1.5.4 minor quality changes

+ aliases now support bytearrays fix #7
+ changed from ataka to general ad template
+ added cpad alias

Author: gfelber

README.md

@@ -157,8 +157,4 @@ Using gdbserver and gdb to index libraries can be very slow. Therefore an experi
 ### Better Docker integration
 
 - migrate away from ssh (attach from host) to get lower latency
-- additionally virtualize containers (Qemu) in order to change the used kernel.
-
-### Qemu user
-
-- add templates that make use of pwntools qemu-user integration
+- additionally virtualize containers (Qemu) in order to change the used kernel

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "vagd"
-version = "1.5.3"
+version = "1.5.4"
 authors = [{ name = "0x6fe1be2" }]
 description = "VirtuAlization GDb integrations in pwntools"
 readme = "README.md"

src/vagd/cli.py

@@ -25,8 +25,8 @@
 VAGD_BOX = "Box.VAGRANT_JAMMY64"
 VAGD = "vm = Vagd(BINARY, {box}, {args})  # Vagrant"
 
-ATAKA_ENV = """# ataka envs
-ATAKA  = os.getenv('TARGET_IP') is not None           # running on ataka
+AD_ENV = """# ad envs
+IS_AD  = os.getenv('TARGET_IP') is not None           # running on ad
 IP     = os.getenv('TARGET_IP', IP)                   # remote ip
 EXTRA  = json.loads(os.getenv('TARGET_EXTRA', '[]'))  # flag ids"""
 
@@ -128,9 +128,7 @@ def template(
   vbox: Optional[str] = typer.Option(VAGD_BOX, "--vbox", help="vagrant box to use"),
   shgd: Optional[bool] = typer.Option(False, "--shgd", "--ssh", "-s", help="create ssh template"),
   local: Optional[bool] = typer.Option(False, "--local", help="create local template"),
-  ataka: Optional[bool] = typer.Option(
-    False, "--ataka", help="create an ataka compatible template"
-  ),
+  ad: Optional[bool] = typer.Option(False, "--ad", help="create an ad compatible template"),
   root: Optional[bool] = typer.Option(False, "--root", "-r", help="create a root environment"),
   no_aliases: Optional[bool] = typer.Option(
     False, "--no-aliases", help="no aliases in the template"
@@ -185,7 +183,7 @@ def template(
     args["files"] = "[" + ",".join(f"'{file}'" for file in files) + "]"
 
   modules = list()
-  if ataka:
+  if ad:
     modules.append("json")
 
   args["ex"] = "True"
@@ -228,12 +226,12 @@ def template(
     ip=quote(ip),
     port=str(port),
     env=repr(env),
-    ataka_env=ATAKA_ENV if ataka else "",
+    ad_env=AD_ENV if ad else "",
     vms=("\n" + " " * 4).join(vms),
     libc=quote(libc),
     aslr=repr(aslr),
     is_local=True if local else "args.LOCAL",
-    is_ataka=" or ATAKA" if ataka else "",
+    is_ad=" or IS_AD" if ad else "",
     info=info,
   )
 

src/vagd/res/aliases.txt

@@ -7,15 +7,16 @@ linfo = lambda x, *a: log.info(x, *a)
 lwarn = lambda x, *a: log.warn(x, *a)
 lerr  = lambda x, *a: log.error(x, *a)
 lprog = lambda x, *a: log.progress(x, *a)
+lhex  = lambda x, y="leak": linfo(f"0x{x:016x} <- {y}")
+phex  = lambda x, y="leak": print(f"0x{x:016x} <- {y}")
 
 # type manipulation
-byt   = lambda x: x if isinstance(x, bytes) else f"{x}".encode()
-phex  = lambda x, y="leak": print(f"0x{x:016x} <- {y}")
-lhex  = lambda x, y="leak": linfo("0x%016x <- %s", x, y)
+byt   = lambda x: x if isinstance(x, (bytes, bytearray)) else f"{x}".encode()
 rpad  = lambda x, s=8, v=b"\0": x.ljust(s, v)
 lpad  = lambda x, s=8, v=b"\0": x.rjust(s, v)
-hpad  = lambda x, s=None: f"%0{((x.bit_length() // 8) + 1) * 2 if s is None else s}x" % x
+hpad  = lambda x, s=0: f"%0{s if s else ((x.bit_length() // 8) + 1) * 2}x" % x
 upad  = lambda x: u64(rpad(x))
+cpad  = lambda x, s: byt(x) + cyc(s)[len(byt(x)):]
 tob   = lambda x: bytes.fromhex(hpad(x))
 
 # elf aliases

src/vagd/res/template.txt

@@ -11,7 +11,7 @@ PORT   = {port:<44s} # remote PORT
 BINARY = {binary:<44s} # PATH to local binary
 ARGS   = []                                           # ARGS supplied to binary
 ENV    = {env:<44s} # ENV supplied to binary
-{ataka_env}
+{ad_env}
 # GDB SCRIPT, executed at start of GDB session (e.g. set breakpoints here)
 GDB    = f"""
 set follow-fork-mode parent
@@ -23,28 +23,29 @@ context.aslr = {aslr:<5s}                                  # ASLR enabled (only
 
 {aliases}
 
-vm = None
 # setup vagd vm
-def setup():
+def setup() -> object | None:
   global vm
-  if args.REMOTE or {is_local}{is_ataka}:
-    return
+  if args.REMOTE or {is_local}{is_ad}:
+    return None
 
   try:
     # only load vagd if needed
     from vagd import {dependencies}, Box
-  except:
-    log.error('Failed to import vagd, either run locally using LOCAL or install it')
+  except ModuleNotFoundError:
+    log.error('Failed to import vagd, run LOCAL/REMOTE or install it')
   if not vm:
     {vms}
   if vm.is_new:
     # additional setup here
     log.info('new vagd instance')
 
+  return vm
+
 
 # get target (pwnlib.tubes.tube)
 def get_target(**kw) -> tubes.tube:
-  if args.REMOTE{is_ataka}:
+  if args.REMOTE{is_ad}:
     # context.log_level = 'debug'
     return remote(IP, PORT)
 
@@ -56,7 +57,7 @@ def get_target(**kw) -> tubes.tube:
   return vm.start(argv=ARGS, env=ENV, gdbscript=GDB, **kw)
 
 
-setup()
+vm = setup()
 
 #===========================================================
 #                   EXPLOIT STARTS HERE

test/test.py

@@ -143,6 +143,21 @@ def virts():
     vm._ssh.close()
 
     os.system("vagd clean")
+    sleep(1)
+    stage("Testing Docker for Alpine (root)")
+    vm = Dogd(
+      exe.path,
+      image=Box.DOCKER_ALPINE,
+      user='root',
+      tmp=True,
+      ex=True,
+      fast=True,
+    )
+    assert vm.is_new, "vm should be new"
+    yield vm
+    vm._ssh.close()
+
+    os.system("vagd clean")
 
   stage("Testing Qemu")
   vm = Qegd(