-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinject.py
49 lines (40 loc) · 1.81 KB
/
inject.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env python2
import angr
import archinfo
print''
print ''
print '######## ######## #### ######## ####### ## ## '
print ' ## ## ## ## ## ## ## ### ## '
print ' ## ## ## ## ## ## ## #### ## '
print ' ## ######## ## ## ## ## ## ## ## '
print ' ## ## ## ## ## ## ## ## #### '
print ' ## ## ## ## ## ## ## ## ### '
print ' ## ## ## #### ## ####### ## ## '
print ' ###### ## ## ## ## ######## ####### ## #### ###### '
print '## ## ## ## ### ### ## ## ## ## ## ## ## ## '
print '## #### #### #### ## ## ## ## ## ## ## '
print ' ###### ## ## ### ## ######## ## ## ## ## ## '
print ' ## ## ## ## ## ## ## ## ## ## ## '
print '## ## ## ## ## ## ## ## ## ## ## ## ## '
print ' ###### ## ## ## ######## ####### ######## #### ###### '
print ''
print ''
print('\x1b[6;30;42m' + '..:: TRITON Symbolic by Ali Abbasi ::..' + '\x1b[0m')
proj = angr.Project("../bin/inject.bin", load_options={
'main_opts':{
'backend': 'blob',
'custom_arch': archinfo.arch_ppc32.ArchPPC32(endness="Iend_BE"),
}
})
def hook(s):
pass
# hook mtspr instructions
proj.hook(0x77c, hook, length=4)
proj.hook(0x784, hook, length=4)
# hook external functions
proj.hook(0x818, hook, length=4) # 0xc20
s = proj.factory.blank_state(addr=0x3e4)
s.options.add(angr.options.BYPASS_UNSUPPORTED_SYSCALL)
simgr = proj.factory.simgr(s)
#r = simgr.explore(find=0x674)
r = simgr.explore(find=0x63c)