teether/exploit_info.py at master · Rotaba/teether · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/usr/bin/env python2.7


INTERESTING_INS = ('CALL', 'CALLCODE', 'DELEGATECALL', 'SUICIDE', 'RETURN', 'STOP')

if __name__ == '__main__':
    import sys
    import json

    if len(sys.argv) < 3:
        print >> sys.stderr, "Usage: %s <project.json> <exploit.json>" % sys.argv[0]
        sys.exit(-1)

    with open(sys.argv[2]) as f:
        exploit_dict = json.load(f)

    if not 'type' in exploit_dict:
        from ethanalyze.project import Project
        with open(sys.argv[1]) as f:
            project_dict = json.load(f)

        p = Project.from_json(project_dict)

        last_path = max(exploit_dict['paths'], key=lambda x: x['index'])['path']

        # extend buggy paths...
        last_ins = p.prg[last_path[-1]]
        bb = last_ins.bb
        idx = bb.ins.index(last_ins)
        for ins in bb.ins[idx:]:
            if ins.name in INTERESTING_INS:
                break
        if ins.addr != last_path[-1]:
            last_path.append(ins.addr)

        vuln_ins = p.prg[last_path[-1]]

        exploit_dict['type'] = vuln_ins.name

        with open(sys.argv[2], 'w') as f:
            json.dump(exploit_dict, f)

    print exploit_dict['type']