Toggle navigation
Toggle navigation
This project
Loading...
Sign in
2021-1-capstone-design2
/
2015104162
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Pipelines
Graphs
Issues
0
Merge Requests
0
Wiki
Snippets
Network
Create a new issue
Builds
Commits
Issue Boards
Authored by
JungHyun Kim
2021-06-10 11:28:37 +0900
Browse Files
Options
Browse Files
Download
Email Patches
Plain Diff
Commit
42606687cc544c2f6978dec5c93f2d7e74216a20
42606687
1 parent
afb61f36
Update README.md
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
8 additions
and
11 deletions
README.md
README.md
View file @
4260668
...
...
@@ -10,23 +10,20 @@
## Usage
1.
Analyze the given firmware:
```python3 m0-angr.py --type a --name firm.bin```
It generates the followings:
1.
Analyze the given firmware. It generates the followings:
+
`api.txt`
: It contains the list of restored APIs.
+
`cfg.txt`
: It contains the restored Control-Flow Graph in the form of disassembly.
+
`vuln.txt`
: It contains the list of found vulnerabilities.
2.
Generate exploitable payloads:
```python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}} ```
```
python3 m0-angr.py --type a --name firm.bin
```
2.
Generate exploitable payloads.
+
`{{vuln_offset}}`
: The offset where vulnerable codes are located(listed in the generated
`vuln.txt`
).
+
`{{dest_offset}}`
: The offset to jump into. It must be of the prologue in a function.
+
`{{ret_offset}}`
: The offset to go back to after its first step of ROP ends.
```
python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}}
```
3.
Enjoy~.
## Requirements
...
...
Please
register
or
login
to post a comment