manticore v0.2.5 releases: Dynamic binary analysis tool

Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation.

Features

  • Input Generation: automatically generates inputs that trigger unique code paths
  • Crash Discovery: discovers inputs that crash programs via memory safety violations
  • Execution Tracing: records an instruction-level trace of execution for each generated input
  • Programmatic Interface: exposes programmatic access to its analysis engine via a Python API

Manticore supports binaries of the following formats, operating systems, and architectures. It has been primarily used on binaries compiled from C and C++. Examples of practical manticore usage are also on github.

  • OS/Formats: Linux ELF, Windows Minidump
  • Architectures: x86, x86_64, ARMv7 (partial)

Changelog

0.2.5 – 2019-03-18

Ethereum

  • [added API] json_create_contract – support creating EVM contracts from Truffle JSON artifacts (#1376)
  • [changed API] Moved default gas value to config module (#1346)
  • [fixed API] Fixed account creation with a code field (#1371)
  • [fixed API] Fixed an incorrect attribute in last_return (#1341)
  • [refactor] Inlined get_possible solutions function as it’s only used once (#1372)
  • Fixed _check_jumpdest when run with detectors – this bug could lead to not detecting an int overflow due to tainting made by another detector (#1347)
  • Made findings print addresses in hex (#1339)

Native

  • [added API] Added Unicorn preloading, for quickly performing concrete emulation until a target address is reached. (#1356)
  • Fixed incorrect return value in sys_lseek (#1355)
  • Added check for missing native packages (#1367)

Other

  • [added API] Added context managers for the config module, allowing for temporary configurations (#1345)
  • Updated Capstone to 4.0.1 (#1312)
  • Embedded parsetab.py so users no longer need to generate it (#1383)

Installation

# Install system dependencies

sudo apt-get update && sudo apt-get install z3 python-pip -y
python -m pip install -U pip

# Install manticore and its dependencies

git clone https://github.com/trailofbits/manticore.git && cd manticore
sudo pip install .

# Build the examples

cd examples/linux
make

# Use the Manticore CLI

manticore basic
cat mcore_*/*1.stdin | ./basic
cat mcore_*/*2.stdin | ./basic

# Use the Manticore API

cd ../script
python count_instructions.py ../linux/helloworld

Usage

$ manticore ./path/to/binary # runs, and creates a mcore_* directory with analysis results

Tutorial

Demo

Copyright (C) 2018 trailofbits

Source: https://github.com/trailofbits/

Share