开源软件 功能梳理
1.Catena - SQL on a blockchain
Catena is a distributed database based on a blockchain, accessible using SQL. Catena timestamps database transactions (SQL) in a decentralized way between nodes that do not or cannot trust each other, while enforcing modification permissions ('grants') that were agreed upon earlier.
项目地址:https://github.com/pixelspark/catena
2. DynamoRIO
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64/ARM instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows, Linux, or Android) and commodity IA-32, AMD64, and ARM hardware. Mac OSX support is in progress.
DynamoRIO是一个动态测试工具平台,不过好多网友都称之为二进制插桩平台,它支持程序在执行时任何部分代码的转换。DynamoRIO导出用于构建动态工具的接口,以实现各种用途:程序分析和理解,分析,检测,优化,转变等。DynamoRIO不限于插入callouts/trampolines,并且允许通过强大的IA-32/AMD64/ARM/AArch64指令操作库任意修改应用程序指令。DynamoRIO可以对在常见操作系统(Windows,Linux或Android)以及IA-32、AMD64、ARM和AArch64硬件产品上运行未经修改的应用程序提供高效、透明和全面的操作。
可能用得着代码覆盖测试比较有意思对破解挺有用drrun.exe -t drcov -- bin.exe
配上ida的Lighthouse插件
项目地址:https://github.com/DynamoRIO/dynamorio
3. 宇宙最强Fuzzing工具AFL
一直以来都很崇拜能够挖到漏洞的大牛,尤其是系统底层漏洞或者二进制软件漏洞。一直想在这方面进行一点深入的研究,苦于自己能力有限,加上时有懒惰,因此一直没有什么进展。最近,刚好听了一些报告,也和在工业界的同学交流,了解了一款宇宙最前的模糊测试工具AFL(America Fuzzing Loop),一看名字挺像美国佬搞的,简单调研了一下,没找到出处,不再深入追究。既然是号称宇宙最前的Fuzzing测试工具,是否可以助我等小辈一臂之力呢?抱着无限期望,遂准备捣鼓一番。
AFL对文件格式,协议类型的测试比较有效
项目地址: AFL: http://lcamtuf.coredump.cx/afl/ winAFL:https://github.com/ivanfratric/winafl
使用说明:
1.afl只需要指定编译器为afl-clang,afl-clang++, afl-gcc或者afl-g++,使用afl编译器编译产生需要fuzz测试的可执行程序,比如为a.out。2.使用比较简单,afl比较智能,她需要提供一个输入的测试用例,后面会自动扩充测试用例以覆盖更多的代码,从而找增加找到更多bug的概率, 比如测试readelf的命令:afl-fuzz -i 用户提供的输入文件afl_in -o 输出结果的文件afl_out ./binutils/readelf -a @@
注意:afl-fuzz只能操作文件,对于内存中要fuzz的数据需要先保存到文件,才能使用afl
4.在线绘图工具
UML时序图 https://www.websequencediagrams.com/
https://www.processon.com/diagraming/5b5a8d81e4b08d36229225c5
5.抓包工具fiddler