You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[+] Getting argument functions
[+] Analyzing 14 functions
[~] Finding all the vulnerabilities: 93%|████████████████████████████████▌ | 13/14 [09:26<00:43, 43.55s/it]
It doesn't find the injection vulnerbaility. There is an error I can see in the celery log:
[2020-09-23 18:39:57,990: INFO/MainProcess] Received task: firmware_slap.celery_tasks.async_trace_func[530d180a-3aab-4b42-a179-26f31b0b2c47]
[2020-09-23 18:40:05,244: ERROR/ForkPoolWorker-3] Task firmware_slap.celery_tasks.async_trace_func[05e27192-2f3c-4199-acd7-0d30210d8614] raised unexpected: TypeError('Must provide size to load')
Traceback (most recent call last):
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/celery/app/trace.py", line 412, in trace_task
R = retval = fun(*args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/celery/app/trace.py", line 704, in protected_call
return self.run(*args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/firmware_slap/celery_tasks.py", line 27, in async_trace_func
proj, simgr = do_trace(start_addr,
File "/home/bitnomad/Tools/Firmware_Slap/firmware_slap/function_analyzer.py", line 274, in do_trace
simgr.explore(step_func=check_mem_corrupt)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_manager.py", line 239, in explore
self.run(stash=stash, n=n, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_manager.py", line 261, in run
self.step(stash=stash, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/misc/hookset.py", line 75, in call
result = current_hook(self.func.self, *args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/exploration_techniques/explorer.py", line 96, in step
return simgr.step(stash=stash, extra_stop_points=base_extra_stop_points | self._extra_stop_points, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/misc/hookset.py", line 80, in call
return self.func(*args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_manager.py", line 346, in step
successors = self.step_state(state, successor_func=successor_func, **run_args)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_manager.py", line 383, in step_state
successors = self.successors(state, successor_func=successor_func, **run_args)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_manager.py", line 422, in successors
return self._project.factory.successors(state, **run_args)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/factory.py", line 60, in successors
return self.default_engine.process(*args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/vex/light/slicing.py", line 19, in process
return super().process(*args, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/engine.py", line 149, in process
self.process_successors(self.successors, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/failure.py", line 21, in process_successors
return super().process_successors(successors, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/syscall.py", line 18, in process_successors
return super().process_successors(successors, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/hook.py", line 61, in process_successors
return self.process_procedure(state, successors, procedure, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/engines/procedure.py", line 37, in process_procedure
inst = procedure.execute(state, successors, ret_to=ret_to)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/sim_procedure.py", line 226, in execute
r = getattr(inst, inst.run_func)(*sim_args, **inst.kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/firmware_slap/command_injection.py", line 111, in run
self.check_exploitable(cmd)
File "/home/bitnomad/Tools/Firmware_Slap/firmware_slap/command_injection.py", line 11, in check_exploitable
value = self.state.memory.load(cmd)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/unwrapper_mixin.py", line 14, in load
return super().load(_raw_ast(addr),
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/name_resolution_mixin.py", line 57, in load
return super().load(addr, size=size, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/bvv_conversion_mixin.py", line 28, in load
return super().load(addr, size=size, fallback=fallback_bv, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/clouseau_mixin.py", line 53, in load
return super().load(addr,
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/actions_mixin.py", line 13, in load
r = super().load(addr, size=size, condition=condition, fallback=fallback, action=action, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/underconstrained_mixin.py", line 17, in load
return super().load(addr, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/size_resolution_mixin.py", line 69, in load
return super().load(addr, size=size, **kwargs)
File "/home/bitnomad/Tools/Firmware_Slap/fwslap/lib/python3.8/site-packages/angr/storage/memory_mixins/size_resolution_mixin.py", line 20, in load
raise TypeError("Must provide size to load")
TypeError: Must provide size to load
It seems like angr is requiering a size to load. I didn't find a file where I could set a value.
The text was updated successfully, but these errors were encountered:
Hi,
when running the example with the provided cgi example:
I get this output:
It doesn't find the injection vulnerbaility. There is an error I can see in the celery log:
It seems like angr is requiering a size to load. I didn't find a file where I could set a value.
The text was updated successfully, but these errors were encountered: