angr#
angr is a platform-agnostic binary analysis framework. It is brought to you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their associated CTF team, Shellphish, the open source community, and @rhelmot.
What?#
angr is a suite of Python 3 libraries that let you load a binary and do a lot of cool things to it:
Disassembly and intermediate-representation lifting
Program instrumentation
Symbolic execution
Control-flow analysis
Data-dependency analysis
Value-set analysis (VSA)
Decompilation
The most common angr operation is loading a binary: p = angr.Project('/bin/bash')
If you do this in an enhanced REPL like IPython, you can use tab-autocomplete to browse the top-level-accessible methods and their docstrings.
The short version of “how to install angr” is mkvirtualenv --python=$(which python3) angr && python -m pip install angr
.
Example#
angr does a lot of binary analysis stuff. To get you started, here’s a simple example of using symbolic execution to get a flag in a CTF challenge.
import angr
project = angr.Project("angr-doc/examples/defcamp_r100/r100", auto_load_libs=False)
@project.hook(0x400844)
def print_flag(state):
print("FLAG SHOULD BE:", state.posix.dumps(0))
project.terminate_execution()
project.execute()
Quick Start#
Documentation as HTML and as a Github repository
Dive right in: top-level-accessible methods