GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ChrisTheCoolHut → Instruction-Stomp

ChrisTheCoolHut / Instruction-Stomp

Licence: other
Cross-architecture instruction counting for CTF solving

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects
c
50402 projects - #5 most used programming language

Labels

qemuctfinstruction-counting

Projects that are alternatives of or similar to Instruction-Stomp

2020p
WeCTF 2020+ Source Code & Organizer's Writeup
Stars: ✭ 22 (-31.25%)
Mutual labels:  ctf
Eruditus
Discord CTF helper bot for CyberErudites
Stars: ✭ 34 (+6.25%)
Mutual labels:  ctf
writeups
Writeups for vulnerable machines.
Stars: ✭ 110 (+243.75%)
Mutual labels:  ctf
qemu-arm
Approximation Raspberry Pi Emulator in Docker Container
Stars: ✭ 31 (-3.12%)
Mutual labels:  qemu
writeUp
My write-up on TryHackMe, HackTheBox, and CTF.
Stars: ✭ 58 (+81.25%)
Mutual labels:  ctf
ctf
repo for ctf
Stars: ✭ 22 (-31.25%)
Mutual labels:  ctf
byok
A bare-metal x86 Forth interpreter & compiler
Stars: ✭ 48 (+50%)
Mutual labels:  qemu
qinst
Draft of generic instrumentation tool based on QEMU using eBPF to implement trivial instrumentations with trivial code
Stars: ✭ 17 (-46.87%)
Mutual labels:  qemu
PTE
Platform Test Edition
Stars: ✭ 18 (-43.75%)
Mutual labels:  ctf
ctf-primer
Textbook with chapters for each usual picoCTF challenge category.
Stars: ✭ 20 (-37.5%)
Mutual labels:  ctf
ctftime.org
meta repository for ctftime.org issues, feature-requests etc
Stars: ✭ 64 (+100%)
Mutual labels:  ctf
jerseyctf-2021-challenges
JerseyCTF 2021
Stars: ✭ 22 (-31.25%)
Mutual labels:  ctf
HackerOne-Lessons
Transcribed video lessons of HackerOne to pdf's
Stars: ✭ 104 (+225%)
Mutual labels:  ctf
xeca
PowerShell payload generator
Stars: ✭ 103 (+221.88%)
Mutual labels:  ctf
kar98k public
pwn & ctf tools for windows
Stars: ✭ 24 (-25%)
Mutual labels:  ctf
noxCTF-2018-PSRF-as-Pwn
No description or website provided.
Stars: ✭ 50 (+56.25%)
Mutual labels:  ctf
eth-challenge-base
xinetd docker for building ethereum contract challenges
Stars: ✭ 74 (+131.25%)
Mutual labels:  ctf
game-of-thrones-hacking-ctf
Game of Thrones hacking CTF (Capture the flag)
Stars: ✭ 57 (+78.13%)
Mutual labels:  ctf
pagebuster
PageBuster - dump all executable pages of packed processes.
Stars: ✭ 188 (+487.5%)
Mutual labels:  qemu
ghidra2dwarf
🐉 Export ghidra decompiled code to dwarf sections inside ELF binary
Stars: ✭ 135 (+321.88%)
Mutual labels:  ctf
View All Similar Projects ➔

Instruction Stomp

Another instruction counting tool. This one uses QEMU and celery to count instructions and run in parallel. It works cross architecture, so ARM/MIPS/PPC binaries should all be supported.

Instruction Stomp

Install

This project uses python3

sudo apt install qemu-user rabbitmq-server
pip3 install tqdm celery numpy pyelftools

Usage

Setup celery worker in Instruction Stomp Directory:

# python3 -m celery -A lib.celery_tasks worker --loglevel=info
celery -A lib.celery_tasks worker --loglevel=info
$ python3 InstStomp.py -h
usage: InstStomp.py [-h] (--stdin | --arg) [-i INPUTLENGTH] [-r] [-g] [-c INPUTCHECKCOUNT]
                    [--exec] [-v] [--curr CURR] [--curr_iter CURR_ITER]
                    File

positional arguments:
  File                  File to analyze

optional arguments:
  -h, --help            show this help message and exit
  --stdin               Send inputs through STDIN
  --arg                 Send inputs through argv[2]
  -i INPUTLENGTH, --inputLength INPUTLENGTH
                        Length of input
  -r, --reverse         Reverse input checking
  -g, --getLength       Get input length
  -c INPUTCHECKCOUNT, --inputCheckCount INPUTCHECKCOUNT
                        How much length to check
  --exec                Use exec qemu mode
  -v, --verbose         enable debug output
  --curr CURR           Current input to start with
  --curr_iter CURR_ITER
                        Skip to this value

Examples

Get user input length:

$ python3 InstStomp.py -g -c 30  --stdin challenges/wyvern_c85f1be480808a9da350faaa6104a19b 
[~] Running input length check:  67%|██████████████████████████████████████                   | 20/30 [00:03<00:01,  6.31it/s]
[[0, 337770], [1, 337562], [2, 337823], [3, 337823], [4, 337821], [5, 337821], [6, 337821], [7, 337821], [8, 337820], [9, 337820], [10, 337820], [11, 337820], [12, 337820], [13, 337820], [14, 337820], [15, 337820], [16, 337822], [17, 337826], [18, 337826], [19, 337826], [20, 337826], [21, 337826], [22, 337826], [23, 337826], [24, 337826], [25, 337826], [26, 337826], [27, 337826], [28, 337826], [29, 339147]]
Input Length: 29

Solve for binary stdin:

$ ./InstStomp.py --stdin -i 25 -r challenges/ELF-NoSoftwareBreakpoints 
[~] Running on position 24:   0%|                                                                     | 0/100 [00:00<?, ?it/s]
AAAAAAAAAAAAAAAAAAAAAAAAS
[~] Running on position 23:   0%|                                                                     | 0/100 [00:00<?, ?it/s]
AAAAAAAAAAAAAAAAAAAAAAAkS
[~] Running on position 22:   0%|                                                                     | 0/100 [00:00<?, ?it/s]
AAAAAAAAAAAAAAAAAAAAAAckS
... SNIP ...
[~] Running on position 2:   0%|                                                                      | 0/100 [00:00<?, ?it/s]
AArdW@re_Br3akPoiNT_r0ckS
[~] Running on position 1:   0%|                                                                      | 0/100 [00:00<?, ?it/s]
AardW@re_Br3akPoiNT_r0ckS
[~] Running on position 0:   0%|                                                                      | 0/100 [00:00<?, ?it/s]
HardW@re_Br3akPoiNT_r0ckS
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].