Skip to content

Commit

Permalink
Use claripy ast.hash() instead of ast.cache_key (#111)
Browse files Browse the repository at this point in the history
  • Loading branch information
twizmwazin authored Oct 4, 2024
1 parent e97d392 commit 5817d5f
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion rex/crash.py
Original file line number Diff line number Diff line change
Expand Up @@ -1239,7 +1239,7 @@ def _reconstrain_flag_data(self, state):# pylint:disable=no-self-use
if any(v.startswith('cgc-flag') or v.startswith("random") for v in list(c.variables)):
concrete = next(a for a in c.args if not a.symbolic)
symbolic = next(a for a in c.args if a.symbolic)
replace_dict[symbolic.cache_key] = concrete
replace_dict[symbolic.hash()] = concrete
cons = state.solver.constraints
new_cons = []
for c in cons:
Expand Down
4 changes: 2 additions & 2 deletions rex/exploit/cgc/cgc_exploit.py
Original file line number Diff line number Diff line change
Expand Up @@ -618,10 +618,10 @@ def filter_uncontrolled_constraints(state):
# operations have to be done concretely and constrain the flagpage
# to being a single value
# we do not remove zen constraints
zen_cache_keys = set(x.cache_key for x in state.get_plugin("zen_plugin").zen_constraints)
zen_cache_keys = set(x.hash() for x in state.get_plugin("zen_plugin").zen_constraints)
new_cons = [ ]
for con in state.solver.constraints:
if con.cache_key in zen_cache_keys or \
if con.hash() in zen_cache_keys or \
not all(v.startswith("cgc-flag") or v.startswith("random") for v in con.variables):
new_cons.append(con)

Expand Down
8 changes: 4 additions & 4 deletions rex/exploit/techniques/explore_for_exploit.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ def __init__(self, start_addr, assigned_start):
self.max_start = 0
self.assigned_start = assigned_start
self.offset_to_data = dict()
self.all_addr_keys = {start_addr.cache_key}
self.all_addr_keys = {start_addr.hash()}


class AttackAddr(object):
Expand Down Expand Up @@ -89,7 +89,7 @@ def assign_write(self, addr, data, state):
min_addr = (mem_range.min_start-offset) & 0xffffffff
max_addr = (mem_range.max_start-offset) & 0xffffffff

mem_range.all_addr_keys.add(addr.cache_key)
mem_range.all_addr_keys.add(addr.hash())
mem_range.offset_to_data[offset] = data
self.writes.append(WriteInfo(addr, data, min_addr, max_addr, assigned, mem_range))
return assigned
Expand Down Expand Up @@ -132,7 +132,7 @@ def assign_read(self, addr, data, state):
min_addr = (mem_range.min_start-offset) & 0xffffffff
max_addr = (mem_range.max_start-offset) & 0xffffffff

mem_range.all_addr_keys.add(addr.cache_key)
mem_range.all_addr_keys.add(addr.hash())
self.reads.append(ReadInfo(addr, data, min_addr, max_addr, assigned, mem_range))
return assigned

Expand Down Expand Up @@ -296,7 +296,7 @@ def mem_read_hook_after(self, state):
state.add_constraints(replacement == data)

state.get_plugin("address_tracker").read_constraints.append(replacement == data)
state.get_plugin("address_tracker").read_replacements[replacement.cache_key] = data
state.get_plugin("address_tracker").read_replacements[replacement.hash()] = data

@staticmethod
def addr_analyze(addr, state):
Expand Down
2 changes: 1 addition & 1 deletion rex/pov_fuzzing/fuzzing_type_2.py
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ def _fix_reg_vals(self, reg_vals):
# if we have an ast fix it!
out_val = self.addr_ast
reg_vals2 = {self._reg_asts[r]: claripy.BVV(v, 32) for r, v in reg_vals.items() if r in CGC_GENERAL_REGS}
replace_dict = {a.cache_key: b for a, b in reg_vals2.items()}
replace_dict = {a.hash(): b for a, b in reg_vals2.items()}
out_val = out_val.replace_dict(replace_dict)
if out_val.symbolic:
raise CannotExploit("symbolic value after replacing regs")
Expand Down

0 comments on commit 5817d5f

Please sign in to comment.