This repository has been archived by the owner on Apr 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 380
/
solve.py
59 lines (42 loc) · 1.87 KB
/
solve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import os
import angr
from angr.procedures.java import JavaSimProcedure
from angr.engines.soot.values import SimSootValue_ThisRef
from archinfo.arch_soot import SootArgument, SootMethodDescriptor
file_dir = os.path.dirname(os.path.realpath(__file__))
result = None
class Dummy_String_valueOf(JavaSimProcedure):
__provides__ = (
("java.lang.String", "valueOf(int)"),
)
def run(self, intv): # pylint: disable=W0221
global result
result = intv
return ""
def test_androidnative1():
sdk_path = os.path.join(os.path.expanduser("~"), "Android/Sdk/platforms/")
if not os.path.exists(sdk_path):
print("cannot run test_apk_loading since there is no Android SDK folder")
return
apk_location = os.path.join(file_dir, "androidnative1.apk")
loading_opts = {'android_sdk': sdk_path,
'entry_point': 'com.angr.nativetest1.MainActivity.onCreate',
'entry_point_params': ('android.os.Bundle', ),
'supported_jni_archs': ['x86']}
project = angr.Project(apk_location, main_opts=loading_opts)
project.hook(SootMethodDescriptor(class_name="java.lang.String", name="valueOf", params=('int',)).address(), Dummy_String_valueOf())
blank_state = project.factory.blank_state()
a1 = SimSootValue_ThisRef.new_object(blank_state, 'com.angr.androidnative1.MainActivity')
a2 = SimSootValue_ThisRef.new_object(blank_state, 'android.os.Bundle', symbolic = True)
args = [SootArgument(arg, arg.type) for arg in [a1, a2]]
entry = project.factory.entry_state(args = args)
simgr = project.factory.simgr(entry)
simgr.run()
int_result = simgr.deadended[0].solver.eval(result)
assert int_result == 221
def test():
test_androidnative1()
if __name__ == "__main__":
import logging
logging.getLogger("angr.engines.soot.engine").setLevel("DEBUG")
test()