - 'crc_8_itu': {'check': 161, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-itu', - 'name': 'crc_8_itu', - 'poly': 7, - 'refin': False, - 'refout': False, - 'width': 8, - 'xorout': 85}, 'crc_8_lte': {'check': 234, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-lte', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-lte', 'name': 'crc_8_lte', 'poly': 155, 'refin': False, 'refout': False, 'width': 8, 'xorout': 0}, - 'crc_8_maxim': {'check': 161, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-maxim', - 'name': 'crc_8_maxim', - 'poly': 49, - 'refin': True, - 'refout': True, - 'width': 8, - 'xorout': 0}, + 'crc_8_maxim_dow': {'check': 161, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-maxim-dow', + 'name': 'crc_8_maxim_dow', + 'poly': 49, + 'refin': True, + 'refout': True, + 'width': 8, + 'xorout': 0}, + 'crc_8_mifare_mad': {'check': 153, + 'init': 199, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-mifare-mad', + 'name': 'crc_8_mifare_mad', + 'poly': 29, + 'refin': False, + 'refout': False, + 'width': 8, + 'xorout': 0}, + 'crc_8_nrsc_5': {'check': 247, + 'init': 255, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-nrsc-5', + 'name': 'crc_8_nrsc_5', + 'poly': 49, + 'refin': False, + 'refout': False, + 'width': 8, + 'xorout': 0}, 'crc_8_opensafety': {'check': 62, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-opensafety', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-opensafety', 'name': 'crc_8_opensafety', 'poly': 47, 'refin': False, @@ -854,7 +1007,7 @@ all_crcs = \ 'xorout': 0}, 'crc_8_rohc': {'check': 208, 'init': 255, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-rohc', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-rohc', 'name': 'crc_8_rohc', 'poly': 7, 'refin': True, @@ -863,82 +1016,37 @@ all_crcs = \ 'xorout': 0}, 'crc_8_sae_j1850': {'check': 75, 'init': 255, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-sae-j1850', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-sae-j1850', 'name': 'crc_8_sae_j1850', 'poly': 29, 'refin': False, 'refout': False, 'width': 8, 'xorout': 255}, + 'crc_8_smbus': {'check': 244, + 'init': 0, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-smbus', + 'name': 'crc_8_smbus', + 'poly': 7, + 'refin': False, + 'refout': False, + 'width': 8, + 'xorout': 0}, + 'crc_8_tech_3250': {'check': 151, + 'init': 255, + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-tech-3250', + 'name': 'crc_8_tech_3250', + 'poly': 29, + 'refin': True, + 'refout': True, + 'width': 8, + 'xorout': 0}, 'crc_8_wcdma': {'check': 37, 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-8-wdcma', + 'link': 'https://reveng.sourceforge.io/crc-catalogue/all.htm#crc.cat.crc-8-wcdma', 'name': 'crc_8_wcdma', 'poly': 155, 'refin': True, 'refout': True, 'width': 8, - 'xorout': 0}, - 'crc_a': {'check': 48901, - 'init': 50886, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-a', - 'name': 'crc_a', - 'poly': 4129, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 0}, - 'jamcrc': {'check': 873187033, - 'init': 4294967295, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.jamcrc', - 'name': 'jamcrc', - 'poly': 79764919, - 'refin': True, - 'refout': True, - 'width': 32, - 'xorout': 0}, - 'kermit': {'check': 8585, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.kermit', - 'name': 'kermit', - 'poly': 4129, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 0}, - 'modbus': {'check': 19255, - 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.modbus', - 'name': 'modbus', - 'poly': 32773, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 0}, - 'x_25': {'check': 36974, - 'init': 65535, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.x-25', - 'name': 'x_25', - 'poly': 4129, - 'refin': True, - 'refout': True, - 'width': 16, - 'xorout': 65535}, - 'xfer': {'check': 3171672888, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.xfer', - 'name': 'xfer', - 'poly': 175, - 'refin': False, - 'refout': False, - 'width': 32, - 'xorout': 0}, - 'xmodem': {'check': 12739, - 'init': 0, - 'link': 'http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.xmodem', - 'name': 'xmodem', - 'poly': 4129, - 'refin': False, - 'refout': False, - 'width': 16, - 'xorout': 0}} + 'xorout': 0}} diff --git a/pwnlib/util/misc.py b/pwnlib/util/misc.py index 84f0de6..7fbf479 100644 --- a/pwnlib/util/misc.py +++ b/pwnlib/util/misc.py @@ -229,7 +229,7 @@ def normalize_argv_env(argv, env, log, level=2): for k,v in env_items: if not isinstance(k, (bytes, six.text_type)): log.error('Environment keys must be strings: %r' % k) - if not isinstance(k, (bytes, six.text_type)): + if not isinstance(v, (bytes, six.text_type)): log.error('Environment values must be strings: %r=%r' % (k,v)) k = packing._need_bytes(k, level, 0x80) # ASCII text is okay v = packing._need_bytes(v, level, 0x80) # ASCII text is okay diff --git a/pwnlib/util/packing.py b/pwnlib/util/packing.py index 9af06bf..1565116 100644 --- a/pwnlib/util/packing.py +++ b/pwnlib/util/packing.py @@ -441,7 +441,7 @@ def make_packer(word_size = None, sign = None, **kwargs): def make_unpacker(word_size = None, endianness = None, sign = None, **kwargs): """make_unpacker(word_size = None, endianness = None, sign = None, **kwargs) -> str → number - Creates a unpacker by "freezing" the given arguments. + Creates an unpacker by "freezing" the given arguments. Semantically calling ``make_unpacker(w, e, s)(data)`` is equivalent to calling ``unpack(data, w, e, s)``. If word_size is one of 8, 16, 32 or 64, it is however @@ -836,7 +836,7 @@ def dd(dst, src, count = 0, skip = 0, seek = 0, truncate = False): values from offset `seek` in `src` to offset `skip` in `dst`. If `count` is 0, all of ``src[seek:]`` is copied. - If `dst` is a mutable type it will be updated. Otherwise a new instance of + If `dst` is a mutable type it will be updated. Otherwise, a new instance of the same type will be created. In either case the result is returned. `src` can be an iterable of characters or integers, a unicode string or a @@ -1035,6 +1035,9 @@ def _need_text(s, level=1): if isinstance(s, (str, six.text_type)): return s # already text + if not isinstance(s, (bytes, bytearray)): + return repr(s) + encoding = context.encoding errors = 'strict' if encoding == 'auto': diff --git a/pwnlib/util/proc.py b/pwnlib/util/proc.py index a2f81c3..895d8de 100644 --- a/pwnlib/util/proc.py +++ b/pwnlib/util/proc.py @@ -346,9 +346,9 @@ def wait_for_debugger(pid, debugger_pid=None): else: time.sleep(0.01) - if tracer(pid): - l.success() - elif debugger_pid == 0: - l.failure("debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)") - else: - l.failure('Debugger did not attach to pid %d within 15 seconds', pid) + if tracer(pid): + l.success() + elif debugger_pid == 0: + l.failure("debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)") + else: + l.failure('Debugger did not attach to pid %d within 15 seconds', pid) diff --git a/pwnlib/util/sh_string.py b/pwnlib/util/sh_string.py index d8334b0..00ddb81 100644 --- a/pwnlib/util/sh_string.py +++ b/pwnlib/util/sh_string.py @@ -231,11 +231,11 @@ BusyBox Shell and should therefore be compatible with ``dash``. -.. _Ubuntu Man Pages: http://manpages.ubuntu.com/manpages/trusty/man1/dash.1.html +.. _Ubuntu Man Pages: https://manpages.ubuntu.com/manpages/trusty/man1/dash.1.html .. _GNU Bash Manual: https://www.gnu.org/software/bash/manual/bash.html#Quoting -.. _Z Shell Manual: http://zsh.sourceforge.net/Doc/Release/Shell-Grammar.html#Quoting +.. _Z Shell Manual: https://zsh.sourceforge.io/Doc/Release/Shell-Grammar.html#Quoting .. _FreeBSD man pages: https://www.freebsd.org/cgi/man.cgi?query=sh -.. _OpenBSD Man Pages: http://man.openbsd.org/cgi-bin/man.cgi?query=sh#SHELL_GRAMMAR +.. _OpenBSD Man Pages: https://man.openbsd.org/sh#SHELL_GRAMMAR .. _BusyBox's Wikipedia page: https://en.wikipedia.org/wiki/BusyBox#Features """ from __future__ import absolute_import diff --git a/pwnlib/util/web.py b/pwnlib/util/web.py index 28e0893..7e98b67 100644 --- a/pwnlib/util/web.py +++ b/pwnlib/util/web.py @@ -25,7 +25,7 @@ def wget(url, save=None, timeout=5, **kwargs): Example: - >>> url = 'https://httpbin.org/robots.txt' + >>> url = 'https://httpbingo.org/robots.txt' >>> result = wget(url, timeout=60) >>> result b'User-agent: *\nDisallow: /deny\n' diff --git a/pwnlib/version.py b/pwnlib/version.py index 3161916..8e85738 100644 --- a/pwnlib/version.py +++ b/pwnlib/version.py @@ -1 +1 @@ -__version__ = '4.9.0' +__version__ = '4.10.0' @@ -89,7 +89,7 @@ setup( name = 'pwntools', python_requires = '>=2.7', packages = find_packages(), - version = '4.9.0', + version = '4.10.0', data_files = [('pwntools-doc', glob.glob('*.md') + glob.glob('*.txt')), ], diff --git a/travis/docker/10-import.py b/travis/docker/10-import.py new file mode 100644 index 0000000..20f34cb --- /dev/null +++ b/travis/docker/10-import.py @@ -0,0 +1,5 @@ +try: + from pwn import * +except Exception: + print("Could not import pwntools") +import os, re, sys, time, random, urllib, datetime, itertools, subprocess, multiprocessing diff --git a/travis/docker/Dockerfile b/travis/docker/Dockerfile index 685b45d..24dd606 100644 --- a/travis/docker/Dockerfile +++ b/travis/docker/Dockerfile @@ -1,5 +1,8 @@ FROM pwntools/pwntools:base +# Support sharing history with the develop Dockerfile +ENV HISTFILE=/home/pwntools/.history + # Uninstall existing versions of pwntools USER root RUN python -m pip uninstall -q -y pwntools \ @@ -23,8 +26,12 @@ RUN git clone https://github.com/Gallopsled/pwntools \ RUN python -m pip install --upgrade --requirement pwntools/docs/requirements.txt \ && python3 -m pip install --upgrade --requirement pwntools/docs/requirements.txt +# Python niceties for debugging +RUN python -m pip install -U ipython ipdb \ + && python3 -m pip install -U ipython ipdb + # Dependencies from .travis.yml addons -> apt -> packages -RUN sudo apt-get install -y \ +RUN sudo apt-get update && sudo apt-get install -y \ ash \ bash \ bash-static \ @@ -43,6 +50,7 @@ RUN sudo apt-get install -y \ qemu-user-static \ socat \ sshpass \ + vim \ zsh # Misc useful things when developing @@ -55,6 +63,25 @@ RUN sudo apt-get install -y \ unzip \ wget +# Use zsh by default +RUN sudo chsh -s /bin/zsh pwntools + +# Get and install prezto +RUN git clone --recursive https://github.com/sorin-ionescu/prezto.git .zprezto +RUN bash -c 'for file in .zprezto/runcoms/z*; do ln -s $file .$(basename $file); done' + +# Get and install pwndbg +RUN git clone --recursive https://github.com/pwndbg/pwndbg +RUN cd pwndbg && ./setup.sh + +# Install autocompletion +RUN ln -s /home/pwntools/pwntools/extra/zsh_completion/_pwn /home/pwntools/.zprezto/modules/completion/external/src + +# Install ipython profile and auto-import +RUN mkdir -p /home/pwntools/.ipython/profile_default/startup +ADD 10-import.py /home/pwntools/.ipython/profile_default/startup +ADD ipython_config.py /home/pwntools/.ipython/profile_default + # Do not require password for sudo RUN echo "pwntools ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/travis # Some additional debugging tools that are useful @@ -65,13 +92,6 @@ RUN python3 -m pip install ipdb USER root RUN apt-get -y install gdb gdbserver tmux gdb-multiarch -# Install pwndbg for debugging issues -USER pwntools -RUN git clone https://github.com/pwndbg/pwndbg.git -WORKDIR /home/pwntools/pwndbg -RUN ./setup.sh -RUN echo "source $PWD/gdbinit.py" | tee $HOME/.gdbinit - # Set up binfmt-misc mappings inside the VM USER root RUN mkdir /etc/qemu-binfmt diff --git a/travis/docker/Dockerfile.travis b/travis/docker/Dockerfile.travis index c2789c2..cc63f18 100644 --- a/travis/docker/Dockerfile.travis +++ b/travis/docker/Dockerfile.travis @@ -7,13 +7,6 @@ RUN python3 -m pip install ipdb USER root RUN apt-get -y install gdb gdbserver tmux gdb-multiarch -# Install pwndbg for debugging issues -USER pwntools -RUN git clone https://github.com/pwndbg/pwndbg.git -WORKDIR /home/pwntools/pwndbg -RUN ./setup.sh -RUN echo "source $PWD/gdbinit.py" | tee $HOME/.gdbinit - # Set up binfmt-misc mappings inside the VM USER root RUN mkdir /etc/qemu-binfmt diff --git a/travis/docker/Makefile b/travis/docker/Makefile index f8e9aa7..449ef38 100644 --- a/travis/docker/Makefile +++ b/travis/docker/Makefile @@ -4,6 +4,8 @@ $(shell reset) Dockerfile: FORCE cp $(ROOT)/extra/docker/develop/Dockerfile Dockerfile cat Dockerfile.travis >> Dockerfile + cp $(ROOT)/extra/docker/develop/10-import.py 10-import.py + cp $(ROOT)/extra/docker/develop/ipython_config.py ipython_config.py all: doctest3 diff --git a/travis/docker/ipython_config.py b/travis/docker/ipython_config.py new file mode 100644 index 0000000..1cf945d --- /dev/null +++ b/travis/docker/ipython_config.py @@ -0,0 +1,563 @@ +# Configuration file for ipython. + +c = get_config() + +#------------------------------------------------------------------------------ +# InteractiveShellApp configuration +#------------------------------------------------------------------------------ + +# A Mixin for applications that start InteractiveShell instances. +# +# Provides configurables for loading extensions and executing files as part of +# configuring a Shell environment. +# +# The following methods should be called by the :meth:`initialize` method of the +# subclass: +# +# - :meth:`init_path` +# - :meth:`init_shell` (to be implemented by the subclass) +# - :meth:`init_gui_pylab` +# - :meth:`init_extensions` +# - :meth:`init_code` + +# Execute the given command string. +# c.InteractiveShellApp.code_to_run = '' + +# Run the file referenced by the PYTHONSTARTUP environment variable at IPython +# startup. +# c.InteractiveShellApp.exec_PYTHONSTARTUP = True + +# lines of code to run at IPython startup. +c.InteractiveShell.confirm_exit = False +c.InteractiveShell.separate_in = '' +c.InteractiveShell.separate_out = '' +c.InteractiveShell.separate_out2 = '' + +# c.PromptManager.in_template = '>>> ' +# c.PromptManager.in2_template = '..: ' +# c.PromptManager.out_template = '' +# c.PromptManager.justify = False + +c.TerminalIPythonApp.display_banner = False + +from IPython.terminal.prompts import Prompts, Token + +class ClassicPrompts(Prompts): + def in_prompt_tokens(self, cli=None): + return [ + (Token.Prompt, '>>> '), + ] + + def continuation_prompt_tokens(self, cli=None, width=None): + return [ + (Token.Prompt, '... ') + ] + + def rewrite_prompt_tokens(self): + return [] + + def out_prompt_tokens(self): + return [] + +c.TerminalInteractiveShell.prompts_class = ClassicPrompts + +# Enable GUI event loop integration with any of ('glut', 'gtk', 'gtk3', 'none', +# 'osx', 'pyglet', 'qt', 'qt4', 'tk', 'wx'). +# c.InteractiveShellApp.gui = None + +# Pre-load matplotlib and numpy for interactive use, selecting a particular +# matplotlib backend and loop integration. +# c.InteractiveShellApp.pylab = None + +# Configure matplotlib for interactive use with the default matplotlib backend. +# c.InteractiveShellApp.matplotlib = None + +# If true, IPython will populate the user namespace with numpy, pylab, etc. and +# an ``import *`` is done from numpy and pylab, when using pylab mode. +# +# When False, pylab mode should not import any names into the user namespace. +# c.InteractiveShellApp.pylab_import_all = True + +# A list of dotted module names of IPython extensions to load. +# c.InteractiveShellApp.extensions = [] + +# Run the module as a script. +# c.InteractiveShellApp.module_to_run = '' + +# Should variables loaded at startup (by startup files, exec_lines, etc.) be +# hidden from tools like %who? +# c.InteractiveShellApp.hide_initial_ns = True + +# dotted module name of an IPython extension to load. +# c.InteractiveShellApp.extra_extension = '' + +# List of files to run at IPython startup. +# c.InteractiveShellApp.exec_files = [] + +# A file to be run +# c.InteractiveShellApp.file_to_run = '' + +#------------------------------------------------------------------------------ +# TerminalIPythonApp configuration +#------------------------------------------------------------------------------ + +# TerminalIPythonApp will inherit config from: BaseIPythonApplication, +# Application, InteractiveShellApp + +# Run the file referenced by the PYTHONSTARTUP environment variable at IPython +# startup. +# c.TerminalIPythonApp.exec_PYTHONSTARTUP = True + +# Pre-load matplotlib and numpy for interactive use, selecting a particular +# matplotlib backend and loop integration. +# c.TerminalIPythonApp.pylab = None + +# Create a massive crash report when IPython encounters what may be an internal +# error. The default is to append a short message to the usual traceback +# c.TerminalIPythonApp.verbose_crash = False + +# Run the module as a script. +# c.TerminalIPythonApp.module_to_run = '' + +# The date format used by logging formatters for %(asctime)s +# c.TerminalIPythonApp.log_datefmt = '%Y-%m-%d %H:%M:%S' + +# Whether to overwrite existing config files when copying +# c.TerminalIPythonApp.overwrite = False + +# Execute the given command string. +# c.TerminalIPythonApp.code_to_run = '' + +# Set the log level by value or name. +# c.TerminalIPythonApp.log_level = 30 + +# lines of code to run at IPython startup. +# c.TerminalIPythonApp.exec_lines = [] + +# Suppress warning messages about legacy config files +# c.TerminalIPythonApp.ignore_old_config = False + +# Path to an extra config file to load. +# +# If specified, load this config file in addition to any other IPython config. +# c.TerminalIPythonApp.extra_config_file = u'' + +# Should variables loaded at startup (by startup files, exec_lines, etc.) be +# hidden from tools like %who? +# c.TerminalIPythonApp.hide_initial_ns = True + +# dotted module name of an IPython extension to load. +# c.TerminalIPythonApp.extra_extension = '' + +# A file to be run +# c.TerminalIPythonApp.file_to_run = '' + +# The IPython profile to use. +# c.TerminalIPythonApp.profile = u'default' + +# Configure matplotlib for interactive use with the default matplotlib backend. +# c.TerminalIPythonApp.matplotlib = None + +# If a command or file is given via the command-line, e.g. 'ipython foo.py', +# start an interactive shell after executing the file or command. +# c.TerminalIPythonApp.force_interact = False + +# If true, IPython will populate the user namespace with numpy, pylab, etc. and +# an ``import *`` is done from numpy and pylab, when using pylab mode. +# +# When False, pylab mode should not import any names into the user namespace. +# c.TerminalIPythonApp.pylab_import_all = True + +# The name of the IPython directory. This directory is used for logging +# configuration (through profiles), history storage, etc. The default is usually +# $HOME/.ipython. This options can also be specified through the environment +# variable IPYTHONDIR. +# c.TerminalIPythonApp.ipython_dir = u'' + +# Whether to display a banner upon starting IPython. +# c.TerminalIPythonApp.display_banner = True + +# Whether to install the default config files into the profile dir. If a new +# profile is being created, and IPython contains config files for that profile, +# then they will be staged into the new directory. Otherwise, default config +# files will be automatically generated. +# c.TerminalIPythonApp.copy_config_files = False + +# List of files to run at IPython startup. +# c.TerminalIPythonApp.exec_files = [] + +# Enable GUI event loop integration with any of ('glut', 'gtk', 'gtk3', 'none', +# 'osx', 'pyglet', 'qt', 'qt4', 'tk', 'wx'). +# c.TerminalIPythonApp.gui = None + +# A list of dotted module names of IPython extensions to load. +# c.TerminalIPythonApp.extensions = [] + +# Start IPython quickly by skipping the loading of config files. +# c.TerminalIPythonApp.quick = False + +# The Logging format template +# c.TerminalIPythonApp.log_format = '[%(name)s]%(highlevel)s %(message)s' + +#------------------------------------------------------------------------------ +# TerminalInteractiveShell configuration +#------------------------------------------------------------------------------ + +# TerminalInteractiveShell will inherit config from: InteractiveShell + +# auto editing of files with syntax errors. +# c.TerminalInteractiveShell.autoedit_syntax = False + +# Use colors for displaying information about objects. Because this information +# is passed through a pager (like 'less'), and some pagers get confused with +# color codes, this capability can be turned off. +# c.TerminalInteractiveShell.color_info = True + +# A list of ast.NodeTransformer subclass instances, which will be applied to +# user input before code is run. +# c.TerminalInteractiveShell.ast_transformers = [] + +# +# c.TerminalInteractiveShell.history_length = 10000 + +# Don't call post-execute functions that have failed in the past. +# c.TerminalInteractiveShell.disable_failing_post_execute = False + +# Show rewritten input, e.g. for autocall. +# c.TerminalInteractiveShell.show_rewritten_input = True + +# Set the color scheme (NoColor, Linux, or LightBG). +# c.TerminalInteractiveShell.colors = 'Linux' + +# Autoindent IPython code entered interactively. +# c.TerminalInteractiveShell.autoindent = True + +# +# c.TerminalInteractiveShell.separate_in = '\n' + +# Deprecated, use PromptManager.in2_template +# c.TerminalInteractiveShell.prompt_in2 = ' .\\D.: ' + +# +# c.TerminalInteractiveShell.separate_out = '' + +# Deprecated, use PromptManager.in_template +# c.TerminalInteractiveShell.prompt_in1 = 'In [\\#]: ' + +# Make IPython automatically call any callable object even if you didn't type +# explicit parentheses. For example, 'str 43' becomes 'str(43)' automatically. +# The value can be '0' to disable the feature, '1' for 'smart' autocall, where +# it is not applied if there are no more arguments on the line, and '2' for +# 'full' autocall, where all callable objects are automatically called (even if +# no arguments are present). +# c.TerminalInteractiveShell.autocall = 0 + +# Number of lines of your screen, used to control printing of very long strings. +# Strings longer than this number of lines will be sent through a pager instead +# of directly printed. The default value for this is 0, which means IPython +# will auto-detect your screen size every time it needs to print certain +# potentially long strings (this doesn't change the behavior of the 'print' +# keyword, it's only triggered internally). If for some reason this isn't +# working well (it needs curses support), specify it yourself. Otherwise don't +# change the default. +# c.TerminalInteractiveShell.screen_length = 0 + +# Set the editor used by IPython (default to $EDITOR/vi/notepad). +# c.TerminalInteractiveShell.editor = u'nano' + +# Deprecated, use PromptManager.justify +# c.TerminalInteractiveShell.prompts_pad_left = True + +# The part of the banner to be printed before the profile +# c.TerminalInteractiveShell.banner1 = 'Python 2.7.6 (default, Apr 23 2014, 12:04:55) \nType "copyright", "credits" or "license" for more information.\n\nIPython 2.0.0 -- An enhanced Interactive Python.\n? -> Introduction and overview of IPython\'s features.\n%quickref -> Quick reference.\nhelp -> Python\'s own help system.\nobject? -> Details about \'object\', use \'object??\' for extra details.\n' + +# +# c.TerminalInteractiveShell.readline_parse_and_bind = ['tab: complete', '"\\C-l": clear-screen', 'set show-all-if-ambiguous on', '"\\C-o": tab-insert', '"\\C-r": reverse-search-history', '"\\C-s": forward-search-history', '"\\C-p": history-search-backward', '"\\C-n": history-search-forward', '"\\e[A": history-search-backward', '"\\e[B": history-search-forward', '"\\C-k": kill-line', '"\\C-u": unix-line-discard'] + +# The part of the banner to be printed after the profile +# c.TerminalInteractiveShell.banner2 = '' + +# +# c.TerminalInteractiveShell.separate_out2 = '' + +# +# c.TerminalInteractiveShell.wildcards_case_sensitive = True + +# +# c.TerminalInteractiveShell.debug = False + +# Set to confirm when you try to exit IPython with an EOF (Control-D in Unix, +# Control-Z/Enter in Windows). By typing 'exit' or 'quit', you can force a +# direct exit without any confirmation. +# c.TerminalInteractiveShell.confirm_exit = True + +# +# c.TerminalInteractiveShell.ipython_dir = '' + +# +# c.TerminalInteractiveShell.readline_remove_delims = '-/~' + +# Start logging to the default log file. +# c.TerminalInteractiveShell.logstart = False + +# The name of the logfile to use. +# c.TerminalInteractiveShell.logfile = '' + +# The shell program to be used for paging. +# c.TerminalInteractiveShell.pager = 'less' + +# Enable magic commands to be called without the leading %. +# c.TerminalInteractiveShell.automagic = True + +# Save multi-line entries as one entry in readline history +# c.TerminalInteractiveShell.multiline_history = True + +# +# c.TerminalInteractiveShell.readline_use = True + +# Enable deep (recursive) reloading by default. IPython can use the deep_reload +# module which reloads changes in modules recursively (it replaces the reload() +# function, so you don't need to change anything to use it). deep_reload() +# forces a full reload of modules whose code may have changed, which the default +# reload() function does not. When deep_reload is off, IPython will use the +# normal reload(), but deep_reload will still be available as dreload(). +# c.TerminalInteractiveShell.deep_reload = False + +# Start logging to the given file in append mode. +# c.TerminalInteractiveShell.logappend = '' + +# +# c.TerminalInteractiveShell.xmode = 'Context' + +# +# c.TerminalInteractiveShell.quiet = False + +# Enable auto setting the terminal title. +# c.TerminalInteractiveShell.term_title = False + +# +# c.TerminalInteractiveShell.object_info_string_level = 0 + +# Deprecated, use PromptManager.out_template +# c.TerminalInteractiveShell.prompt_out = 'Out[\\#]: ' + +# Set the size of the output cache. The default is 1000, you can change it +# permanently in your config file. Setting it to 0 completely disables the +# caching system, and the minimum value accepted is 20 (if you provide a value +# less than 20, it is reset to 0 and a warning is issued). This limit is +# defined because otherwise you'll spend more time re-flushing a too small cache +# than working +# c.TerminalInteractiveShell.cache_size = 1000 + +# 'all', 'last', 'last_expr' or 'none', specifying which nodes should be run +# interactively (displaying output from expressions). +# c.TerminalInteractiveShell.ast_node_interactivity = 'last_expr' + +# Automatically call the pdb debugger after every exception. +# c.TerminalInteractiveShell.pdb = False + +#------------------------------------------------------------------------------ +# PromptManager configuration +#------------------------------------------------------------------------------ + +# This is the primary interface for producing IPython's prompts. + +# Output prompt. '\#' will be transformed to the prompt number +# c.PromptManager.out_template = 'Out[\\#]: ' + +# Continuation prompt. +# c.PromptManager.in2_template = ' .\\D.: ' + +# If True (default), each prompt will be right-aligned with the preceding one. +# c.PromptManager.justify = True + +# Input prompt. '\#' will be transformed to the prompt number +# c.PromptManager.in_template = 'In [\\#]: ' + +# +# c.PromptManager.color_scheme = 'Linux' + +#------------------------------------------------------------------------------ +# HistoryManager configuration +#------------------------------------------------------------------------------ + +# A class to organize all history-related functionality in one place. + +# HistoryManager will inherit config from: HistoryAccessor + +# Should the history database include output? (default: no) +# c.HistoryManager.db_log_output = False + +# Write to database every x commands (higher values save disk access & power). +# Values of 1 or less effectively disable caching. +# c.HistoryManager.db_cache_size = 0 + +# Path to file to use for SQLite history database. +# +# By default, IPython will put the history database in the IPython profile +# directory. If you would rather share one history among profiles, you can set +# this value in each, so that they are consistent. +# +# Due to an issue with fcntl, SQLite is known to misbehave on some NFS mounts. +# If you see IPython hanging, try setting this to something on a local disk, +# e.g:: +# +# ipython --HistoryManager.hist_file=/tmp/ipython_hist.sqlite +# c.HistoryManager.hist_file = u'' + +# Options for configuring the SQLite connection +# +# These options are passed as keyword args to sqlite3.connect when establishing +# database conenctions. +# c.HistoryManager.connection_options = {} + +# enable the SQLite history +# +# set enabled=False to disable the SQLite history, in which case there will be +# no stored history, no SQLite connection, and no background saving thread. +# This may be necessary in some threaded environments where IPython is embedded. +# c.HistoryManager.enabled = True + +#------------------------------------------------------------------------------ +# ProfileDir configuration +#------------------------------------------------------------------------------ + +# An object to manage the profile directory and its resources. +# +# The profile directory is used by all IPython applications, to manage +# configuration, logging and security. +# +# This object knows how to find, create and manage these directories. This +# should be used by any code that wants to handle profiles. + +# Set the profile location directly. This overrides the logic used by the +# `profile` option. +# c.ProfileDir.location = u'' + +#------------------------------------------------------------------------------ +# PlainTextFormatter configuration +#------------------------------------------------------------------------------ + +# The default pretty-printer. +# +# This uses :mod:`IPython.lib.pretty` to compute the format data of the object. +# If the object cannot be pretty printed, :func:`repr` is used. See the +# documentation of :mod:`IPython.lib.pretty` for details on how to write pretty +# printers. Here is a simple example:: +# +# def dtype_pprinter(obj, p, cycle): +# if cycle: +# return p.text('dtype(...)') +# if hasattr(obj, 'fields'): +# if obj.fields is None: +# p.text(repr(obj)) +# else: +# p.begin_group(7, 'dtype([') +# for i, field in enumerate(obj.descr): +# if i > 0: +# p.text(',') +# p.breakable() +# p.pretty(field) +# p.end_group(7, '])') + +# PlainTextFormatter will inherit config from: BaseFormatter + +# +# c.PlainTextFormatter.type_printers = {} + +# +# c.PlainTextFormatter.newline = '\n' + +# +# c.PlainTextFormatter.float_precision = '' + +# +# c.PlainTextFormatter.verbose = False + +# +# c.PlainTextFormatter.deferred_printers = {} + +# +# c.PlainTextFormatter.pprint = True + +# +# c.PlainTextFormatter.max_width = 79 + +# +# c.PlainTextFormatter.singleton_printers = {} + +#------------------------------------------------------------------------------ +# IPCompleter configuration +#------------------------------------------------------------------------------ + +# Extension of the completer class with IPython-specific features + +# IPCompleter will inherit config from: Completer + +# Instruct the completer to omit private method names +# +# Specifically, when completing on ``object.<tab>``. +# +# When 2 [default]: all names that start with '_' will be excluded. +# +# When 1: all 'magic' names (``__foo__``) will be excluded. +# +# When 0: nothing will be excluded. +# c.IPCompleter.omit__names = 2 + +# Whether to merge completion results into a single list +# +# If False, only the completion results from the first non-empty completer will +# be returned. +# c.IPCompleter.merge_completions = True + +# Instruct the completer to use __all__ for the completion +# +# Specifically, when completing on ``object.<tab>``. +# +# When True: only those names in obj.__all__ will be included. +# +# When False [default]: the __all__ attribute is ignored +# c.IPCompleter.limit_to__all__ = False + +# Activate greedy completion +# +# This will enable completion on elements of lists, results of function calls, +# etc., but can be unsafe because the code is actually evaluated on TAB. +# c.IPCompleter.greedy = False + +#------------------------------------------------------------------------------ +# ScriptMagics configuration +#------------------------------------------------------------------------------ + +# Magics for talking to scripts +# +# This defines a base `%%script` cell magic for running a cell with a program in +# a subprocess, and registers a few top-level magics that call %%script with +# common interpreters. + +# Extra script cell magics to define +# +# This generates simple wrappers of `%%script foo` as `%%foo`. +# +# If you want to add script magics that aren't on your path, specify them in +# script_paths +# c.ScriptMagics.script_magics = [] + +# Dict mapping short 'ruby' names to full paths, such as '/opt/secret/bin/ruby' +# +# Only necessary for items in script_magics where the default path will not find +# the right interpreter. +# c.ScriptMagics.script_paths = {} + +#------------------------------------------------------------------------------ +# StoreMagics configuration +#------------------------------------------------------------------------------ + +# Lightweight persistence for python variables. +# +# Provides the %store magic. + +# If True, any %store-d variables will be automatically restored when IPython +# starts. +# c.StoreMagics.autorestore = False |