Symbolic execution engine for Whitespace language.
Project description
Whitesymex
Whitesymex is a symbolic execution engine for Whitespace. It uses dynamic symbolic analysis to find execution paths of a Whitespace program. It is inspired by angr.
Installation
It is available on pypi. It requires python 3.7.0+ to run.
$ pip install whitesymex
Usage
Command-line Interface
$ whitesymex -h
# usage: whitesymex [-h] [--version] [--find FIND] [--avoid AVOID] [--strategy {bfs,dfs,random}]
# [--loop-limit LIMIT]
# file
#
# Symbolic execution engine for Whitespace.
#
# positional arguments:
# file program to execute
#
# optional arguments:
# -h, --help show this help message and exit
# --version show program's version number and exit
# --find FIND string to find
# --avoid AVOID string to avoid
# --strategy {bfs,dfs,random}
# path exploration strategy (default: bfs)
# --loop-limit LIMIT maximum number of iterations for symbolic loops
Simple example:
$ whitesymex password_checker.ws --find 'Correct!' --avoid 'Nope.'
# p4ssw0rd
Python API
Simple example:
from whitesymex import parser
from whitesymex.state import State
from whitesymex.path_group import PathGroup
instructions = parser.parse_file("password_checker.ws")
state = State.create_entry_state(instructions)
path_group = PathGroup(state)
path_group.explore(find=b"Correct!", avoid=b"Nope.")
password = path_group.found[0].concretize()
print(password.encode())
# p4ssw0rd
More complex example from XCTF Finals 2020:
import z3
from whitesymex import parser, strategies
from whitesymex.path_group import PathGroup
from whitesymex.state import State
instructions = parser.parse_file("xctf-finals-2020-spaceship.ws")
flag_length = 18
flag = [z3.BitVec(f"flag_{i}", 24) for i in range(flag_length)] + list(b"\n")
state = State.create_entry_state(instructions, stdin=flag)
# The flag is printable.
for i in range(flag_length):
state.solver.add(z3.And(0x20 <= flag[i], flag[i] <= 0x7f))
path_group = PathGroup(state)
path_group.explore(avoid=b"Imposter!", strategy=strategies.DFS)
flag = path_group.deadended[0].concretize()
print(flag.decode())
# xctf{Wh1t3sym3x!?}
You can also concretize your symbolic variables instead of stdin:
import z3
from whitesymex import parser
from whitesymex.path_group import PathGroup
from whitesymex.state import State
instructions = parser.parse_file("tests/data/xctf-finals-2020-spaceship.ws")
symflag = [z3.BitVec(f"flag_{i}", 24) for i in range(12)]
stdin = list(b"xctf{") + symflag + list(b"}\n")
state = State.create_entry_state(instructions, stdin=stdin)
for c in symflag:
state.solver.add(z3.And(0x20 <= c, c <= 0x7f))
path_group = PathGroup(state)
path_group.explore(find=b"crewmember", avoid=b"Imposter!")
flag = path_group.found[0].concretize(symflag)
print("xctf{%s}" % flag)
# xctf{Wh1t3sym3x!?}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
whitesymex-0.1.0.tar.gz
(13.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file whitesymex-0.1.0.tar.gz.
File metadata
- Download URL: whitesymex-0.1.0.tar.gz
- Upload date:
- Size: 13.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c6b7a977807e4446fc96c6698e072365e03f9be4574a4e0210d624599908d505
|
|
| MD5 |
9217ebdb088e61ec67a5392f2d800bd8
|
|
| BLAKE2b-256 |
8aef47c8ea7ff5554bb323559bfa3891f084f476488c98270f046cec2141acdb
|
File details
Details for the file whitesymex-0.1.0-py3-none-any.whl.
File metadata
- Download URL: whitesymex-0.1.0-py3-none-any.whl
- Upload date:
- Size: 16.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.43.0 CPython/3.9.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a5c58bfa36ffd438a358b8bc8c20e1a0e4dca47adda03f4c75c6a2aaee0277ea
|
|
| MD5 |
a66a65d27b27077d58e533a174dfe5ff
|
|
| BLAKE2b-256 |
e59284db7c7a49581ee9b022b8da03dfe3457bb4dedfe6daee6915feb057658a
|
