JungHyun Kim

Update README.md

Showing 1 changed file with 8 additions and 11 deletions
......@@ -10,23 +10,20 @@
## Usage
1. Analyze the given firmware:
```python3 m0-angr.py --type a --name firm.bin```
It generates the followings:
1. Analyze the given firmware. It generates the followings:
+ `api.txt`: It contains the list of restored APIs.
+ `cfg.txt`: It contains the restored Control-Flow Graph in the form of disassembly.
+ `vuln.txt`: It contains the list of found vulnerabilities.
2. Generate exploitable payloads:
```python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}} ```
```
python3 m0-angr.py --type a --name firm.bin
```
2. Generate exploitable payloads.
+ `{{vuln_offset}}`: The offset where vulnerable codes are located(listed in the generated `vuln.txt`).
+ `{{dest_offset}}`: The offset to jump into. It must be of the prologue in a function.
+ `{{ret_offset}}`: The offset to go back to after its first step of ROP ends.
```
python3 m0-angr.py --type g --name firm.bin --out payload.bin --code {{vuln_offset}} --dest {{dest_offset}} --ret {{ret_offset}}
```
3. Enjoy~.
## Requirements
......