angrgdb: Use angr inside GDB

angrgdb

Use angr inside GDB. Create an angr state from the current debugger state.

Install

pip install angrgdb
echo "python import angrgdb.commands" >> ~/.gdbinit

Usage

angrgdb implements the angrdbg API in GDB.

You can use it in scripts like this:

from angrgdb import *



gdb.execute("b *0x004005f9")

gdb.execute("r aaaaaaaa")



sm = StateManager()

sm.sim(sm["rax"], 100)



m = sm.simulation_manager()

m.explore(find=0x00400607, avoid=0x00400613)



sm.to_dbg(m.found[0]) #write input to GDB



gdb.execute("x/s $rax")

#0x7fffffffe768:	"ais3{I_tak3_g00d_n0t3s}"

gdb.execute("c")

#Correct! that is the secret key!

You can also use angrgdb commands directly in GDB for simple stuff:

• angrgdb sim <register name> [size] Symbolize a register
• angrgdb sim <address> [size] Symbolize a memory area
• angrgdb list List all items that you set as symbolic
• angrgdb find <address0> <address1> ... <addressN> Set the list of find targets
• angrgdb avoid <address0> <address1> ... <addressN> Set the list of avoiding targets
• angrgdb reset Reset the context (symbolic values and targets)
• angrgdb run Generate a state from the debugger state and run the exploration
• angrgdb shell Open a shell with a StateManager instance created from the current GDB state
• angrgdb interactive Generate a state from the debugger state and explore by hand using a modified version of angr-cli

An example crackme solve using angrgdb+GEF+idb2gdb:

Loading scripts in GDB

This is a tip if you don’t want to use angrgdb from the cli but you want to use a python script. To load a script in GDB use source script.py.

Copyright (c) 2018, Andrea Fioraldi
All rights reserved.

Source: https://github.com/andreafioraldi/