Jay Taylor's notes
back to listing indexangr/angr
[web search]
Original source (github.com)
Clipped on: 2018-05-20
A powerful and user-friendly binary analysis platform!
http://angr.io
Python
C++
Other
Latest commit
9cbaf1c
3 days ago
| angr | we need some sort of solution for linting these simprocedures which b… | 19 hours ago | |
| native | Here's a thought: what if I tested the code I pushed | a month ago | |
| tests | Add test for structs in memory view | 19 hours ago | |
| .gitignore | Make native build compile in debug mode on windows | 9 months ago | |
| .gitlab-ci.yml | [ci skip] new docker hierarchy | 2 years ago | |
| .travis.yml | slack integration | 7 months ago | |
| Dockerfile | transition | 8 months ago | |
| LICENSE | Add standard BSD license | 2 years ago | |
| MANIFEST.in | We're working on it. surveyor explorer works, I think? not sure how t… | 11 months ago | |
| README.md | example | a year ago | |
| appveyor.yml | update testing paths | a year ago | |
| requirements.txt | Pin pycparser version | 25 days ago | |
| setup.py | Pin pycparser version | 25 days ago |
README.md
angr
angr is a platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
What?
angr is a suite of python libraries that let you load a binary and do a lot of cool things to it:
- Disassembly and intermediate-representation lifting
- Program instrumentation
- Symbolic execution
- Control-flow analysis
- Data-dependency analysis
- Value-set analysis (VSA)
The most common angr operation is loading a binary: p = angr.Project('/bin/bash') If you do this in IPython, you can use tab-autocomplete to browse the top-level-accessible methods and their docstrings.
The short version of "how to install angr" is mkvirtualenv angr && pip install angr.
Example
angr does a lot of binary analysis stuff. To get you started, here's a simple example of using symbolic execution to get a flag in a CTF challenge.
import angr project = angr.Project("angr-doc/examples/defcamp_r100/r100", auto_load_libs=False) @project.hook(0x400844) def print_flag(state): print "FLAG SHOULD BE:", state.posix.dump_fd(0) project.terminate_execution() project.execute()
Quick Start
- Install Instructions
- Documentation as HTML and as a Github repository
- Dive right in: top-level-accessible methods
- Examples using angr to solve CTF challenges.
- API Reference
Press h to open a hovercard with more details.