Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Match against local system libc first in libcdb #2325

Merged
merged 5 commits into from
Jan 30, 2024
Merged

Match against local system libc first in libcdb #2325

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1711b5d
Match against local system libc first in libcdb
peace-maker Jan 2, 2024
5a388b2
Update CHANGELOG
peace-maker Jan 2, 2024
a76fabe
Handle missing SHELL envvar
peace-maker Jan 2, 2024
4a19db2
Fix hash lookup
peace-maker Jan 2, 2024
509df40
Merge branch 'dev' into libcdb_local_libc
peace-maker Jan 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ The table below shows which release corresponds to each branch, and what date th
- [#2189][2189] Explicitly define p64/u64 functions for IDE support
- [#2339][2339] Fix: Allow setting attributes on gdb Breakpoints
- [#2323][2323] Retry failed lookups after one week in libcdb
- [#2325][2325] Match against local system libc first in libcdb

[2242]: https://github.com/Gallopsled/pwntools/pull/2242
[2277]: https://github.com/Gallopsled/pwntools/pull/2277
Expand All @@ -101,6 +102,7 @@ The table below shows which release corresponds to each branch, and what date th
[2189]: https://github.com/Gallopsled/pwntools/pull/2189
[2339]: https://github.com/Gallopsled/pwntools/pull/2339
[2323]: https://github.com/Gallopsled/pwntools/pull/2323
[2325]: https://github.com/Gallopsled/pwntools/pull/2325

## 4.12.0 (`beta`)

Expand Down
26 changes: 24 additions & 2 deletions pwnlib/libcdb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,20 @@
from pwnlib.log import getLogger
from pwnlib.tubes.process import process
from pwnlib.util.fiddling import enhex
from pwnlib.util.hashes import sha1filehex, sha256filehex, md5filehex
from pwnlib.util.misc import read
from pwnlib.util.misc import which
from pwnlib.util.misc import write
from pwnlib.util.web import wget

log = getLogger(__name__)

HASHES = ['build_id', 'sha1', 'sha256', 'md5']
HASHES = {
'build_id': lambda path: enhex(ELF(path, checksec=False).buildid or b''),
'sha1': sha1filehex,
'sha256': sha256filehex,
'md5': md5filehex,
}
DEBUGINFOD_SERVERS = [
'https://debuginfod.elfutils.org/',
]
Expand Down Expand Up @@ -104,7 +110,23 @@ def provider_libc_rip(hex_encoded_id, hash_type):
return None
return data

PROVIDERS = [provider_libcdb, provider_libc_rip]
# Check if the local system libc matches the requested hash.
def provider_local_system(hex_encoded_id, hash_type):
if hash_type == 'id':
return None
shell_path = os.environ.get('SHELL', None) or '/bin/sh'
if not os.path.exists(shell_path):
log.debug('Shell path %r does not exist. Skipping local system libc matching.', shell_path)
return None
local_libc = ELF(shell_path, checksec=False).libc
if not local_libc:
log.debug('Cannot lookup libc from shell %r. Skipping local system libc matching.', shell_path)
return None
if HASHES[hash_type](local_libc.path) == hex_encoded_id:
return local_libc.data
return None

PROVIDERS = [provider_local_system, provider_libcdb, provider_libc_rip]

def search_by_hash(hex_encoded_id, hash_type='build_id', unstrip=True):
assert hash_type in HASHES, hash_type
Expand Down
Loading