This is my undergraduate capstone project, and my very first attempt to develop a project using angr. Thanks for angr's developers for offering such a powerful tool!
See Yasat/checkers
Python virtual environment is highly recommended as Yasat is based on angr, which is a tool usually used in a virtual environment (see Installing angr). Let's create a virtual environment first:
$ mkvirtualenv --python=$(which python3) Yasat
Install binwalk in the virtual environment you just created:
$ workon Yasat
$ git clone https://github.com/ReFirmLabs/binwalk.git
$ cd binwalk
$ sudo `which python` setup.py install
You may also install binwalk's option dependencies to achieve a better unpacking success rate: binwalk/INSTALL.md
Then install Yasat using pip:
$ git clone https://github.com/bluesadi/Yasat.git
$ cd Yasat
$ pip install -e .
There are two commands availalbe once you have Yasat installed. You can first run yasat-example to check whether Yasat works properly on your machine. By this command, Yasat will be analyzing the example binaries in examples/input, which usually takes several minutes. After finished, you should see some output like below:
##################################################
# Summary #
##################################################
Time: 137 seconds
Extraction success rate: 100% (7 success, 0 failure, 0)
Analysis success rate: 100% (155 success, 0 failure, 0 timeout)
Misuses number: 42
- ConstantKeysChecker: 4
- ConstantSaltsChecker: 13
- ConstantIVsChecker: 0
- PBEIterationsChecker: 0
- RSAKeySizesChecker: 0
- UnsafeEVPAlogirthmsChecker: 4
- UnsafeAlgorithmsChecker: 21
Also you can check the detailed reports out in examples/out.
The more formal command is yasat, which takes two arguments as follows.
Configuration: Yasat's behavior is fully controlled by the configuration file, which you can specify by -c option. If not specified, Yasat will use config.yml by default. Take a look at config.yml and Yasat/main_cli.py for a better idea.
Multiprocessing: Use -p option to specify the maximum CPU cores for analyzing input files. Set this option to 1 if you do not want to use multiprocessing. The default number is half of the CPU cores of your machine.
yasat [-c <config>] [-p <processes>]
You may use our test cases generated by Yasat-TestsGenerator to examine Yasat. Just type pytest command in project's root directory. Yasat can not pass all the tests now, either because it's a trade-off between performance and accuracy or I'm just too lazy to fix that :)
$ pytest
=================================== test session starts ===================================
platform linux -- Python 3.10.6, pytest-7.3.1, pluggy-1.0.0
rootdir: /home/yibo/dev/Yasat
configfile: pyproject.toml
testpaths: tests
collected 44 items
tests/test_binary_operations.py ..................FFFF............ [ 77%]
tests/test_openssl.py ....F. [ 90%]
tests/test_unary_operations.py .... [100%]
======================================== FAILURES =========================================