angr is a platform-agnostic binary analysis framework developed by the Computer Security Lab at UC Santa Barbara and their associated CTF team, Shellphish.
angr is a suite of Python 2 libraries that let you load a binary and do a lot of cool things to it:
- Disassembly and intermediate-representation lifting
- Program instrumentation
- Symbolic execution
- Control-flow analysis
- Data-dependency analysis
- Value-set analysis (VSA)
The most common angr operation is loading a binary:
p = angr.Project('/bin/bash') If you do this in IPython 5.x LTS or earlier, you can use tab-autocomplete to browse the top-level-accessible methods and their docstrings.
The short version of "how to install angr" is
mkvirtualenv angr && python2 -m pip install angr.
angr does a lot of binary analysis stuff. To get you started, here's a simple example of using symbolic execution to get a flag in a CTF challenge.
import angr project = angr.Project("angr-doc/examples/defcamp_r100/r100", auto_load_libs=False) @project.hook(0x400844) def print_flag(state): print("FLAG SHOULD BE:", state.posix.dump_fd(0)) project.terminate_execution() project.execute()