Skip to content
Launch radare2 like a boss from pwntools in tmux
Python
Branch: master
Clone or download
Latest commit dd61d25 Aug 27, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
pwntools_r2 init Jul 25, 2019
.gitignore init Jul 25, 2019
README.md even moar info Aug 27, 2019
pwntools-gdb everything much better now <: Jul 25, 2019
setup.py update README.md Jul 26, 2019

README.md

pwntools-r2

Launch radare2 from pwntools. This has been tested to work in combination with tmux - other combinations may or may not work. This might also work with other setups without tmux but that's not supported currently.

alt text

As of now, only the Python2 version of pwntools is being actively maintained. A version for the currently unmaintained Python3 fork of pwntools will be released as soon as it's being actively maintained and updated with pwntools-gdb environment variable support.

Ok How To Use This?

  • Create a new pipenv: pipenv --python 2.7
  • Install this: pipenv install pwntools-r2
  • Enter the virtual environment: pipenv shell
  • Code your 1337 exploit:
#!/usr/bin/env python2

from pwntools_r2 import *

# You might want to change this
context.terminal = ['tmux', 'splitw', '-v']

r2script = """
#r2.cmd('db sym.main')
#r2.cmd('aaa')
#r2.cmd('V!')
"""

p = r2dbg('./a', r2script=r2script)
p.interactive()

Be sure to not forget interactive() at the end :)

Please note that the commands for r2 have to be prefixed with a #. If you want to pass additional parameters, you can use the same in the function prototype of gdb.debug from pwntools.

  • Do stuff: python2.7 ./exploit.py

Ok But How To Pass argv Values?

  • Write your payload to a temporary file before running the target process
  • Use this:
#r2.cmd('ood `!cat /tmp/payload`')

Troubleshooting

  • You can debug any errors with context.log_level = 'DEBUG' via your pwntools python script.
  • If no terminal can be found or any weird errors come up, try setting context.terminal accordingly - e.g. to urxvtc or ['tmux', 'splitw', '-v']

Credits

This is based on this and this.

You can’t perform that action at this time.