Deflat.py removal tool installed and used to control the flow planarization

Deflat.py removal tool installed and used to control the flow planarization

Just for the record, it seems to have expired. . . . . . too difficult

Installation Accessories

Installation virtualenvwrapper

• First of all you want to install virtualenvand virtualenvwrapper:

  #安装virtualenv
  pip install virtualenv
  
  #安装virtualenvwrapper
  pip install virtualenvwrapper

• After installation, configure the environment variables

  export WORKON_HOME=$HOME/Python-workhome

  Which $HOME/Python-workhomeis next going to store the address of the virtual environment

• Startup script

  source /usr/local/bin/virtualenvwrapper.sh

• virtualenvwrapper related operations command

  # 创建环境
  mkvirtualenv NewEnvName
  
  # 显示当前已有环境
  workon
  
  # 切换环境
  workon EnvName
  
  # 退出环境
  deactivate
  
  # 删除环境
  rmvirtualenv EnvName

  For example (FIG mac is mounted on a presentation, but not installed on angr life and death, to get a long time, and finally changed mounted in ubuntu16.04) :)
  

• Here, we use the command to create a virtual environment called angrenv to complete the remaining operations

  mkvirtualenv deflatEnv

In deflatEnv the installation angr

• On macOS installation, an error would be crazy, what is the main unicornproblem, toss a long time, and finally moved to Ubuntu, once the installation was successful. . . . . .
  

• Installation angr

  pip install angr

  Very smooth :)
  

BARF installed in the deflatEnv

• From BARF on github repository , find the installation guide, use the following command to install

  mkdir barf
  cd ./barf
  git clone https://github.com/programa-stic/barf-project
  cd ./barf-project
  sudo python setup.py install

• README.md mentioned, you need to install Z3 and CVC4, but did not install the BARF also successfully finished installation. . Besides there is a problem

Installation deflat

• Using the following command to install deflat

  mkdir deflat
  cd ./deflat
  git clone https://github.com/SnowGirls/deflat.git
  cd ./deflat

Use deflat

• The github deflat of content may be performed to control the flow flattening removal work using the following command

  python deflat.py check_passwd_flat 0x400530

  Which 0x400530is the address of the correlation function IDA

• However, I will perform it will complain, look again, according to the control flow flattening tool deflat.py repair remove description, has been modified

• Executed again, or error, then see the contents of the issue, it should be a problem because the versions do not match the lead, and the last afternoon to no avail. . . (Used to do the reverse, found not find the main function, casually looking, to see the control flow flattening, the Internet is the same kind of solution - use deflat, first toss on mac, toss on ubuntu, last no fruit in the afternoon, I too hard)

reference

• Symbolic execution tool angr installation tutorial
• deflat-SnowGirls的github
• Repair removal control flow planarization tool deflat.py
• virtualenvwrapper 4.8.5.dev5
• deflat of github