| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Rename all affected files, references to file paths, and module imports
within the code. Since this line of development represents a fork from
the original sploit, a name change is seen as necessary to distinguish
the projects, as well as allow them to be installed side by side.
What does the "n" mean? Great question! You can think of it as meaning
"new sploit" if you want, though that's not quite intended. The name is
simply distinct and easy to pronounce. I had originally settled on
"msploit" (something along the lines of "Malf's sploit"), but this name
is too close to "metasploit" for me - and N is right next to it on the
keyboard.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Adds a ROP-enabled payload builder under the builder namespace. Much of
the behavior is parameterized by the active arch, so several new columns
are added to the Arch class.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
You can now lookup a predefined Arch based on a tuple of arch_string
(returned by r2 iI), wordsize, and endianness.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Also added a DEFAULT_ARCH constant.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Also check type when setting arch.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Sometimes we might be working on an object that can be treated as an
int, but python won't automatically type coerce. For example, grabbing a
nested symtbl and passing it in here expecting it to resolve to a type
conversion of its base offset.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
The built in int's to_bytes and from_bytes functions have some weird
behavior with the signed parameter. Rather than expecting the user to
properly give btoi/itob the right signed value to pass through to
to_bytes/from_btyes, it makes more sense to just always convert an
unsigned number. Using the new int conversions, this can always be
unambiguous with respect to the width of the int.
There may also be situations where a user would like to truncate/sign
extend an int to a certain length other than the configured architecture
wordsize or convert to a different endianness. These are now
parameterized. There is no need to parameterize the width for btoi
because you will now always get an unsigned int back (and because of
python, the width is ambiguous). The user can convert it to whatever
width/sign they want after the fact with the new int conversion methods.
This also means that payload's int() does not need to take a signed
argument either. Whatever sign of int you give it, when it calls itob,
it will get the correct bytearray at the width of the configured
architecture's wordsize.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Reviewed-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Reviewed-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Reviewed-by: Malfurious <m@lfurio.us>
|
|
Python's dataclass annotation gives us a nice way to cleanly and
concisely define our list of supported architectures similar to namedtuple.
Unlike namedtuple, though, dataclass gives us an actual class that is
significantly more feature rich and even allows us to add functionality.
In general, these are meant to be like const records of info about an
architecture, so we use frozen=True to enforce some const correctness.
There were some issues when involving other classes for the ActiveArch
feature (subclassing and composition both had their respective issues),
so I'm removing __ActiveArch__ and putting a set() method directly on
Arch. This method will copy a given Arch into the self object. This
technically breaks const correctness as this does modify the object, but
it is intended to only be used on a single sentinel Arch that represents
the active arch. This arch is initialized with x86_64 by default.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Reviewed-by: Malfurious <m@lfurio.us>
|
|
Add a layer of indirection to access the active arch config.
Currently when importing sploit.arch.arch, the name will be bound to
whatever the current reference is and won't follow if another module
(user script) updates the reference in sploit.arch. A layer of
indirection seemlessly solves that issue and also provides a cleaner
interface for setting the active arch from the user script.
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
This _should_ be accurate for ARMv7-a at least (including thumb mode).
We might want to later include ARMv8 details, which would primarily
include a 64-bit profile - I just don't have the details at the moment.
A namedtuple is now used as the implementation of type 'Arch', which
allows the definitions to be much more compact and table-like,
aiding readability.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This was the name I had originally intended to use while factoring
architecture details out to the global scope. It's not terribly
different, but I feel the new context warrants some additional clarity.
Signed-off-by: Malfurious <m@lfurio.us>
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
|
Add Arch class which specifies wordsize, endianness, alignment, and a
nop code for an architecture.
Add a couple predefined architectures for x86 and x86_64
Add a "configured" architecture which is set to x86_64 by default.
Added btoi and itob functions which will convert to and from bytes and
ints based on the current architecture config
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
|
