move 11 to python3/jinja

11_angr_sim_scanf/11_angr_sim_scanf.c.jinja

@@ -0,0 +1,54 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#define USERDEF0 "{{ userdef }}"
+#define LEN_USERDEF {{ len_userdef }}
+
+char msg[] = "{{ description }}";
+
+char padding0[{{ padding0 }}];
+char buffer1[5];
+char padding1[{{ padding1 }}];
+char buffer0[5];
+char padding2[{{ padding2 }}];
+
+void print_msg() {
+  printf("%s", msg);
+}
+
+int complex_function(int value, int i) {
+#define LAMBDA 29
+  if (!('A' <= value && value <= 'Z')) {
+    printf("Try again.\n");
+    exit(1);
+  }
+  return ((value - 'A' + (LAMBDA * i)) % ('Z' - 'A' + 1)) + 'A';
+}
+
+int main(int argc, char* argv[]) {
+  char password[20];
+  int keep_going = 1;
+  unsigned int x = 0xDEADBEEF;
+
+  //print_msg();
+
+  memset(password, 0, 20);
+  strncpy(&password[0], USERDEF0, LEN_USERDEF);
+
+  /* complex function on password */
+  for (int j=0; j<8; ++j) {
+    password[j] = complex_function(password[j], j);
+  }
+
+  printf("Enter the password: ");
+
+  {{ recursive_if_else }}
+
+  if (!keep_going) {
+    printf("Try again.\n");
+  } else {
+    printf("Good Job.\n");
+  }
+}

11_angr_sim_scanf/generate.py

@@ -1,7 +1,21 @@
 #!/usr/bin/env python3
-
-import sys, random, os, tempfile
-from templite import Templite
+import sys, random, os, tempfile, jinja2
+
+def generate_true_statement(variable, value):
+  random_int = random.randint(0, 0xFFFFFFFF)
+  value_xor_int = value ^ random_int
+  return '(!(' + variable + ' ^ ' + str(random_int) + ' ^ ' + str(value_xor_int) + '))'
+
+def recursive_if_else(variable, value, end_statement, depth):
+  if depth == 0:
+    return end_statement
+  else:
+    if_true = random.choice([True, False])
+    if (if_true):
+      ret_str = 'if (' + generate_true_statement(variable, value) + ') {' + recursive_if_else(variable, value, end_statement, depth - 1) + '} else {' + recursive_if_else(variable, value, end_statement, depth - 1) + '}'
+    else:
+      ret_str = 'if (!' + generate_true_statement(variable, value) + ') {' + recursive_if_else(variable, value, end_statement, depth - 1) + '} else {' + recursive_if_else(variable, value, end_statement, depth - 1) + '}'
+    return ret_str
 
 def generate(argv):
   if len(argv) != 3:
@@ -10,15 +24,24 @@ def generate(argv):
 
   seed = argv[1]
   output_file = argv[2]
-
   random.seed(seed)
 
-  description = ''
-  with open(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'description.txt'), 'r') as desc_file:
-    description = desc_file.read().encode('unicode_escape')
-
-  template = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), '11_angr_sim_scanf.c.templite'), 'r').read()
-  c_code = Templite(template).render(description=description)
+  userdef_charset = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+  userdef = ''.join(random.choice(userdef_charset) for _ in range(8))
+  padding0 = random.randint(0, 2**16)
+  padding1 = random.randint(0, 2**16)
+  padding2 = random.randint(0, 2**16)
+
+  statement = """
+    scanf("%u %u", (uint32_t*) buffer0, (uint32_t*) buffer1);
+    keep_going = keep_going && !strncmp(buffer0, &password[0], 4) && !strncmp(buffer1, &password[4], 4);
+  """
+  recursive_if_else_string = recursive_if_else('x', 0xDEADBEEF, statement, 8)
+
+  template = open(os.path.join(os.path.dirname(os.path.realpath(__file__)), '11_angr_sim_scanf.c.jinja'), 'r').read()
+  t = jinja2.Template(template)
+  c_code = t.render(description='', userdef=userdef, len_userdef=len(userdef), padding0=padding0, padding1=padding1, padding2=padding2, recursive_if_else=recursive_if_else_string)
+  print(c_code)
 
   with tempfile.NamedTemporaryFile(delete=False, suffix='.c', mode='w') as temp:
     temp.write(c_code)