A collection of resources/tools and analyses for the angr binary analysis framework.

Overview

Awesome angr Awesome

A collection of resources/tools and analyses for the angr binary analysis framework. This page does not only collect links and external resources, but its meant to be an harbour to release any non-official extensions/tool/utils that can be useful when working with angr.

ExplorationTechniques 📁

A collection of exploration techniques written by the community

  • SimgrViz: an exploration technique that collects information regarding the states generated by the SimulationManager and creates a graph that can be later visualized to debug the analyses (.dot file).
  • MemLimiter: an exploration technique to stop the analysis when memory consumption is too high!
  • ExplosionDetector: stop the analysis when there are too many states or other critical errors happen.
  • KLEECoverageOptimizeSearch: KLEE technique to improve coverage.
  • KLEERandomSearch: an ET for random path selection.
  • LoopExhaustion: a loop exhaustion search strategy.
  • StochasticSearch: an ET for stocastic search of active states.
  • HeartBeat: An exploration technique to make sure symbolic execution is alive and provides some utility to gently hijack into the DSE while it is running.

Documentation 📖

Projects 🚀

List of academic/not-acadamic projects based on angr which code is open source.

  • Heaphopper - Apply symbolic execution to automatically verify security properties of most common heap libraries.
  • angr-cli - Command line interface for angr a la peda/GEF/pwndbg.
  • Syml - Use ML to prioritize exploration of promising vulnerable paths.
  • Angrop - Generate ropchains using angr and symbolic execution.
  • Angr-management - GUI for angr.
  • Mechaphish - AEG system for CGC.
  • angr-static-analysis-for-vuzzer64 - angr-based static analysis module for Vuzzer.
  • FirmXRay-angr - An angr version of the base address detection analysis implemented in FirmXRay.
  • IVTSpotter - An IVT Spotter for monolithic ARM firmware images.
  • MemSight - Rethinking Pointer Reasoning in Symbolic Execution.
  • Karonte - Detecting Insecure Multi-binary Interactions in Embedded Firmware.

Blogposts 📰

Papers 📃

Here a collection of papers which used or whose project is based on the angr framework.

Year Paper
2021 SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly But Were Afraid to Ask
2021 SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning
2021 DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
2021 Boosting symbolic execution via constraint solving time prediction (experience paper)
2020 DICE: Automatic Emulation of DMA Input Channels for Dynamic Firmware Analysis
2020 Towards Constant-Time Foundations for the New Spectre Era
2020 Symbion: Interleaving Symbolic with Concrete Execution
2020 KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware
2020 Device-agnostic Firmware Execution is Possible: A Concolic Execution Approach for Peripheral Emulation
2020 KOOBE: Towards Facilitating Exploit Generation of Kernel Out-Of-Bounds Write Vulnerabilities
2019 BinTrimmer: Towards Static Binary Debloating Through Abstract Interpretation
2019 Sleak: Automating Address Space Layout Derandomization
2018 HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security
2017 Rethinking Pointer Reasoning in Symbolic Execution
2017 Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits
2017 BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments
2017 Ramblr: Making Reassembly Great Again
2017 BootStomp: On the Security of Bootloaders in Mobile Devices
2017 Piston: Uncooperative Remote Runtime Patching
2016 SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis
2016 Driller: Augmenting Fuzzing Through Selective Symbolic Execution
2015 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
You might also like...
A simple and easy to use collection of random python functions.

A simple and easy to use collection of random python functions.

A collection of common regular expressions bundled with an easy to use interface.

CommonRegex Find all times, dates, links, phone numbers, emails, ip addresses, prices, hex colors, and credit card numbers in a string. We did the har

Finds price floor for every single attribute in a given collection

Solana Solanart Scanner Enjoy the Free Code Steps to run Download VS Code

Simple collection of GTPS Flood in Python.

GTPS Flood Simple collection of GTPS Flood in Python. NOTE Give me credit if you use this source, don't trade/sell this tool, And USE AT YOUR OWN RISK

A collection of custom scripts for working with Quake assets.

Custom Quake Tools A collection of custom scripts for working with Quake assets. Features Script to list all BSP files in a Quake mod

Collection of code auto-generation utility scripts for the Horizon `Boot` system module

boot-scripts This is a collection of code auto-generation utility scripts for the Horizon Boot system module, intended for use in Atmosphère. Usage Us

Airspy-Utils is a small software collection to help with firmware related operations on Airspy HF+ devices.

Airspy-Utils Airspy-Utils is a small software collection to help with firmware related operations on Airspy HF+ devices on Linux (and other free syste

A collection of utility functions to prototype geometry processing research in python

gpytoolbox This repo is a work in progress and contains general utility functions I have needed to code while trying to work on geometry process resea

osqueryIR is an artifact collection tool for Linux systems.
osqueryIR is an artifact collection tool for Linux systems.

osqueryIR osqueryIR is an artifact collection tool for Linux systems. It provides the following capabilities: Execute osquery SQL queries Collect file

Comments
  • papers refering angr or VEXIR(but might not popular)

    papers refering angr or VEXIR(but might not popular)

    2019.(SC2NRF)State Consistency Checking for Non-reentrant Function Based on Taint Assisted Symbol Execution 2018.VMPBL: Identifying Vulnerable Functions Based on Machine Learning Combining Patched Information and Binary Comparison Technique by LCS 2015.(Multi-MH)Cross-architecture bug search in binary executables 2020.(SimTA)Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution 2021.(EmTaint)Finding Taint-Style Vulnerabilities in Linux-based Embedded Firmware with SSE-based Alias Analysis 2019.FIoT: Detecting the Memory Corruption in Lightweight IoT Device Firmware 2020.Towards Learning Representations of Binary Executable Files for Security Tasks 2019.CryptoREX: Large-scale Analysis of Cryptographic Misuse in IoT Devices 2016.(MockingBird)Cross-architecture binary semantics understanding via similar code comparison 2017.(CACompare)Binary code clone detection across architectures and compiling configurations 2018.FirmUp: Precise static detection of common vulnerabilities in firmware 2018.(Zeek)Binary Similarity Detection Using Machine Learning 2019.(GeneDiff)Semantic-based representation binary clone detection for cross-architectures in the internet of things 2019.(BinSeeker)Semantic Learning and Emulation Based Cross-platform Binary Vulnerability Seeker 2018.BinMatch: A Semantics-based Hybrid Approach on Binary Code Clone Analysis 2021.Implementing a high-efficiency similarity analysis approach for firmware code 2021.QuickBCC: Quick and Scalable Binary Vulnerable Code Clone Detection 2018.(BinAuthor)On Leveraging Coding Habits for Effective Binary Authorship Attribution 2020.A Novel Concolic Execution Approach on Embedded Device 2020.(Symba)Techniques for Malware Analysis based on Symbolic Execution 2017.Assisting malware analysis with symbolic execution: A case study 2018.Bintaint: A Static Taint Analysis Method for Binary Vulnerability Mining 2020.VYPER: Vulnerability detection in binary code 2016.(WatSym)Combining static analysis and targeted symbolic execution for scalable bug-finding in application binaries 2019.(Gerbil)Identifying Privilege Separation Vulnerabilities in IoT Firmware with Symbolic Execution 2016.A lightweight method for accelerating discovery of taint-style vulnerabilities in embedded systems 2020.CPA: Accurate Cross-Platform Binary Authorship Characterization Using LDA 2019.On Preventing Symbolic Execution Attacks by Low Cost Obfuscation 2020.Symbolic Execution and Debugging Synchronization 2020.(angr-shape)A Shape-inference-based Approach to Enhance Constraint Independence Optimization

    opened by xrkk 0
Owner
null
Tools for binary data on cassette

Micro Manchester Tape Storage Tools for storing binary data on cassette Includes: Python script for encoding Arduino sketch for decoding Eagle CAD fil

Zack Nelson 28 Dec 25, 2022
Let's renew the puzzle collection. We'll produce a collection of new puzzles out of the lichess game database.

Let's renew the puzzle collection. We'll produce a collection of new puzzles out of the lichess game database.

Thibault Duplessis 96 Jan 3, 2023
MongoDB utility to inflate the contents of small collection to a new larger collection

MongoDB Data Inflater ("data-inflater") The data-inflater tool is a MongoDB utility to automate the creation of a new large database collection using

Paul Done 3 Nov 28, 2021
A python program to find binary, octal and hexadecimal of a decimal.

decimal-converter This little python program can convert a decimal in to, Binary Octal Hexadecimal Needed Python 3 or later or a online python compile

Chandula Janith 0 Nov 27, 2021
A Python package for floating-point binary fractions. Do math in base 2!

An implementation of a floating-point binary fractions class and module in Python. Work with binary fractions and binary floats with ease!

null 10 Oct 29, 2022
Creates a C array from a hex-string or a stream of binary data.

hex2array-c Creates a C array from a hex-string. Usage Usage: python3 hex2array_c.py HEX_STRING [-h|--help] Use '-' to read the hex string from STDIN.

John Doe 3 Nov 24, 2022
Finger is a function symbol recognition engine for binary programs

Finger is a function symbol recognition engine for binary programs

null 332 Jan 1, 2023
🌲 A simple BST (Binary Search Tree) generator written in python

Tree-Traversals (BST) ?? A simple BST (Binary Search Tree) generator written in python Installation Use the package manager pip to install BST. Usage

Jan Kupczyk 1 Dec 12, 2021
Modest utility collection for development with AIOHTTP framework.

aiohttp-things Modest utility collection for development with AIOHTTP framework. Documentation https://aiohttp-things.readthedocs.io Installation Inst

Ruslan Ilyasovich Gilfanov 0 Dec 11, 2022
Cleaning-utils - a collection of small Python functions and classes which make cleaning pipelines shorter and easier

cleaning-utils [] [] [] cleaning-utils is a collection of small Python functions

null 4 Aug 31, 2022