From 3d4853f9a7bd316e76ef8abaa2f7bb6754eea6cb Mon Sep 17 00:00:00 2001 From: Adam O'Hara Date: Mon, 20 Apr 2020 04:26:24 +0100 Subject: [PATCH 01/16] Fixed bug when rop.call() used sigreturn with string args (#1484) Previously, the rop._srop_call function would append the args without checking whether their value would work directly in a register. It now uses AppendedArgument to determine whether the value is pushed to the end of the ROP chain. --- pwnlib/rop/rop.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pwnlib/rop/rop.py b/pwnlib/rop/rop.py index 2ffa2eefc..9e7803991 100644 --- a/pwnlib/rop/rop.py +++ b/pwnlib/rop/rop.py @@ -966,7 +966,10 @@ def _srop_call(self, resolvable, arguments): SYS_sigreturn = constants.SYS_rt_sigreturn for register, value in zip(frame.arguments, arguments): - frame[register] = value + if not isinstance(value, six.integer_types + (Unresolved,)): + frame[register] = AppendedArgument(value) + else: + frame[register] = value # Set up a call frame which will set EAX and invoke the syscall call = Call('SYS_sigreturn', From 9b56b58f954e57c304136b62ab2430ad3bd51325 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Tue, 2 Jun 2020 20:22:17 +0200 Subject: [PATCH 02/16] Auto-merge staging branches to protected ones --- .github/workflows/ci.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5777e7b29..afd77eb31 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -107,6 +107,20 @@ jobs: - name: Upload coverage to coveralls.io run: COVERALLS_REPO_TOKEN=PP20MEgztXIQJJTguQwe2jeCh6Bm4lkbv coveralls + staging-merge: + runs-on: ubuntu-latest + if: github.repository_owner == 'Gallopsled' && github.event_name == 'push' && startsWith(github.event.ref, 'refs/heads/') && endsWith(github.event.ref, '-staging') + needs: build + steps: + - uses: actions/checkout@v2 + - name: Push changes to protected branch + env: + GITHUB_REF: ${{github.event.ref}} + run: | + BRANCH=${GITHUB_REF#refs/heads/} + git branch -f "${BRANCH%-staging}" + git push origin "${BRANCH%-staging}" + pypi: runs-on: ubuntu-latest if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags') @@ -122,3 +136,6 @@ jobs: with: user: __token__ password: ${{ secrets.pypi_password }} + + - if: failure() + run: ls -R From c4c11a37f83f9581f214620877366be98622a0d5 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Tue, 2 Jun 2020 21:59:51 +0200 Subject: [PATCH 03/16] Fix random test regression --- pwnlib/elf/elf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index 8c5694553..d17bf9b19 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -1871,7 +1871,7 @@ def u8(self, address, *a, **kw): def unpack(self, address, *a, **kw): """Unpacks an integer from the specified ``address``.""" self._update_args(kw) - return packing.unpack(self.read(address, context.bytes), *a, **kw) + return packing.unpack(self.read(address, self.bytes), *a, **kw) def string(self, address): """string(address) -> str From 163c19dd49cc75859398f8a2685e118587ca07be Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 00:57:28 +0200 Subject: [PATCH 04/16] Freeze unicorn (see #1538) --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 102e87fb0..3b3a959cf 100755 --- a/setup.py +++ b/setup.py @@ -60,7 +60,7 @@ 'psutil>=3.3.0', 'intervaltree>=3.0', 'sortedcontainers', - 'unicorn>=1.0.2rc1', # see unicorn-engine/unicorn#1100, unicorn-engine/unicorn#1170 + 'unicorn>=1.0.2rc1,<1.0.2rc4', # see unicorn-engine/unicorn#1100, unicorn-engine/unicorn#1170, Gallopsled/pwntools#1538 ] # Check that the user has installed the Python development headers From c0e4db94f199fbd8fed4c4fc1de8bc5372324719 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 08:06:03 +0200 Subject: [PATCH 05/16] Try pull before push --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afd77eb31..f44f58f06 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -118,7 +118,8 @@ jobs: GITHUB_REF: ${{github.event.ref}} run: | BRANCH=${GITHUB_REF#refs/heads/} - git branch -f "${BRANCH%-staging}" + git checkout -B "${BRANCH%-staging}" + git pull --ff-only origin "${BRANCH-staging}" git push origin "${BRANCH%-staging}" pypi: From 8210bba2abe6266f232f34a99f23bdb1351d0b72 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 13:09:39 +0200 Subject: [PATCH 06/16] Try to make actions behave --- .github/workflows/ci.yml | 48 ++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f44f58f06..4198974ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,13 +17,6 @@ jobs: path: ~/.cache/pip key: ${{ matrix.os }}-cache-pip - - name: Cache for dependencies - uses: actions/cache@v1 - id: cache-deps - with: - path: android-sdk - key: ${{ matrix.os }}-cache-deps - - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v1 with: @@ -35,7 +28,28 @@ jobs: flake8 . --count --select=E9,F63,F7 --show-source --statistics --exclude=android-?dk # TODO: Add F82 flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics --exclude=pwnlib/constants,android-?dk,.git,__pycache__ + - name: Detect whether java is needed + id: java-needed + env: + GITHUB_REF: ${{ github.event.ref }} + GITHUB_COMMIT_RANGE: ${{ github.event.before }}...${{ github.event.after }} + run: | + if echo "$GITHUB_REF" | grep -Eq 'staging|tags'; then + echo "Found release or important branch ($GITHUB_REF), forcing tests." + elif ! git show "$GITHUB_COMMIT_RANGE" >/dev/null; then + echo 'Incorrect commit range, forcing android tests.' + elif git log --stat "$GITHUB_COMMIT_RANGE" | grep -iE 'android|\'; then + echo 'Found Android-related commits, forcing tests.' + else + # clear files that cause Android doctests + : > docs/source/adb.rst > docs/source/protocols/adb.rst + exit 0 + fi + echo ::set-output name=need::openjdk-8-jre-headless + - name: Install Linux dependencies + env: + ANDROID_JRE: ${{ steps.java-needed.outputs.need }} run: | sudo apt-get update sudo apt-get install -y --no-install-recommends -o Acquire::Retries=3 \ @@ -47,17 +61,16 @@ jobs: binutils-mips-linux-gnu \ binutils-powerpc-linux-gnu \ gcc-multilib \ - openjdk-8-jre-headless + $ANDROID_JRE sudo apt-get install -y -o Acquire::Retries=3 \ gcc-aarch64-linux-gnu \ gcc-arm-linux-gnueabihf - name: Install android avd - if: steps.cache-deps.outputs.cache-hit != 'true' + if: steps.java-needed.outputs.need run: | USER=travis source travis/install.sh - adb emu kill - set | egrep '^(ANDROID|PATH)' >android-sdk/.android.env + set | egrep '^(ANDROID|PATH)' >.android.env - name: Set up SSH run: | @@ -87,9 +100,7 @@ jobs: - name: Coverage doctests run: | - source android-sdk/.android.env - android-sdk/emulator/emulator -avd android-$ANDROID_ABI -no-window -no-boot-anim -read-only -no-audio -no-window -no-snapshot & - adb wait-for-device + source .android.env || : echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope # required by some gdb doctests PWNLIB_NOTERM=1 coverage run -m sphinx -b doctest docs/source docs/build/doctest coverage combine @@ -118,9 +129,12 @@ jobs: GITHUB_REF: ${{github.event.ref}} run: | BRANCH=${GITHUB_REF#refs/heads/} - git checkout -B "${BRANCH%-staging}" - git pull --ff-only origin "${BRANCH-staging}" - git push origin "${BRANCH%-staging}" + TARGET=${BRANCH%-staging} + git fetch --shallow-exclude="$TARGET" + # XXX here comes the ugliest hack I ever made with git + git fetch --depth=2 $(cat .git/shallow) + git branch -f "$TARGET" + git push origin "$TARGET" pypi: runs-on: ubuntu-latest From 9706275a3d86bea26a609de144a3410a3e3a8450 Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 16:25:18 +0200 Subject: [PATCH 07/16] Auto-merging possible --- .github/workflows/ci.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4198974ea..365cb110b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -124,15 +124,14 @@ jobs: needs: build steps: - uses: actions/checkout@v2 + with: + fetch-depth: 20 - name: Push changes to protected branch env: - GITHUB_REF: ${{github.event.ref}} + GITHUB_REF: ${{ github.event.ref }} run: | BRANCH=${GITHUB_REF#refs/heads/} TARGET=${BRANCH%-staging} - git fetch --shallow-exclude="$TARGET" - # XXX here comes the ugliest hack I ever made with git - git fetch --depth=2 $(cat .git/shallow) git branch -f "$TARGET" git push origin "$TARGET" From 1f68bf6560bee6c344c667fcb97416812eca47cb Mon Sep 17 00:00:00 2001 From: Heap Crash <66139157+heapcrash@users.noreply.github.com> Date: Wed, 3 Jun 2020 12:10:39 -0500 Subject: [PATCH 08/16] Update Corefile warnings and replace asserts with normal checks (#1526) * Update Corefile warnings and replace asserts with normal checks This means that most of the Corefile will still work, even if we encounter issues while parsing data from the stack. * Update pwnlib/elf/corefile.py * Add missing return statement Co-authored-by: Arusekk --- pwnlib/elf/corefile.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/pwnlib/elf/corefile.py b/pwnlib/elf/corefile.py index 9e0792997..bc92a9e70 100644 --- a/pwnlib/elf/corefile.py +++ b/pwnlib/elf/corefile.py @@ -945,16 +945,11 @@ def _parse_stack(self): # Sanity check! try: - assert stack[address] == b'\x00' - except AssertionError: - # Something weird is happening. Just don't touch it. - log.debug("Something is weird") - return + if stack[address] != b'\x00': + log.warning("Error parsing corefile stack: Could not find end of environment") + return except ValueError: - # If the stack is not actually present in the coredump, we can't - # read from the stack. This will fail as: - # ValueError: 'seek out of range' - log.debug("ValueError") + log.warning("Error parsing corefile stack: Address out of bounds") return # address is currently set to the NULL terminator of the last @@ -968,12 +963,14 @@ def _parse_stack(self): p_last_env_addr = stack.find(pack(last_env_addr), None, last_env_addr) if p_last_env_addr < 0: # Something weird is happening. Just don't touch it. - log.warn_once("Found bad environment at %#x", last_env_addr) + log.warn_once("Error parsing corefile stack: Found bad environment at %#x", last_env_addr) return # Sanity check that we did correctly find the envp NULL terminator. envp_nullterm = p_last_env_addr+context.bytes - assert self.unpack(envp_nullterm) == 0 + if self.unpack(envp_nullterm) != 0: + log.warning("Error parsing corefile stack: Could not find end of environment variables") + return # We've successfully located the end of the envp[] array. # @@ -1535,4 +1532,3 @@ def binfmt_lookup(self): return keys['interpreter'] return '' - From 1b6393f381bc6b30d711ce3b005918fbd99003f3 Mon Sep 17 00:00:00 2001 From: T145 Date: Wed, 3 Jun 2020 17:27:31 +0000 Subject: [PATCH 09/16] Updated install documentation to reflect the README (#1430) Co-authored-by: Arusekk Co-authored-by: heapcrash <66139157+heapcrash@users.noreply.github.com> --- docs/source/install.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/install.rst b/docs/source/install.rst index ae1cceb62..6c3ec549b 100644 --- a/docs/source/install.rst +++ b/docs/source/install.rst @@ -25,9 +25,9 @@ pwntools is available as a ``pip`` package. .. code-block:: bash $ apt-get update - $ apt-get install python2.7 python-pip python-dev git libssl-dev libffi-dev build-essential - $ pip install --upgrade pip - $ pip install --upgrade pwntools + $ apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential + $ python3 -m pip install --upgrade pip + $ python3 -m pip install --upgrade pwntools Development -------------- From 21c9d00078f6e4715ff5b44a7f2a441bdd082309 Mon Sep 17 00:00:00 2001 From: peace-maker Date: Wed, 3 Jun 2020 20:20:22 +0200 Subject: [PATCH 10/16] Fix updating of ELF.functions addresses after changing ELF.address #1512 (#1513) `ELF.functions` wasn't updated after the binary base address was changed using `ELF.address` like `ELF.symbols` is. The documentation mentions `ELF.functions` getting updated as well, the update was missing though. Closes #1512 Co-authored-by: Arusekk --- pwnlib/elf/elf.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pwnlib/elf/elf.py b/pwnlib/elf/elf.py index d17bf9b19..1aeca2367 100644 --- a/pwnlib/elf/elf.py +++ b/pwnlib/elf/elf.py @@ -591,6 +591,8 @@ def address(self, new): self.symbols = dotdict({k:update(v) for k,v in self.symbols.items()}) self.plt = dotdict({k:update(v) for k,v in self.plt.items()}) self.got = dotdict({k:update(v) for k,v in self.got.items()}) + for f in self.functions.values(): + f.address += delta # Update our view of memory memory = intervaltree.IntervalTree() From ad4c62b9fd420034e17214d0700ed8877cbd7544 Mon Sep 17 00:00:00 2001 From: Tijani Date: Wed, 6 May 2020 09:57:35 -0500 Subject: [PATCH 11/16] Update about.rst (#1501) Fix grammatical error --- docs/source/about.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/about.rst b/docs/source/about.rst index 9bd6e3d72..1a62e7b52 100644 --- a/docs/source/about.rst +++ b/docs/source/about.rst @@ -47,7 +47,7 @@ This module is our "clean" python-code. As a rule, we do not think that importing :mod:`pwnlib` or any of the submodules should have any significant side-effects (besides e.g. caching). -For the most part, you will also only get the bits you import. You for instance +For the most part, you will also only get the bits you import. You for instance would not get access to :mod:`pwnlib.util.packing` simply by doing ``import pwnlib.util``. From 0a978df7bf06621ea5486632cdd344220eab55fd Mon Sep 17 00:00:00 2001 From: Bruce Chen Date: Thu, 28 May 2020 04:14:20 +0800 Subject: [PATCH 12/16] Fix CHANGELOG.md (#1504) * Fix bunch of invalid PR/commit link * Merge two 3.12.1 into one 3.12.1 * Add 3.12.2 --- CHANGELOG.md | 77 ++++++++++++++++++++++++++++------------------------ 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2926777c..a771d2dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The table below shows which release corresponds to each branch, and what date th | [4.0.1](#401) | | Jan 22, 2020 | [4.0.0](#400) | | Jan 09, 2020 | [3.13.0](#3130) | | Nov 5, 2019 +| [3.12.2](#3122) | | Jan 8, 2019 | [3.12.1](#3121) | | Sept 17, 2018 | [3.12.0](#3120) | | Feb 22, 2018 | [3.11.0](#3110) | | Jan 3, 2018 @@ -55,13 +56,14 @@ To be released on Jun 30, 2020. To be released on May 30, 2020. -- #1436 Add ret2dlresolve automation +- [#1436][1436] Add ret2dlresolve automation - [fecf9f] tubes.ssh.process() no longer requires python 2 installed on remote (still requires python, though) - Miscellanous improvements to DynElf and fmtstr leaker (see examples/fmtstr/exploit2.py) -- #1454 Support for windows console colors - -[fecf9f]: http://github.com/Gallopsled/pwntols/commit/fecf9f +- [#1454][1454] Support for windows console colors +[1436]: https://github.com/Gallopsled/pwntools/pull/1436 +[fecf9f]: http://github.com/Gallopsled/pwntools/commit/fecf9f +[1454]: https://github.com/Gallopsled/pwntools/pull/1454 ## 4.1.0 (`stable`) @@ -72,15 +74,19 @@ To be released on May 30, 2020. - [#1241][1241] Launch QEMU with sysroot if specified - [#1218][1218] Support for FileStructure exploitation -[1241]: https://github.com/Gallopsled/pwntools/pulls/1218 -[1218]: https://github.com/Gallopsled/pwntools/pulls/1218 +[1316]: https://github.com/Gallopsled/pwntools/pull/1316 +[1323]: https://github.com/Gallopsled/pwntools/pull/1323 +[1001]: https://github.com/Gallopsled/pwntools/pull/1001 +[1389]: https://github.com/Gallopsled/pwntools/pull/1389 +[1241]: https://github.com/Gallopsled/pwntools/pull/1241 +[1218]: https://github.com/Gallopsled/pwntools/pull/1218 ## 4.0.1 - [#1412][1412] `recvline_pred()` and similar do not reorder data - Bypass unicorn-engine/unicorn#1100 and unicorn-engine/unicorn#1170 requiring unstable package -[1412]: https://github.com/Gallopsled/pwntools/pulls/1412 +[1412]: https://github.com/Gallopsled/pwntools/pull/1412 ## 4.0.0 @@ -94,12 +100,13 @@ To be released on May 30, 2020. - [#1202][1202] Docker: Kill 14 layers in pwntools base images - [#1182][1182] shellcraft.dupio() for mips -[1391]: https://github.com/Gallopsled/pwntools/pulls/1391 -[1317]: https://github.com/Gallopsled/pwntools/pulls/1317 -[1285]: https://github.com/Gallopsled/pwntools/pulls/1285 -[1216]: https://github.com/Gallopsled/pwntools/pulls/1216 -[1202]: https://github.com/Gallopsled/pwntools/pulls/1202 -[1182]: https://github.com/Gallopsled/pwntools/pulls/1182 +[1402]: https://github.com/Gallopsled/pwntools/pull/1402 +[1391]: https://github.com/Gallopsled/pwntools/pull/1391 +[1317]: https://github.com/Gallopsled/pwntools/pull/1317 +[1285]: https://github.com/Gallopsled/pwntools/pull/1285 +[1216]: https://github.com/Gallopsled/pwntools/pull/1216 +[1202]: https://github.com/Gallopsled/pwntools/pull/1202 +[1182]: https://github.com/Gallopsled/pwntools/pull/1182 [76413f]: https://github.com/Gallopsled/pwntools/commit/76413f ## 3.13.0 @@ -110,32 +117,16 @@ To be released on May 30, 2020. - [#1277][1277] Fix timeout parameter passing in sendlineafter and other similar functions - [#1292][1292] Provide correct arch name to gdb for sparc64 -[1175]: https://github.com/Gallopsled/pwntools/pulls/1175 -[1204]: https://github.com/Gallopsled/pwntools/pulls/1355 -[1277]: https://github.com/Gallopsled/pwntools/pulls/1277 -[1292]: https://github.com/Gallopsled/pwntools/pulls/1292 -[1355]: https://github.com/Gallopsled/pwntools/pulls/1355 - -## 3.12.1 - -- [#1104][1104] Add `DynELF.dump()` for dumping remote ELF files -- [#1101][1101] Set `context.os` via `context.binary`, useful for Android exploitation -- [5fdc08][5fdc08] Work around broken `pidof` on Android -- [63dfed][63dfed] Print warning when Corefile deletion fails instead of throwing an exception -- [#1094][1094] Make hexdump output alignment more consistent -- [#1096][1096] `flat()` and `fit()` are now the same function - -[1104]: https://github.com/Gallopsled/pwntools/pull/1104 -[1101]: https://github.com/Gallopsled/pwntools/pull/1101 -[1094]: https://github.com/Gallopsled/pwntools/pull/1094 -[1096]: https://github.com/Gallopsled/pwntools/pull/1096 -[5fdc08]: https://github.com/Gallopsled/pwntools/commit/5fdc08 -[63dfed]: https://github.com/Gallopsled/pwntools/commit/63dfed +[1175]: https://github.com/Gallopsled/pwntools/pull/1175 +[1204]: https://github.com/Gallopsled/pwntools/pull/1204 +[1277]: https://github.com/Gallopsled/pwntools/pull/1277 +[1292]: https://github.com/Gallopsled/pwntools/pull/1292 +[1355]: https://github.com/Gallopsled/pwntools/pull/1355 ## 3.12.2 -- [1242][1242] Use IntervalTree 2.xx, disallow use of 3.xx -- [1243][1243] Fix a typo that caused an exception when executing a binary with `process()` which returns `-ENOEXEC` and the system does not have `qemu-user` binaries installed. +- [#1242][1242] Use IntervalTree 2.xx, disallow use of 3.xx +- [#1243][1243] Fix a typo that caused an exception when executing a binary with `process()` which returns `-ENOEXEC` and the system does not have `qemu-user` binaries installed. [1242]: https://github.com/Gallopsled/pwntools/pull/1242 [1243]: https://github.com/Gallopsled/pwntools/pull/1243 @@ -153,7 +144,15 @@ To be released on May 30, 2020. - [#1131][1131] Add "libc-" to libc prefixes in `process` tubes - [#1125][1125] Fix a typo - [#1121][1121] Fix tests which were broken by an upstream Sphinx change +- [#1104][1104] Add `DynELF.dump()` for dumping remote ELF files +- [#1101][1101] Set `context.os` via `context.binary`, useful for Android exploitation +- [5fdc08][5fdc08] Work around broken `pidof` on Android +- [63dfed][63dfed] Print warning when Corefile deletion fails instead of throwing an exception +- [#1094][1094] Make hexdump output alignment more consistent +- [#1096][1096] `flat()` and `fit()` are now the same function +[1198]: https://github.com/Gallopsled/pwntools/pull/1198 +[1191]: https://github.com/Gallopsled/pwntools/pull/1191 [1159]: https://github.com/Gallopsled/pwntools/pull/1159 [1162]: https://github.com/Gallopsled/pwntools/pull/1162 [1150]: https://github.com/Gallopsled/pwntools/pull/1150 @@ -163,6 +162,12 @@ To be released on May 30, 2020. [1131]: https://github.com/Gallopsled/pwntools/pull/1131 [1125]: https://github.com/Gallopsled/pwntools/pull/1125 [1121]: https://github.com/Gallopsled/pwntools/pull/1121 +[1104]: https://github.com/Gallopsled/pwntools/pull/1104 +[1101]: https://github.com/Gallopsled/pwntools/pull/1101 +[1094]: https://github.com/Gallopsled/pwntools/pull/1094 +[1096]: https://github.com/Gallopsled/pwntools/pull/1096 +[5fdc08]: https://github.com/Gallopsled/pwntools/commit/5fdc08 +[63dfed]: https://github.com/Gallopsled/pwntools/commit/63dfed ## 3.12.0 From ccb49abe35d5ece697ef26a27868e5cc508274b8 Mon Sep 17 00:00:00 2001 From: Kyle Zeng Date: Fri, 10 Apr 2020 13:57:09 -0700 Subject: [PATCH 13/16] several py2-py3 issues (#1451) * in python3 pidof returns a generator * make cyclic commandline work again --- pwnlib/commandline/cyclic.py | 3 ++- pwnlib/gdb.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pwnlib/commandline/cyclic.py b/pwnlib/commandline/cyclic.py index 729d21ef6..8a3a017fe 100644 --- a/pwnlib/commandline/cyclic.py +++ b/pwnlib/commandline/cyclic.py @@ -20,7 +20,8 @@ parser.add_argument( '-a', '--alphabet', metavar = 'alphabet', - default = string.ascii_lowercase, + default = string.ascii_lowercase.encode(), + type = bytes, help = 'The alphabet to use in the cyclic pattern (defaults to all lower case letters)', ) diff --git a/pwnlib/gdb.py b/pwnlib/gdb.py index 49d858da9..186e1469a 100644 --- a/pwnlib/gdb.py +++ b/pwnlib/gdb.py @@ -649,7 +649,7 @@ def attach(target, gdbscript = '', exe = None, need_ptrace_scope = True, gdb_arg if context.os == 'android': pidof = adb.pidof - pids = pidof(target) + pids = list(pidof(target)) if not pids: log.error('No such process: %s' % target) pid = pids[0] From 2fcc39eb6ea91c76ed7921720d941c5ee4a8287d Mon Sep 17 00:00:00 2001 From: Arusekk Date: Thu, 23 Apr 2020 14:33:39 +0200 Subject: [PATCH 14/16] Fix cyclic command under py3 --- pwnlib/commandline/cyclic.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pwnlib/commandline/cyclic.py b/pwnlib/commandline/cyclic.py index 8a3a017fe..5bae5aa17 100644 --- a/pwnlib/commandline/cyclic.py +++ b/pwnlib/commandline/cyclic.py @@ -91,10 +91,11 @@ def main(args): if got < want: log.failure("Alphabet too small (max length = %i)" % got) - sys.stdout.write(result) + out = getattr(sys.stdout, 'buffer', sys.stdout) + out.write(result) - if sys.stdout.isatty(): - sys.stdout.write('\n') + if out.isatty(): + out.write(b'\n') if __name__ == '__main__': pwnlib.commandline.common.main(__file__) From 3ff46ff8d48df739cebee7267285a40c1504e31d Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 22:41:30 +0200 Subject: [PATCH 15/16] Fix cyclic (cf. #1518) --- pwnlib/commandline/cyclic.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pwnlib/commandline/cyclic.py b/pwnlib/commandline/cyclic.py index 5bae5aa17..31498f134 100644 --- a/pwnlib/commandline/cyclic.py +++ b/pwnlib/commandline/cyclic.py @@ -3,6 +3,7 @@ from __future__ import division import argparse +import six import string import sys @@ -21,7 +22,7 @@ '-a', '--alphabet', metavar = 'alphabet', default = string.ascii_lowercase.encode(), - type = bytes, + type = six.ensure_binary, help = 'The alphabet to use in the cyclic pattern (defaults to all lower case letters)', ) @@ -65,9 +66,10 @@ def main(args): pat = args.lookup try: - pat = packing.pack(int(pat, 0), subsize*8) + pat = int(pat, 0) except ValueError: pass + pat = flat(pat) if len(pat) != subsize: log.critical('Subpattern must be %d bytes' % subsize) From 917ffd866778d6452f37b1e4b4e02d8ce57c029e Mon Sep 17 00:00:00 2001 From: Arusekk Date: Wed, 3 Jun 2020 23:08:35 +0200 Subject: [PATCH 16/16] Release 4.1.1 --- CHANGELOG.md | 18 ++++++++++++++---- pwnlib/version.py | 2 +- setup.py | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a771d2dd1..53922447f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,8 +10,9 @@ The table below shows which release corresponds to each branch, and what date th | Version | Branch | Release Date | | ---------------- | -------- | ---------------------- | | [4.3.0](#430) | `dev` | Jun 30, 2020 (planned) -| [4.2.0](#420) | `beta` | May 30, 2020 (planned) -| [4.1.0](#410) | `stable` | May 8, 2020 +| [4.2.0](#420) | `beta` | Jun 5, 2020 (planned) +| [4.1.1](#411) | `stable` | Jun 3, 2020 +| [4.1.0](#410) | | May 8, 2020 | [4.0.1](#401) | | Jan 22, 2020 | [4.0.0](#400) | | Jan 09, 2020 | [3.13.0](#3130) | | Nov 5, 2019 @@ -54,7 +55,7 @@ To be released on Jun 30, 2020. ## 4.2.0 (`beta`) -To be released on May 30, 2020. +To be released on Jun 5, 2020. - [#1436][1436] Add ret2dlresolve automation - [fecf9f] tubes.ssh.process() no longer requires python 2 installed on remote (still requires python, though) @@ -65,7 +66,16 @@ To be released on May 30, 2020. [fecf9f]: http://github.com/Gallopsled/pwntools/commit/fecf9f [1454]: https://github.com/Gallopsled/pwntools/pull/1454 -## 4.1.0 (`stable`) +## 4.1.1 (`stable`) + +- Fix PLT resolution by locking unicorn <1.0.2rc4 (#1538) +- Fix wrong ELF/context unpack handling (c4c11a37) +- Fix updating of ELF.functions addresses after changing ELF.address #1512 (#1513) +- Update Corefile warnings and replace asserts with normal checks (#1526) +- several py2-py3 issues (#1451) +- Fix cyclic command + +## 4.1.0 - [#1316][1316] Fix connect shellcraft in python 3 - [#1323][1323] Fix issues related with debugging diff --git a/pwnlib/version.py b/pwnlib/version.py index fa721b497..47cbba723 100644 --- a/pwnlib/version.py +++ b/pwnlib/version.py @@ -1 +1 @@ -__version__ = '4.1.0' +__version__ = '4.1.1' diff --git a/setup.py b/setup.py index 3b3a959cf..55918a3c3 100755 --- a/setup.py +++ b/setup.py @@ -82,7 +82,7 @@ name = 'pwntools', python_requires = '>=2.7', packages = find_packages(), - version = '4.1.0', + version = '4.1.1', data_files = [('', glob.glob('*.md') + glob.glob('*.txt')), ],